Veeam/New-cVBOAwsRepo.ps1 at master · k00laidIT/Veeam · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
<#
.Synopsis
For Veeam Backup for Microsoft365 v8 this will create an AWS S3 bucket and then add it as an object storage repository

.Notes
Version: 1.0
Authors: Jim Jones, @1111systems
Modified Date: 02/06/2025
Parameters:
    -bucket: (mandatory) bucket name to be used
    -VBOSrv: (optional) defaults to localhost, supply if using remotely
    -RegionId: (mandatory) region code for AWS. example: us-east-1
    -accessKey: (mandatory) first part of key pair provided to you by 11:11 Service Delivery
    -pxyPool: (mandatory) defines which proxy pool the bucket will be attached to
    ### -proxy: (FUTURE ADD) proxy to attach the repository to. Either pxyPool or proxy needs to be present.
    -DaysMonthsYears: (optional) defines in which type you want to measure retention. Options are Years | Months | Days.
      Defaults to Years
    -rPeriod: How many of the retention type you want to keep. Default is 3 years.
    -IMM: (optional) Mandatory if you have enabled object lock on the bucket. Default is enabled.
    -IMMDays: (optional) How long data should be written as immutable. Defaults to 30 days.

.EXAMPLE
.\New-cVBOAwsRepo.ps1 -Bucket 'bucket1' -accessKey "myAWSaccessKey" -RegionId 'us-west-2' -pxyPool 'pool1'
#>

#Requires -Modules AWS.Tools.Common, AWS.Tools.S3

[CmdletBinding(DefaultParametersetName = 'None')]
param (
  [Parameter(Mandatory = $true)]
  [string] $bucket,

  [Parameter(Mandatory = $false)]
  [string] $VBOSrv = "localhost",

  [Parameter(Mandatory = $true)]
  [string] $regionId,

  [Parameter(Mandatory = $true)]
  [string] $accessKey,

  [Parameter(Mandatory = $true)]
  [string] $pxyPool,

  [Parameter(Mandatory = $false)]
  [string] $DaysMonthsYears = "Years",

  [Parameter(Mandatory = $false)]
  [Int] $rPeriod = "3",

  [Parameter(ParameterSetName = 'IMM', Mandatory = $false)]
  [Switch] $IMM,

  [Parameter(ParameterSetName = 'IMM', Mandatory = $false)]
  [int] $IMMDays = "30"
)

begin {
  #Logic for supporting 5.x Powershell which can't convert from secure to insecure just for AWS use, ewwwww
  if ($PSVersionTable.PSVersion -ge "7.0.0" ) {
    #Write-Host "Veeam does not currently support Powershell Core. Please launch via powershell.exe"
    $secretKey = read-host -Prompt "Please Supply the Provided Secret Key" -AsSecureString
    $inSecureKey = ConvertFrom-SecureString -SecureString $secretKey -AsPlainText
  } else {
    $inSecureKey = read-host -Prompt "Please Supply the Provided Secret Key"
    $secretKey = ConvertTo-SecureString -string $inSecureKey -AsPlainText -Force
  }

  #ensure bucket is in all lowercase as S3 requires
  $bucket = $bucket.ToLower()

  #convert years or months to days for immutability check
  if ($DaysMonthsYears = "Years") {
    $rAsDays = $rPeriod*365
  } elseif ($DaysMonthsYears = "Months") {
    $rAsDays = $rPeriod*28
  } elseif ($DaysMonthsYears = "Days") {
    $rAsDays = $rPeriod
  } else {
    Write-Host "Please define DaysMonthsYears as either Days, Months, or Years or leave blank to default to Years."
    Break
  }

  #import AWS Modules
  import-module AWS.Tools.Common, AWS.Tools.S3

  #Let's use those AWS Creds
  Set-AWSCredential -AccessKey $accessKey -SecretKey $inSecureKey

