EC2ADUserData

"Statement": [        {            "Sid": "ReadTag",            "Effect": "Allow",            "Action": "ec2:DescribeTags",            "Resource": "*"        },        {            "Sid": "SecretsMgrRead",            "Effect": "Allow",            "Action": [                "secretsmanager:GetSecretValue"            ],            "Resource": "arn:aws:secretsmanager:<>:<AWS>:secret:onprem.example.com/DomainJoin-tewFSS"        }    ]

<powershell># $domainName = "onprem.example.com"$secretName = "onprem.example.com/DomainJoin"# $secretManager = Get-SECSecretValue -SecretId $secretName# $secret = $secretManager.SecretString | ConvertFrom-Json# $username = $domainName + "\" + $secret.Account$password = $secret.Password | ConvertTo-SecureString -AsPlainText -Force$credential = New-Object System.Management.Automation.PSCredential($username,$password)# EC2IDName$instanceID = Get-EC2InstanceMetadata -Category InstanceId$nameTag = Get-EC2Tag -Filter @{Name="resource-id";Value="$instanceID"},@{Name="key";Value="Name"}$newName = $nameTag.Value# Add-Computer -DomainName "$domainName" -NewName "$newName" -Credential $credential -Passthru -Force -Restart</powershell>