Creating and Managing AWS Snapshots in Powershell

Creating a snapshot of an Amazon Web Services EBS volume is a simple method to back up your AWS instances. For more details on AWS snapshots make sure to read this.

Below is a Powershell script I modified to

  • Create a snapshot of all EBS volumes tagged with “AWSBackupEnabled”=True
  • Tag new snapshots with the backup date (tag=BackupDate) and “AWSBackupEnabled”=True
  • Delete snapshots older than 14 days
  • Write results to a log file
  • Send an email with the log to notify the administrator(s) that the backup has completed.

The critical difference between this script and the original found here is the use of Amazon.EC2.Model.Filter, which is used to identify the assets you are working with. Somehow I could not get this code to work

so I modified it slightly

Here is the script:

 

 

Running an Office 365 Compliance Search using Powershell

Overview

Running a Content Search is fairly easy from within the Office 365 Security & Compliance Center but sometimes it will make sense to drop down into Powershell to run more complex queries.

Here are links to some of the more useful articles on this subject:

To build a query you will need to use KQL. Here is a good article on the syntax:
https://technet.microsoft.com/en-us/library/ms.exch.eac.searchquerylearnmore(v=exchg.150).aspx

NOTE: The Technote refers to AND and OR logical operators but in Powershell you have to use (c:c) for AND and (c:s) for OR.

Running a Complex Query in Powershell

Here is a script I wrote to run a more complex query when we had to search for a list of hundreds of document attachments within Office 365 for a Client.

NOTE: There is a limitation of the number of characters that can be in the query. No error is thrown if you run the script, it just returns incorrect results. That threw me off for a while, but if you edit the script from the Security & Compliance Center you will get an error

The property is too long. The maximum length is 16384 and the length of the value provided is 23966.

So we had to split up the query into several blocks to not exceed this limit of 16384 characters.

Deleting an Email using the Search & Compliance Center

This link describes how to delete an email message using the Search & Compliance Center:

https://support.office.com/en-us/article/Search-for-and-delete-email-messages-in-your-Office-365-organization-Admin-Help-3526fd06-b45f-445b-aed4-5ebd37b3762a

Example:

New-ComplianceSearch -Name "TestRemoveMessage" -ExchangeLocation All -ContentMatchQuery "subject:'This is a test' (c:c) From:'pschwarz@syndeotech.com'" New-ComplianceSearchAction -SearchName "TestRemoveMessage" -Purge -PurgeType SoftDelete

Replace SoftDelete with HardDelete to get rid of the message altogether (does not even show up in Deleted Items).

 

 

TIP How to Configure Email Notification for Windows Server Backup

Although it does not replace enterprise grade backups systems like Veeam or StorageCraft, Windows Server Backup works quite well for basic backup tasks. But it lacks any notification system on the progress of the backups. Here are two simple ways to set that up. First, this option uses the Event Viewer task:

Configure Email Notification for Windows Server Backup

And here is a more advanced and flexible approach using Powershell:

Email Notifications with Windows Server Backup

 

 

Using Saved Credentials in a Powershell Script

Purpose

Credentials stored in plain text format in a Powershell script is a security issue that needs to be avoided. This Technote describes a way to save the password in a file as a secure string which can be read back into a script for authentication.

Procedure

Check out this great post on this subject.

https://blog.kloud.com.au/2016/04/21/using-saved-credentials-securely-in-powershell-scripts/