  # Add AWS credentials to Veeam and make connection
  Connect-VBOServer -Server $VBOSrv

#Check Immutability
    #Check for encryption key and if it doesn't exist prompt for password to be created
    try {
      $encKey = Get-VBOEncryptionKey | Where-Object {$_.Description -eq $accessKey}
      if([string]::IsNullOrEmpty($encKey)) {
        throw "Variable is empty or null"
      }
    }
    catch {
      $keyPrompt = Read-Host "No encryption key found for this account. Please enter a key to be used." -AsSecureString
      $encKey = Add-VBOEncryptionKey -Password $keyPrompt -Description $accessKey
    }


  } #end begin block

  process {
    #Check if bucket exists and if it appropriately has object lock enabled. If not found create it.
    if ($IMM) {
      if ($IMMDays -lt 1) {
        Write-Host "Immutabilty is enabled, please supply a period greater than 0. The recommended is 30."
        break
      }
      if ($IMMDays -gt $rAsDays) {
        Write-Host "Please configure your immutability period to be less than your overal retention."
        break
      }
        $aBucket = Get-S3Bucket -Region $RegionId -BucketName $bucket
        if (!$aBucket.BucketName) {
          New-S3Bucket -Region $RegionId -ObjectLockEnabledForBucket $true -BucketName $bucket
        }else {
          $oblockcheck = Get-S3ObjectLockConfiguration -Region -BucketName $bucket
          if (-Not $oblockcheck.ObjectLockEnabled) {
            Write-Host "The supplied bucket does not have Object-Lock enabled. Please supply a different bucket or disable Immutability"
            break
          }
        }
    }else {
        $aBucket = Get-S3Bucket -Region -BucketName $bucket
        if (!$aBucket.BucketName) {
          New-S3Bucket  -Region $RegionId -ObjectLockEnabledForBucket $false -BucketName $bucket
        }else {
          $oblockcheck = Get-S3ObjectLockConfiguration -Region $RegionId -BucketName $bucket
          if ($oblockcheck.ObjectLockEnabled) {
            Write-Host "The supplied bucket has Object-Lock enabled. Please supply a different bucket or enable Immutability"
            break
          }
        }
    }

    #create Veeam Connection to AWS
    try {
      $s3cred = get-VBOAmazonS3Account -AccessKey $accessKey -ErrorAction Stop
    }

    catch {
      $s3cred = Add-VBOAmazonS3Account -AccessKey $accessKey -SecretKey $secretKey -Description "11:11 Provided AWS Credential"
    }

    $connect = New-VBOAmazonS3ConnectionSettings -Account $s3cred -RegionType Global
    $pool = get-vboproxypool -Name $pxyPool

    # Add bucket  as Veeam Repository
    $vBucket = Get-VBOAmazonS3Bucket -Name $bucket -AmazonS3ConnectionSettings $connect -RegionId $regionId
    $vFolder = Add-VBOAmazonS3Folder -Bucket $vBucket -Name 'Veeam'
    $vSettings = New-VBOAmazonS3ObjectStorageSettings -Folder $vFolder

