public/New-AwsSubnet.ps1

function New-AwsSubnet {
<#
.SYNOPSIS
 
Creates a new project VPN config for a specified subnet and group.
 
This cmdlet is used when a new environment needs vpn configuration setup but there isn't a properly formed ticket to scrape from.
Example use cases would be new on-prem projects etc.
 
.PARAMETER awsID
 
The AD group that wil be used for both the ACL name and the the LDAP mapping. Generally this is an AWS Account but could also be something like BLUE_DNS
 
.PARAMETER subnet
 
The subnet you wish to use to create the default ACL with
 
.PARAMETER f5creds
 
Powershell crednetial object containing F5 login credentials. Can be omitted or passed to save time.
 
.PARAMETER jiracreds
 
Powershell crednetial object containing F5 login credentials. Can be omitted or passed to save time.
 
.PARAMETER onpremf5ip
 
IP or DNS of onpremise F5 device. Defaults to onpremf5.boozallencsn.com and generally can be omitted.
 
.PARAMETER awsf5ip
 
IP or DNS of AWS F5 device in VCD. Defaults to ec2f5.boozallencsn.com and generally can be omitted.
 
.PARAMETER role
 
Switch paramter for dev or prod. Defaults to prod if omitted.
 
.EXAMPLE
 
New-AWSSubnet -awsID AWS_0989809809808 -subnet 10.22.33.0/24
 
Creates a new allow ACL for the default port range to 10.22.33.0/24 and maps AD group AWS_0989809809808 to this ACL
.Notes
 
  It is required that the jirasever have been set using JiraPS module Set-JiraConfigServer -Server 'https://my.jira.server.com:8080'
 
#>

  [CmdletBinding()]
  param(

    [Parameter(Mandatory = $true)]
    [string]$awsId = '',

    [Parameter(Mandatory = $true)]
    [string]$subnet = '',

    [Parameter(Mandatory = $false)]
    [string]$onrpemf5ip = 'onpremf5.boozallencsn.com',

    [Parameter(Mandatory = $false)]
    [string]$awsf5ip = 'ec2f5.boozallencsn.com',

    [Validateset('dev', 'prod')]
    [Parameter(Mandatory = $false)]
    [string]$role = 'prod'

  )

  process {

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    if( $role -eq 'dev' ){ 
        $vpnrole = "aggregate_acl_act_full_resource_assign_ag"
    }

    else { $vpnrole = "acl_1_act_full_resource_assign_ag" }

         try {

          Write-Output "Please enter you F5 credentials."
          $creds = Get-Credential -Message "Please enter credentials to access the F5 load balancer"
          $Global:F5Session = New-F5Session -LTMName $onrpemf5ip -LTMCredentials $creds -Default -PassThru -ErrorAction Stop

         }

        catch {

          Write-Warning "F5 was unable to connect please check your username, password, and network connection."
          $_.Exception.Message
          break

        }

    try {
      Write-Output "Adding new ACL......"
      $aclOrder = (Get-NextAclOrder)
      New-DefaultAcl -Name $awsId -subnet $subnet -aclOrder $aclOrder -ErrorAction Stop | Write-Verbose
      Write-Output "Added $($awsId) with subnet $($subnet)"
    }
    catch {
      Write-Warning "Adding ACL failed."
      $_.ErrorDetails.Message
      break
    }

    try {
      Write-Output "Mapping ACl to VPN access role......"
      Add-APMRole -Name $vpnrole -acl $awsId -group $awsId -ErrorAction stop | Write-Verbose
      Write-Output "Mapped ACL $($awsId) to group $($awsId)."
    }

    catch {
      Write-Warning "Mapping ACL to VPN role failed."
      $_.Exception.Message
      Write-Output "Rolling back changes......"
      Remove-Acl -name $awsId
      Write-Output "ACL $($awsId) has been removed."
      break
    }

    Write-Output "Apply APM Policy......"

    try{
      Update-APMPolicy -Name "CSN_VPN_Streamlined" -ErrorAction Stop | Write-Verbose
      Write-Output "Policy Applied"
    }

    catch{
      Write-Warning "Updating APM Policy failed."
      $_.Exception.Message
      break
    }

    try{
      Write-Output "Syncing Device to Group......"
      Sync-DeviceToGroup -GroupName "Sync_Group" | Write-Verbose
      Write-Output "Synced"
    }
    catch{
      Write-Warning "Syncing Device to Group failed."
      $_.Exception.Message
      break
    }
  #============================================================================================================
  #Add Same ACL build to AWS F5
  
   try {

          Write-Output "Connecting to AWS F5 (ec2f5.boozallencsn.com)......"
          $Global:F5Session = New-F5Session -LTMName $awsf5ip -LTMCredentials $creds -Default -PassThru -ErrorAction Stop

         }

  catch {

          Write-Warning "F5 was unable to connect please check your username, password, and network connection."
          $_.Exception.Message
          break

        }

  try {
      Write-Output "Adding new ACL to AWS F5......"
      New-DefaultAcl -Name $awsId -subnet $subnet -aclOrder $aclOrder -ErrorAction Stop | Write-Verbose
      Write-Output "Added $($awsId) with subnet $($subnet)"
    }
    catch {
      Write-Warning "Adding ACL failed."
      $_.ErrorDetails.Message
      break
    }

    try {
      Write-Output "Mapping ACl to VPN access role on AWS F5......"
      Add-APMRole -Name $vpnrole -acl $awsId -group $awsId -ErrorAction stop | Write-Verbose
      Write-Output "Mapped ACL $($awsId) to group $($subnet)."
    }

    catch {
      Write-Warning "Mapping ACL to VPN role failed."
      $_.Exception.Message
      Write-Output "Rolling back changes......"
      Remove-Acl -name $awsId
      Write-Output "ACL $($awsId) has been removed."
      break
    }

    Write-Output "Apply APM Policy on AWS F5......"

    try{
      Update-APMPolicy -Name "CSN_VPN_Streamlined" -ErrorAction Stop | Write-Verbose
      Write-Output "Policy Applied"
    }

    catch{
      Write-Warning "Updating APM Policy failed."
      $_.Exception.Message
      break
    }
  }
 
  

   
  }#end function brace