public/Remove-AwsSecurityStack.ps1

function Remove-AwsSecurityStack {
<#
.SYNOPSIS
 
Removes a new AWS VCD stack on the f5 load balancer from a specified Jira Ticket.
Scrapes the parameters from tickets that look like
 
.PARAMETER crnumber
 
CR Number from Jira in the format "4340"
 
 
.EXAMPLE
 
 
 
 
#>

  [CmdletBinding()]
  param(

    [Alias("existing acl Name")]
    [ValidatePattern("[a-zA-Z]{2}-[0-9]*")]
    [Parameter(Mandatory = $true)]
    [string]$crnumber = '',

    [Parameter(Mandatory=$false)]
    [System.Management.Automation.PSCredential]$f5creds,

    [Parameter(Mandatory=$false)]
    [System.Management.Automation.PSCredential]$jiracreds,

   [Parameter(Mandatory = $false)]
    [string]$onrpemf5ip = 'onpremf5.boozallencsn.com',

    [Parameter(Mandatory = $false)]
    [string]$awsf5ip = 'ec2f5.boozallencsn.com',

    [Validateset('dev', 'prod')]
    [Parameter(Mandatory = $false)]
    [string]$role = 'prod'

  )

  process {

    #Set-JiraConfigServer -Server 'https://my.jira.server.com:8080' first time jira setup

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    if( $role -eq 'dev' ){ 
        $vpnrole = "aggregate_acl_act_full_resource_assign_ag"
    }

    else { $vpnrole = "acl_1_act_full_resource_assign_ag" }



    Write-Output "Please enter your Jira credentials."

    #if creds are null
    if( !($jiracreds) ) {

        $jiracreds = Get-Credential -Message "Please enter credentials to access Jira"
    }

    $jiraSesh = New-JiraSession -Credential $jiracreds -ErrorAction Stop

    if ([string]::IsNullOrEmpty($jiraSesh)) {

      Write-Warning "Jira session has expired, or bad username and password."

      break

    }

    $awsId = Get-AwsIdFromJira -crNumber "$crnumber"

    if ([string]::IsNullOrEmpty($awsID)) {

      Write-Warning "Jira was unable to locate ticked based on $crNumber"

      break

    }

         try {
          #f5 null creds
          if( !($f5creds) ) {
              Write-Output "Please enter you F5 credentials."
              $f5creds = Get-Credential -Message "Please enter credentials to access the F5 load balancer"
          }
          $Global:F5Session = New-F5Session -LTMName $onrpemf5ip -LTMCredentials $f5creds -Default -PassThru -ErrorAction Stop

         }

        catch {

          Write-Warning "F5 was unable to connect please check your username, password, and network connection."
          $_.Exception.Message
          break

        }

    try {
      Write-Output "Removing existing Role mapping......"
      Remove-APMRole -acl $awsId -group $awsID -name $vpnrole | Out-Null
      Write-Output "Removed $awsId mapping from group $awsId"
    }
    catch {
      Write-Warning "Removing APM Role mapping failed."
      $_.ErrorDetails.Message
      break
    }

    try {
      Write-Output "Removing ACl......"
      Remove-Acl -name $awsId | Out-Null
      Write-Output "Removed ACL $awsID."
    }

    catch {
      Write-Warning "Removing ACL failed."
      $_.Exception.ErrorDetails
      break
    }

    Write-Output "Update APM Policy......"

    try{
      Update-APMPolicy -Name "CSN_VPN_Streamlined" -ErrorAction Stop | Write-Verbose
      Write-Output "Policy Updated"
    }

    catch{
      Write-Warning "Updating APM Policy failed."
      $_.Exception.Message
      break
    }

    try{
      Write-Output "Syncing Device to Group......"
      Sync-DeviceToGroup -GroupName "Sync_Group" | Write-Verbose
      Write-Output "Synced"
    }
    catch{
      Write-Warning "Syncing Device to Group failed."
      $_.Exception.Message
      break
    }
  #============================================================================================================
  #Add Same ACL build to AWS F5
  
   try {

          Write-Output "Connecting to AWS F5 (ec2f5.boozallencsn.com)......"
          $Global:F5Session = New-F5Session -LTMName $awsf5ip -LTMCredentials $creds -Default -PassThru -ErrorAction Stop
          Write-Output "OK. Connected to AWS F5!"
         }

  catch {

          Write-Warning "F5 was unable to connect please check your username, password, and network connection."
          $_.Exception.Message
          break

        }

    try {  
      Write-Output "Removing existing Role mapping......"
      Remove-APMRole -acl $awsId -group $awsID -name $vpnrole | Out-Null
      Write-Output "Removed $awsId mapping from group $awsId"
    }
    catch {
      Write-Warning "Removing APM Role mapping failed."
      $_.ErrorDetails.Message
      break
    }

    try {
      Write-Output "Removing ACl......"
      Remove-Acl -name $awsId | Out-Null
      Write-Output "Removed ACL $awsID."
    }

    catch {
      Write-Warning "Removing ACL failed."
      $_.ErrorDetails
      break
    }

   

    try{
      Write-Output "Update APM Policy......"
      Update-APMPolicy -Name "CSN_VPN_Streamlined" -ErrorAction Stop | Write-Verbose
      Write-Output "Policy Updated"
    }

    catch{
      Write-Warning "Updating APM Policy failed."
      $_.Exception.Message
      break
    }

    try{
      
      #Close out Comments
      Add-JiraIssueComment -Comment "Core Services VPN Config Removal Complete" -Issue $crnumber -VisibleRole 'All Users' | Out-Null
      Write-Output "[Added Closing Comment]......"
    }

    catch{
      Write-Warning "Updating Jira comments failed."
      $_.Exception.Message
      break
    }

    try{
         #Close Out Ticket
      Get-JiraIssue -Key $crnumber | Invoke-JiraIssueTransition -Transition 81 | Out-Null
      Write-Output "Ticket Closed......"
      Write-Output "VPN Removal Complete!"
    }

    catch{
      Write-Warning "Updating Jira comments failed."
      $_.Exception.Message
      break
    }

  }
   
  }#end function brace