readmes

mwunderl · mwunderl · commit 49f07d900809 · 2026-04-14T16:24:55.000Z
diff --git a/tuts/003-s3-gettingstarted/README.md b/tuts/003-s3-gettingstarted/README.md
@@ -1,6 +1,6 @@
-# S3: Store and retrieve objects
+# S3: Getting started
 
-Create an S3 bucket, upload and download objects, enable versioning, configure encryption, and clean up.
+Create an S3 bucket, upload objects, copy between buckets, list contents, and clean up.
 
 ## Source
 
@@ -15,15 +15,12 @@ https://docs.aws.amazon.com/AmazonS3/latest/userguide/GetStartedWithS3.html
 
 ## What it does
 
-1. Creates an S3 bucket with a random name
-2. Uploads a sample text file
-3. Downloads and displays the file
-4. Copies the object to a folder prefix
-5. Enables versioning and uploads a second version
-6. Configures SSE-S3 encryption and blocks all public access
-7. Tags the bucket
-8. Lists objects and object versions
-9. Cleans up all objects and the bucket
+1. Creates two S3 buckets (source and destination)
+2. Uploads a text file to the source bucket
+3. Downloads the file and verifies contents
+4. Copies the file to the destination bucket
+5. Lists objects in both buckets
+6. Deletes all objects and both buckets
 
 ## Running
 
@@ -39,8 +36,8 @@ echo 'y' | bash s3-gettingstarted.sh
 
 ## Resources created
 
-- S3 bucket (with versioning, encryption, public access block, tags)
-- Objects (sample file, copy, second version)
+- 2 S3 buckets
+- 1 text file (uploaded as S3 object)
 
 ## Estimated time
 
@@ -49,11 +46,23 @@ echo 'y' | bash s3-gettingstarted.sh
 
 ## Cost
 
-Free tier eligible. Minimal charges for a few small objects.
+Free tier eligible. No charges expected for a few objects.
 
 ## Related docs
 
 - [Getting started with Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/GetStartedWithS3.html)
-- [Using versioning in S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html)
-- [Setting default server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html)
-- [Blocking public access to your S3 storage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html)
+- [Creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-bucket.html)
+- [Uploading objects](https://docs.aws.amazon.com/AmazonS3/latest/userguide/upload-objects.html)
+- [Copying objects](https://docs.aws.amazon.com/AmazonS3/latest/userguide/copy-object.html)
+
+---
+
+## Appendix: Generation details
+
+| Field | Value |
+|-------|-------|
+| Generation date | 2026-04-14 (README regenerated with appendix) |
+| Source script | Regenerated from source topic, 332 lines |
+| Script test result | EXIT 0, 16s, 9 steps, clean teardown |
+| Issues encountered | None — straightforward S3 operations |
+| Iterations | v1 (original), v2 (regenerated from source topic 2026-04-12) |
diff --git a/tuts/019-lambda-gettingstarted/README.md b/tuts/019-lambda-gettingstarted/README.md
@@ -42,8 +42,8 @@ y' | bash lambda-gettingstarted.sh
 
 ## Estimated time
 
-- Run: ~1 minute
-- Cleanup: ~30 seconds
+- Run: ~30 seconds
+- Cleanup: ~5 seconds
 
 ## Cost
 
@@ -55,3 +55,15 @@ Free tier eligible. No charges expected for a single invocation.
 - [Lambda execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html)
 - [Deploy Node.js Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/nodejs-package.html)
 - [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html)
+
+---
+
+## Appendix: Generation details
+
+| Field | Value |
+|-------|-------|
+| Generation date | 2026-04-14 (README regenerated with appendix) |
+| Source script | Regenerated from source topic, 401 lines, both Python and Node.js runtimes |
+| Script test result | EXIT 0, 33s, all steps, clean teardown |
+| Issues encountered | `--payload` inline JSON fails on CLI v2 (fixed with `fileb://`); CloudWatch logs not immediately available (added retry loop); missing `--architectures x86_64` (added) |
+| Iterations | v1 (original), v2 (regenerated from source topic 2026-04-12, fileb:// fix, log retry, architectures) |
diff --git a/tuts/025-documentdb-gs/README.md b/tuts/025-documentdb-gs/README.md
@@ -1,30 +1,28 @@
-# DocumentDB: Create a cluster and connect
+# DocumentDB: Getting started
 
-Create an Amazon DocumentDB cluster with encryption, configure network access, and display connection information.
+Create a DocumentDB cluster, connect to it, insert documents, and query them.
 
