Manage Amazon AWS S3 with PowerShell

• Author
• Recent Posts

Josh Rickard

Josh's primary focus is in Windows security and PowerShell automation. He is a GIAC Certified Windows Security Administrator (GCWN) and GIAC Certified Forensic Analyst (GCFA). You can reach Josh at MSAdministrator.com or on Twitter at @MS_dministrator.

Latest posts by Josh Rickard (see all)

• Search Event Logs and error codes with Netikus.net System32 - Thu, Jan 10 2019
• Netikus.net IPMon+ - GUI for ipmon.exe - Tue, Nov 20 2018
• Understanding PowerShell Begin, Process, and End blocks - Mon, Oct 15 2018

To follow this guide, you will need an AWS account and access keys. The AWS Tools for PowerShell run on Windows XP or later and PowerShell 2.0 or later. If you want to try the AWS Tools for PowerShell Core, you must have PowerShell 5.1 or later installed.

To install the AWS Tools for PowerShell, open up a PowerShell console and run this command:

Install-Package -Name AWSPowerShell

Once you've installed the AWS Tools for PowerShell, you can see the available cmdlets (hint, there are quite a few with the Get-AWSCmdletName cmdlet). The next example shows you how many cmdlets are available:

(Get-AWSCmdletName).Count

Run Get AWSCmdletName with the Count property

We should now proceed to identify which cmdlets are available to manage AWS S3 buckets (storage containers) and objects. You can view all available cmdlets Amazon provides and their documentation here. Additionally, in your PowerShell console you can run the following command to display the available cmdlets related to the S3 service:

Get-AWSCmdletName -Service S3

The PowerShell cmdlet for S3

Let's get started and create an S3 bucket. First, we have to store the parameters in a hash table. Then we can create the bucket with the New-S3Bucket cmdlet.

props = @{
    'BucketName' = 'my-test-bucket'
    'Region'     = 'us-east-1'
    'AccessKey'  = 'MY_AWS_ACCESS_KEY'
    'SecretKey'  = 'MY_AWS_SECRET_KEY'
}

New-S3Bucket @props

Additional parameters are available when creating a new AWS S3 Bucket. For instance, you can set the access rights on this bucket to either PublicReadOnly or PublicReadWrite. You can also set specific CannedACLs (access control lists) on both S3 buckets and S3 objects using the S3CannedACL parameter. However, this is beyond the scope of this post. You can find more information about S3CannedACL here.

If you would like to learn about the New-S3Bucket cmdlet, you can always use the built-in help:

Get-Help New-S3Bucket -Full

Now that we have a new AWS S3 bucket, we can now add an object that represents that bucket. There are different ways to do this, but I think this is the easiest way:

$props = @{
    'BucketName' = 'my-test-bucket'
    'Region'     = 'us-east-1'
    'AccessKey'  = 'MY_AWS_ACCESS_KEY'
    'SecretKey'  = 'MY_AWS_SECRET_KEY'
}

$S3Bucket = Get-S3Bucket @props

Once we have our $S3Bucket variable, we can add a new S3 object to our newly created S3 bucket. An S3 object can be anything you can store on a computer—an image, video, document, compiled code (binaries), or anything else. S3 objects can be anything with 1s or 0s. I have seen projects that store entire network log streams as files in an S3 bucket. They have their data analytics tools index right on Amazon S3.

Several available cmdlets allow us to view, copy, read, remove, and write S3 objects:

Copy-S3Object
Get-S3Object
Read-S3Object
Remove-S3Object
Restore-S3Object
Write-S3Object

You can also store entire websites in an S3 bucket, and each of these files would then be an S3 object. You can find more information about hosting an S3 website here or by running the following:

Get-Command -Name *S3*website*

Let's go ahead and add a new S3 object to our bucket. To do this, we are going to use another cmdlet: Write-S3Object.

$WriteProps = @{
    'BucketName' = 'my-test-bucket'    # S3 Bucket Name
    'Key'        = 'my-s3-file.log'    # Key used to identify the S3 Object
    'File'       = 'C:\my-s3-file.log' # Local File to upload
    'Region'     = 'us-east-1'         # AWS Region
    'AccessKey'  = 'MY_AWS_ACCESS_KEY' # AWS Account Access Key
    'SecretKey'  = 'MY_AWS_SECRET_KEY' # AWS Account Secret Key
}

Write-S3Object @WriteProps

We now have an Amazon AWS S3 bucket with a new S3 object (file). The Write-S3Object cmdlet has many optional parameters and allows you to copy an entire folder (and its files) from your local machine to a S3 bucket. You can also create content on your computer and remotely create a new S3 object in your bucket. With the help of the AWS PowerShell Tools, you can set parameters such as content type, metadata, ACLs, headers, access rights, and encryption. You will hardly miss a single feature when it comes to S3 buckets and S3 objects.

PowerShell is usually associated with Microsoft Azure. However, the AWS PowerShell Tools provide a PowerShell lover with a well-matched console and scripting environment to manage Amazon's cloud.