function Update-AWSAccessKey { <# .SYNOPSIS Update the AWS access key and secret in a reasonable fashion .PARAMETER RoleToReplaceFor The role you are replacing the key value for. Example: [teamcity-packer] or [Prod] .PARAMETER Key The value given by the Access Key ID for AWS when choosing a new IAM Access Key .PARAMETER Secret The value given by the secret for AWS when choosing a new IAM Access Key .PARAMETER ComputerName Denotes the computers you wish to change the value on .PARAMETER Force Will create the value if it does not exist #> param ( [Parameter(Mandatory = $true, Position = 0)] [ValidateNotNullOrEmpty()] [Alias('ProfileName')] [string]$RoleToReplaceFor, [Parameter(Mandatory = $true, Position = 1)] [ValidateNotNullOrEmpty()] [Alias('Key')] [string]$AccessKeyId, [Parameter(Mandatory = $true, Position = 2)] [ValidateNotNullOrEmpty()] [Alias('Secret')] [string]$AccessKeySecret, [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] [Alias('Servers')] [string[]]$ComputerName = (Get-CachedInstances -ProfileName temp-prod -TeamCity).Hostname, [Parameter(Mandatory = $false)] [Alias('Create')] [switch]$Force ) $logLead = Get-LogLeadName if (-not $RoleToReplaceFor.StartsWith("[")) { $RoleToReplaceFor = "[$RoleToReplaceFor" } if (-not $RoleToReplaceFor.EndsWith("]")) { $RoleToReplaceFor = "$RoleToReplaceFor]" } Write-Host "$logLead : Replacing key for profile $RoleToReplaceFor with key: $AccessKeyId" Invoke-Command -ComputerName $ComputerName -ArgumentList ($RoleToReplaceFor , $AccessKeyId, $AccessKeySecret, $Force) -ScriptBlock { param ($sb_role, $sb_keyId, $sb_keySecret, $sb_force) $userPaths = @("C:\Users\ci.migrate`$\.aws\credentials", "C:\Users\dev.migrate`$\.aws\credentials", "C:\Users\qa.migrate`$\.aws\credentials", "C:\Users\jumpbox.jenkins\.aws\credentials") foreach ($path in $userPaths) { if (-not (Test-Path -Path $path)) { continue } if ((Select-String -Path $path -Pattern $sb_keyId -SimpleMatch) -and (Select-String -Path $path -Pattern $sb_keySecret -SimpleMatch)) { Write-Host "$env:COMPUTERNAME $path - File already matched" return } if (-not (Select-String -Path $path -Pattern $sb_role -SimpleMatch) -and -not $sb_force) { Write-Host "$env:COMPUTERNAME $path - File does not contain profile, and force was not supplied" return } Write-Host "Backing up and saving $env:COMPUTERNAME $path" Copy-Item -Path $path -Destination "$path.bak.$([Math]::Floor((Get-Date -UFormat "%s")))" try { $nextLine = $false $replacedKeyId = $false $replacedKeySecret = $false $lines = ((Get-Content -Path $path) | ForEach-Object { if ($nextLine) { if ($_.Trim().StartsWith("aws_access_key_id")) { if ($replacedKeyId -eq $true) { throw "Attempted to set the key twice. Please confirm the file contents and try again $env:COMPUTERNAME $path" } Write-Output "aws_access_key_id = $sb_keyId" $replacedKeyId = $true if ($replacedKeySecret) { $nextLine = $false } } elseif ($_.Trim().StartsWith("aws_secret_access_key")) { if ($replacedKeySecret -eq $true) { throw "Attempted to set the secret twice. Please confirm the file contents and try again. $env:COMPUTERNAME $path" } Write-Output "aws_secret_access_key = $sb_keySecret" $replacedKeySecret = $true if ($replacedKeyId) { $nextLine = $false } } else { Write-Output $_ } } else { if ($_ -eq $sb_role) { $nextLine = $true } Write-Output $_ } }) if (-not $replacedKeyId -and -not $replacedKeySecret) { Write-Host "$env:COMPUTERNAME $path - Value for $sb_role not found" if ($sb_force) { # We didn't find the key, let's add it Write-Host "$env:COMPUTERNAME $path - Value for $sb_role not found, adding" $lines += $sb_role $lines += "aws_access_key_id = $sb_keyId" $lines += "aws_secret_access_key = $sb_keySecret" } } else { if (($true -eq ($replacedKeyId -or $replacedKeySecret)) -and ($false -eq ($replacedKeyId -and $replacedKeySecret))) { # only one was set to true, not both throw "The key was not updated correctly. Please confirm the file contents and try again. $env:COMPUTERNAME $path" } } $lines | Set-Content -Path $path } catch {} } } }