 ## Source
 
 https://docs.aws.amazon.com/documentdb/latest/developerguide/get-started-guide.html
 
 ## Use case
 
-- ID: docdb/getting-started
+- ID: documentdb/getting-started
 - Phase: create
 - Complexity: intermediate
 - Core actions: docdb:CreateDBCluster, docdb:CreateDBInstance
 
 ## What it does
 
 1. Generates a secure password and stores it in Secrets Manager
-2. Finds the default VPC and subnets across availability zones
+2. Identifies VPC, subnets, and default security group
 3. Creates a DocumentDB subnet group
-4. Creates an encrypted DocumentDB cluster
-5. Creates a DocumentDB instance (db.t3.medium)
-6. Retrieves the cluster endpoint and security group
-7. Adds a security group rule for MongoDB access from your IP
-8. Downloads the TLS CA certificate
-9. Displays connection information (endpoint, mongosh command)
-10. Cleans up all resources including the security group rule
+4. Authorizes inbound access on port 27017
+5. Creates a DocumentDB cluster and instance
+6. Waits for the instance to become available (~10 minutes)
+7. Verifies the cluster endpoint is reachable
+8. Cleans up all resources
 
 ## Running
 
@@ -40,24 +38,36 @@ echo 'y' | bash documentdb-gs.sh
 
 ## Resources created
 
-- Secrets Manager secret (admin credentials)
+- Secrets Manager secret (database password)
 - DocumentDB subnet group
-- DocumentDB cluster (encrypted)
+- Security group rule (port 27017 ingress)
+- DocumentDB cluster
 - DocumentDB instance
-- Security group ingress rule (port 27017, your IP only)
+- CloudWatch log group (created automatically)
 
 ## Estimated time
 
-- Run: ~8 minutes (cluster and instance creation)
-- Cleanup: ~7 minutes (instance and cluster deletion)
+- Run: ~14 minutes (instance creation takes ~10 minutes)
+- Cleanup: ~5 minutes (instance and cluster deletion)
 
 ## Cost
 
-DocumentDB instances incur charges while running. The db.t3.medium instance costs approximately $0.08/hour. Cleanup deletes all resources to stop charges.
+DocumentDB instances are billed per hour. A db.t3.medium instance costs approximately $0.076/hour. Clean up promptly after the tutorial.
 
 ## Related docs
 
-- [Get started with Amazon DocumentDB](https://docs.aws.amazon.com/documentdb/latest/developerguide/get-started-guide.html)
+- [Getting started with Amazon DocumentDB](https://docs.aws.amazon.com/documentdb/latest/developerguide/get-started-guide.html)
 - [Managing Amazon DocumentDB clusters](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-manage.html)
-- [Connecting to Amazon DocumentDB with TLS](https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html)
-- [Encrypting data at rest](https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html)
+- [Connecting to an Amazon DocumentDB cluster](https://docs.aws.amazon.com/documentdb/latest/developerguide/connect.html)
+
+---
+
+## Appendix: Generation details
+
+| Field | Value |
+|-------|-------|
+| Generation date | 2026-04-14 (README regenerated with appendix) |
+| Source script | Regenerated from source topic, space-separated subnet IDs, ERR trap |
+| Script test result | EXIT 0, 825s, 10 steps, clean teardown |
+| Issues encountered | Region not configured (added pre-check); `openssl rand` password contained DocumentDB-illegal characters (switched to safe character set); subnet IDs needed space separation not comma; original used `set -e` (replaced with ERR trap for clean error reporting) |
+| Iterations | v1 (original), v2 (region pre-check, password fix), v3 (regenerated from source topic 2026-04-12) |
diff --git a/tuts/079-aws-iot-device-defender-gs/README.md b/tuts/079-aws-iot-device-defender-gs/README.md
@@ -1,20 +1,68 @@
-# AWS IoT Device Defender getting started tutorial
+# IoT Device Defender: Getting started
 
-This tutorial provides a comprehensive introduction to AWS IoT Device Defender using the AWS CLI. You'll learn how to set up device security monitoring, create security profiles, configure anomaly detection, and implement security best practices for your IoT device fleet.
+Set up AWS IoT Device Defender audit, run an on-demand audit, and review the findings.
 
-You can either run the provided shell script to automatically set up your IoT Device Defender configuration and basic security monitoring, or follow the step-by-step instructions in the tutorial markdown file to understand each component and customize the security setup for your specific IoT device management requirements.
+## Source
 
-## Resources Created
+https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-tutorial.html
 
-The script creates the following AWS resources in order:
+## Use case
 
-- IAM role
-- IAM role policy
-- IAM role policy (b)
-- IAM role policy (c)
-- IoT Core on demand audit task
-- IoT Core mitigation action
-- IoT Core audit mitigation actions task
-- SNS topic
+- ID: iot-device-defender/getting-started
+- Phase: create
+- Complexity: intermediate
+- Core actions: iot:CreateScheduledAudit, iot:StartOnDemandAuditTask, iot:DescribeAuditTask
 
