
function New-AwsSecurityStack {
Creates a new project VPN config from a specified Jira Ticket. Currently only works iwth single subnet projects.
Scrapes the parameters from tickets that look like
    Create a CSN AD security group named: AWS_293853093962
AWS Security Information:
  User Private Subnet:
.PARAMETER crnumber
CR Number from Jira in the format "CR-4340"
.PARAMETER f5creds
Powershell crednetial object containing F5 login credentials
.PARAMETER jiracreds
Powershell crednetial object containing F5 login credentials
.PARAMETER onpremf5ip
IP or DNS of onpremise F5 device. Defaults to and generally can be omitted.
.PARAMETER awsf5ip
IP or DNS of AWS F5 device in VCD. Defaults to and generally can be omitted.
Switch paramter for dev or prod. Defaults to prod if omitted.
New-AwsSecurityStack -crNumber "CR-4509" -f5creds $saved_credentials -jiracreds $save_jiracreds
  It is required that the jirasever have been set using JiraPS module Set-JiraConfigServer -Server ''


    [Alias("existing acl Name")]
    [Parameter(Mandatory = $true)]
    [string]$crnumber = '',


    [Parameter(Mandatory = $false)]
    [string]$onpremf5ip = '',

    [Parameter(Mandatory = $false)]
    [string]$awsf5ip = '',

    [Validateset('dev', 'prod')]
    [Parameter(Mandatory = $false)]
    [string]$role = 'prod'


  process {

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    if( $role -eq 'dev' ){ 
        $vpnrole = "aggregate_acl_act_full_resource_assign_ag"

    else { $vpnrole = "acl_1_act_full_resource_assign_ag" }

    #if creds are null
    if( !($jiracreds) ) {

        $jiracreds = Get-Credential -Message "Please enter credentials to access Jira"

    $jiraSesh = New-JiraSession -Credential $jiracreds -ErrorAction Stop

    if ([string]::IsNullOrEmpty($jiraSesh)) {

      Write-Warning "Jira session has expired, or bad username and password."



    #get ticket info from jira - returns custom object
    $newEnv = Get-JiraTicketInfo -crNumber "$crnumber"

    if ([string]::IsNullOrEmpty($newEnv)) {

      Write-Warning "Jira was unable to locate ticked based on $crNumber"



         try {
          #f5 null creds
          if( !($f5creds) ) {
              Write-Output "Please enter you F5 credentials."
              $creds = Get-Credential -Message "Please enter credentials to access the F5 load balancer"    

          $Global:F5Session = New-F5Session -LTMName $onpremf5ip -LTMCredentials $f5creds -Default -PassThru -ErrorAction Stop


        catch {

          Write-Warning "F5 was unable to connect please check your username, password, and network connection."
          throw $_.Exception.Message


    try {
      Write-Output "Adding new ACL......"
      $aclOrder = (Get-NextAclOrder)

      #counter for single interations
      $firstLoop = 0
      foreach ($subnet in $newEnv.subnet ){

        if( $firstLoop -eq 0 ){
          New-DefaultAcl -Name $newEnv.aws_group -subnet $subnet -aclOrder $aclOrder -ErrorAction Stop | Write-Verbose
          Write-Output "Added $($newEnv.aws_group) with subnet $subnet."
        else {
          Write-Output "Adding additional Subnet $subnet......"
          Add-DefaultAclSubnet -name $newEnv.aws_group -action allow -dstSubnet $subnet -ErrorAction Stop | Write-Verbose
          Write-Output "Added subnet $subnet to ACL $($newEnv.aws_group)." 

    catch {
      Write-Warning "Adding ACL failed."

    try {
      Write-Output "Mapping ACl to VPN access role......"
      Add-APMRole -Name $vpnrole -acl $newEnv.aws_group -group $newEnv.aws_group -ErrorAction stop | Write-Verbose
      Write-Output "Mapped ACL $($newEnv.aws_group) to group $($newEnv.aws_group)."

    catch {
      Write-Warning "Mapping ACL to VPN role failed."
      Write-Output "Rolling back changes......"
      Remove-Acl -name $newEnv.aws_group
      Write-Output "ACL $($newEnv.aws_group) has been removed."

    Write-Output "Apply APM Policy......"

      Update-APMPolicy -Name "CSN_VPN_Streamlined" -ErrorAction Stop | Write-Verbose
      Write-Output "Policy Applied"

      Write-Warning "Updating APM Policy failed."

      Write-Output "Syncing Device to Group......"
      Sync-DeviceToGroup -GroupName "Sync_Group" | Write-Verbose
      Write-Output "Synced"
      Write-Warning "Syncing Device to Group failed."
  #Add Same ACL build to AWS F5 this needs to be modularized in a future relase for maintainability
   try {

          Write-Output "Connecting to AWS F5 ("
          $Global:F5Session = New-F5Session -LTMName $awsf5ip -LTMCredentials $f5creds -Default -PassThru -ErrorAction Stop


  catch {

          Write-Warning "F5 was unable to connect please check your username, password, and network connection."


  try {
    Write-Output "Adding new ACL......"
    $aclOrder = (Get-NextAclOrder)

    #counter for single interations
    $firstLoop = 0
    foreach ($subnet in $newEnv.subnet ){

      if( $firstLoop -eq 0 ){
        New-DefaultAcl -Name $newEnv.aws_group -subnet $subnet -aclOrder $aclOrder -ErrorAction Stop | Write-Verbose
        Write-Output "Added $($newEnv.aws_group) with subnet $subnet."
      else {
        Write-Output "Adding additional Subnet $subnet......"
        Add-DefaultAclSubnet -name $newEnv.aws_group -action allow -dstSubnet $subnet -ErrorAction Stop | Write-Verbose
        Write-Output "Added subnet $subnet to ACL $($newEnv.aws_group)." 


    catch {
      Write-Warning "Adding ACL failed."
      throw $_.ErrorDetails.Message

    try {
      Write-Output "Mapping ACl to VPN access role on AWS F5......"
      Add-APMRole -Name $vpnrole -acl $newEnv.aws_group -group $newEnv.aws_group -ErrorAction stop | Write-Verbose
      Write-Output "Mapped ACL $($newEnv.aws_group) to group $($newEnv.aws_group)."

    catch {
      Write-Warning "Mapping ACL to VPN role failed."
      Write-Output "Rolling back changes......"
      Remove-Acl -name $newEnv.aws_group
      Write-Output "ACL $($newEnv.aws_group) has been removed."

    Write-Output "Apply APM Policy on AWS F5......"

      Update-APMPolicy -Name "CSN_VPN_Streamlined" -ErrorAction Stop | Write-Verbose
      Write-Output "Policy Applied"

      Write-Warning "Updating APM Policy failed."
      throw $_.Exception.Message


      #Close out Comments
      Add-JiraIssueComment -Comment "Core Services VPN Config Complete" -Issue $crnumber -VisibleRole 'All Users' -ErrorAction Stop | Out-Null
      Write-Output "[Added Closing Comment]......"

      Write-Warning "Updating Jira comments failed."
      throw $_.Exception.Message

         #Close Out Ticket
      Get-JiraIssue -Key $crnumber | Invoke-JiraIssueTransition -Transition 81 -ErrorAction Stop | Out-Null 
      Write-Output "Ticket Closed......"
      Write-Output "New Build Complete!"

      Write-Warning "Updating Jira comments failed."
      throw $_.Exception.Message


  }#end function brace