    if ($IMM) {
      if ($DaysMonthsYears = "Years") {
        #Variant that is immutable and has retention in years
        [string]$vrPeriod = "Years$rPeriod"
        $vDate = Get-Date -Format "MM/dd/yyyy"
        $vDesc = "AWS::$regionId::$bucket::$vDate"
        Add-VBOAmazonS3Repository -Name $bucket `
          -Description $vDesc `
          -EnableStandardIAStorageClass `
          -EnableImmutability `
          -ImmutabilityPeriodDays $IMMDays `
          -ObjectStorageSettings $vSettings `
          -ObjectStorageEncryptionKey $encKey `
          -ProxyPool $pool `
          -RetentionFrequencyType "Daily" `
          -DailyTime "00:00:00" `
          -DailyType "Everyday" `
          -RetentionPeriod $vrPeriod `
          -RetentionType "SnapshotBased"
      } elseif ($DaysMonthsYears = "Months") {
        #Variant that is immutable and retention in months
        $vDate = Get-Date -Format "MM/dd/yyyy"
        $vDesc = "AWS::$regionId::$bucket::$vDate"
        Add-VBOAmazonS3Repository -Name $bucket `
          -Description $vDesc `
          -EnableStandardIAStorageClass `
          -EnableImmutability `
          -ImmutabilityPeriodDays $IMMDays `
          -ObjectStorageSettings $vSettings `
          -ObjectStorageEncryptionKey $encKey `
          -ProxyPool $pool `
          -RetentionFrequencyType "Daily" `
          -DailyTime "00:00:00" `
          -DailyType "Everyday" `
          -CustomRetentionPeriodType "Months"
          -CustomRetentionPeriod $rPeriod `
          -RetentionType "SnapshotBased"
      } elseif ($DaysMonthsYears = "Days") {
        #Variant that is immutable and retention in days
        $vDate = Get-Date -Format "MM/dd/yyyy"
        $vDesc = "AWS::$regionId::$bucket::$vDate"
        Add-VBOAmazonS3Repository -Name $bucket `
          -Description $vDesc `
          -EnableStandardIAStorageClass `
          -EnableImmutability `
          -ImmutabilityPeriodDays $IMMDays `
          -ObjectStorageSettings $vSettings `
          -ObjectStorageEncryptionKey $encKey `
          -ProxyPool $pool `
          -RetentionFrequencyType "Daily" `
          -DailyTime "00:00:00" `
          -DailyType "Everyday" `
          -CustomRetentionPeriodType "Days"
          -CustomRetentionPeriod $rPeriod `
          -RetentionType "SnapshotBased"
      }
    } else {
      if ($DaysMonthsYears = "Years") {
        #Variant that is not immutable and has retention in years
        [string]$vrPeriod = "Years$rPeriod"
        $vDate = Get-Date -Format "MM/dd/yyyy"
        $vDesc = "AWS::$regionId::$bucket::$vDate"
        Add-VBOAmazonS3Repository -Name $bucket `
          -Description $vDesc `
          -EnableStandardIAStorageClass `
          -ObjectStorageSettings $vSettings `
          -ObjectStorageEncryptionKey $encKey `
          -ProxyPool $pool `
          -RetentionFrequencyType "Daily" `
          -DailyTime "00:00:00" `
          -DailyType "Everyday" `
          -RetentionPeriod $vrPeriod `
          -RetentionType "SnapshotBased"
      } elseif ($DaysMonthsYears = "Months") {
        #Variant that is not immutable and retention in months
        $vDate = Get-Date -Format "MM/dd/yyyy"
        $vDesc = "AWS::$regionId::$bucket::$vDate"
        Add-VBOAmazonS3Repository -Name $bucket `
          -Description $vDesc `
          -EnableStandardIAStorageClass `
          -ObjectStorageSettings $vSettings `
          -ObjectStorageEncryptionKey $encKey `
          -ProxyPool $pool `
          -RetentionFrequencyType "Daily" `
          -DailyTime "00:00:00" `
          -DailyType "Everyday" `
          -CustomRetentionPeriodType "Months"
          -CustomRetentionPeriod $rPeriod `
          -RetentionType "SnapshotBased"
      } elseif ($DaysMonthsYears = "Days") {
        <# Action when this condition is true #>
      } elseif ($DaysMonthsYears = "Months") {
        #Variant that is immutable and retention in days
        $vDate = Get-Date -Format "MM/dd/yyyy"
        $vDesc = "AWS::$regionId::$bucket::$vDate"
        Add-VBOAmazonS3Repository -Name $bucket `
          -Description $vDesc `
          -EnableStandardIAStorageClass `
          -EnableImmutability `
          -ImmutabilityPeriodDays $IMMDays `
          -ObjectStorageSettings $vSettings `
          -ObjectStorageEncryptionKey $encKey `
          -ProxyPool $pool `
          -RetentionFrequencyType "Daily" `
          -DailyTime "00:00:00" `
          -DailyType "Everyday" `
          -CustomRetentionPeriodType "Days"
          -CustomRetentionPeriod $rPeriod `
          -RetentionType "SnapshotBased"
      }
    }
  } #end process block