-The script prompts you to clean up resources when you run it, including if there's an error part way through. If you need to clean up resources later, you can use the script log as a reference point for which resources were created.
+## What it does
+
+1. Creates an IAM role for IoT Device Defender
+2. Configures audit settings with the role
+3. Starts an on-demand audit
+4. Waits for the audit to complete
+5. Retrieves and displays audit findings
+6. Cleans up audit configuration, role, and policies
+
+## Running
+
+```bash
+bash aws-iot-device-defender-gs.sh
+```
+
+To auto-run with cleanup:
+
+```bash
+echo 'y' | bash aws-iot-device-defender-gs.sh
+```
+
+## Resources created
+
+- IAM role (with IoT Device Defender audit permissions)
+- IoT audit configuration
+- On-demand audit task
+
+## Estimated time
+
+- Run: ~2 minutes (audit takes ~60 seconds)
+- Cleanup: ~10 seconds
+
+## Cost
+
+No additional charges for IoT Device Defender audit. Standard IoT pricing applies.
+
+## Related docs
+
+- [Getting started with AWS IoT Device Defender](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-tutorial.html)
+- [Audit checks](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit-checks.html)
+- [AWS IoT Device Defender detect](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html)
+
+---
+
+## Appendix: Generation details
+
+| Field | Value |
+|-------|-------|
+| Generation date | 2026-04-14 (README regenerated with appendix) |
+| Source script | Fixed from original, audit config cleanup added |
+| Script test result | EXIT 0, ~120s, all steps, clean teardown |
+| Issues encountered | PassRole with `*` in Resource (split into two IAM statements); end-time bug used 'tomorrow' instead of 'now'; audit config not cleaned up on exit (added reset to cleanup); SNS topic ARN referenced but not created |
+| Iterations | v1 (original), v2 (PassRole fix, end-time fix, audit cleanup, SNS fix) |
diff --git a/tuts/085-amazon-ecs-service-connect/README.md b/tuts/085-amazon-ecs-service-connect/README.md
@@ -1,19 +1,74 @@
-# Amazon ECS Service Connect
+# ECS: Service Connect
 
-This tutorial guides you through setting up Amazon Elastic Container Service (Amazon ECS) Service Connect using the AWS Command Line Interface (AWS CLI). You'll learn how to create an ECS cluster with Service Connect enabled, deploy a containerized application, and configure service discovery for inter-service communication.
+Deploy two ECS Fargate services that communicate using Amazon ECS Service Connect.
 
-You can either run the automated shell script (`amazon-ecs-service-connect.sh`) to quickly set up the entire environment, or follow the step-by-step instructions in the tutorial (`amazon-ecs-service-connect.md`) to understand each component in detail. Both approaches will help you understand how to implement service-to-service communication in Amazon ECS using Service Connect.
+## Source
 
-## Resources Created
+https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service-connect.html
 
-The script creates the following AWS resources in order:
+## Use case
+
+- ID: ecs/service-connect
+- Phase: create
+- Complexity: advanced
+- Core actions: ecs:CreateCluster, ecs:CreateService, ecs:RegisterTaskDefinition, servicediscovery:CreateHttpNamespace
+
+## What it does
+
+1. Creates an ECS cluster with Service Connect defaults
+2. Creates a Cloud Map namespace for service discovery
+3. Creates the ecsTaskExecutionRole (if it doesn't exist)
+4. Registers task definitions for client and server services
+5. Creates a security group and authorizes traffic
+6. Deploys server and client services with Service Connect
+7. Verifies services are running and connected
+8. Cleans up all resources including security group rules
+
+## Running
+
+```bash
+bash amazon-ecs-service-connect.sh
+```
+
+To auto-run with cleanup:
+
+```bash
+echo 'y' | bash amazon-ecs-service-connect.sh
+```
+
+## Resources created
 
-- EC2 security group
-- Logs log group
-- Logs log group (b)
 - ECS cluster
-- IAM role
-- ECS task definition
-- ECS service
+- Cloud Map HTTP namespace
+- IAM role (ecsTaskExecutionRole, if not pre-existing)
+- 2 ECS task definitions
+- Security group with ingress rules
+- 2 ECS Fargate services
+- CloudWatch log groups
+
+## Estimated time
+
+- Run: ~5 minutes (Fargate task provisioning)
+- Cleanup: ~3 minutes (service drain + security group detach)
+
+## Cost
+
+Fargate pricing: ~$0.04/hour for two minimal tasks. Clean up promptly after the tutorial.
+
+## Related docs
+
+- [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html)
+- [Creating a service with Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service-connect.html)
+- [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html)
+
+---
+
+## Appendix: Generation details
 
-The script prompts you to clean up resources when you run it, including if there's an error part way through. If you need to clean up resources later, you can use the script log as a reference point for which resources were created.
+| Field | Value |
+|-------|-------|
+| Generation date | 2026-04-14 (README regenerated with appendix) |
+| Source script | Fixed from original, multiple issues resolved |
+| Script test result | EXIT 0, ~300s, all steps, clean teardown |
+| Issues encountered | ecsTaskExecutionRole assumed to exist (added create-if-missing); security group deletion race with Fargate ENI detach (added retry loop); region handling inconsistent (standardized to AWS_DEFAULT_REGION fallback); container images referenced Docker Hub (switched to ECR Public); cleanup swallowed errors silently (added logging) |
+| Iterations | v1 (original), v2 (role creation, SG retry, region fix, ECR images, cleanup logging) |
