Tutorials: compute-batch-3 (5 tutorials)

tuts/160-ec2-security-groups/README.md

@@ -0,0 +1,39 @@
+# Ec2 Security Groups
+
+An AWS CLI tutorial that demonstrates Ec2 operations.
+
+## Running
+
+```bash
+bash ec2-security-groups.sh
+```
+
+To auto-run with cleanup:
+
+```bash
+echo 'y' | bash ec2-security-groups.sh
+```
+
+## What it does
+
+1. Creating security group: $SG_NAME
+2. Adding inbound rules
+3. Describing rules
+4. Adding a tag
+5. Listing security groups
+
+## Resources created
+
+- Security Group
+- Tags
+
+The script prompts you to clean up resources when it finishes.
+
+## Cost
+
+Free tier eligible for most operations. Clean up resources after use to avoid charges.
+
+## Related docs
+
+- [AWS CLI ec2 reference](https://docs.aws.amazon.com/cli/latest/reference/ec2/index.html)
+

tuts/160-ec2-security-groups/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 160-ec2-security-groups
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/160-ec2-security-groups/ec2-security-groups.md

@@ -0,0 +1,31 @@
+# Ec2 Security Groups
+
+## Prerequisites
+
+1. AWS CLI installed and configured (`aws configure`)
+2. Appropriate IAM permissions for the AWS services used
+
+## Step 1: Creating security group: $SG_NAME
+
+The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands.
+
+## Step 2: Adding inbound rules
+
+The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands.
+
+## Step 3: Describing rules
+
+The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands.
+
+## Step 4: Adding a tag
+
+The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands.
+
+## Step 5: Listing security groups
+
+The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands.
+
+## Cleanup
+
+The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created.
+

tuts/160-ec2-security-groups/ec2-security-groups.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/sg.log") 2>&1
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); SG_NAME="tut-sg-${RANDOM_ID}"
+VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" --query 'Vpcs[0].VpcId' --output text)
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
+cleanup() { echo ""; echo "Cleaning up..."; [ -n "$SG_ID" ] && aws ec2 delete-security-group --group-id "$SG_ID" 2>/dev/null && echo "  Deleted security group"; rm -rf "$WORK_DIR"; echo "Done."; }
+echo "Step 1: Creating security group: $SG_NAME"
+SG_ID=$(aws ec2 create-security-group --group-name "$SG_NAME" --description "Tutorial security group" --vpc-id "$VPC_ID" --query 'GroupId' --output text)
+echo "  SG ID: $SG_ID"
+echo "Step 2: Adding inbound rules"
+aws ec2 authorize-security-group-ingress --group-id "$SG_ID" --protocol tcp --port 22 --cidr 10.0.0.0/8 > /dev/null
+aws ec2 authorize-security-group-ingress --group-id "$SG_ID" --protocol tcp --port 80 --cidr 0.0.0.0/0 > /dev/null
+aws ec2 authorize-security-group-ingress --group-id "$SG_ID" --protocol tcp --port 443 --cidr 0.0.0.0/0 > /dev/null
+echo "  Added SSH (10.0.0.0/8), HTTP, HTTPS rules"
+echo "Step 3: Describing rules"
+aws ec2 describe-security-group-rules --filters "Name=group-id,Values=$SG_ID" --query 'SecurityGroupRules[?!IsEgress].{Port:FromPort,Protocol:IpProtocol,CIDR:CidrIpv4}' --output table
+echo "Step 4: Adding a tag"
+aws ec2 create-tags --resources "$SG_ID" --tags Key=Environment,Value=tutorial
+echo "Step 5: Listing security groups"
+aws ec2 describe-security-groups --group-ids "$SG_ID" --query 'SecurityGroups[0].{Name:GroupName,Id:GroupId,InboundRules:IpPermissions|length(@)}' --output table
+echo ""; echo "Tutorial complete."
+echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup

tuts/161-lambda-environment-variables/README.md

@@ -0,0 +1,39 @@
+# Lambda Env Vars
+
+An AWS CLI tutorial that demonstrates Iam operations.
+
+## Running
+
+```bash
+bash lambda-env-vars.sh
+```
+
+To auto-run with cleanup:
+
+```bash
+echo 'y' | bash lambda-env-vars.sh
+```
+
+## What it does
+
+1. Creating function with environment variables
+2. Invoking function
+3. Updating environment variables
+4. Invoking with updated vars
+
+## Resources created
+
+- Function
+- Role
+
+The script prompts you to clean up resources when it finishes.
+
+## Cost
+
+Free tier eligible for most operations. Clean up resources after use to avoid charges.
+
+## Related docs
+
+- [AWS CLI iam reference](https://docs.aws.amazon.com/cli/latest/reference/iam/index.html)
+- [AWS CLI lambda reference](https://docs.aws.amazon.com/cli/latest/reference/lambda/index.html)
+

tuts/161-lambda-environment-variables/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 161-lambda-environment-variables
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/161-lambda-environment-variables/lambda-env-vars.md

@@ -0,0 +1,27 @@
+# Lambda Env Vars
+
+## Prerequisites
+
+1. AWS CLI installed and configured (`aws configure`)
+2. Appropriate IAM permissions for the AWS services used
+
+## Step 1: Creating function with environment variables
+
+The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands.
+
+## Step 2: Invoking function
+
+The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands.
+
+## Step 3: Updating environment variables
+
+The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands.
+
+## Step 4: Invoking with updated vars
+
+The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands.
+
+## Cleanup
+
+The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created.
+

tuts/161-lambda-environment-variables/lambda-env-vars.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/lambda-env.log") 2>&1
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); FUNC="tut-env-${RANDOM_ID}"; ROLE="lambda-env-role-${RANDOM_ID}"
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
+cleanup() { echo ""; echo "Cleaning up..."; aws lambda delete-function --function-name "$FUNC" 2>/dev/null && echo "  Deleted function"; aws iam detach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole 2>/dev/null; aws iam delete-role --role-name "$ROLE" 2>/dev/null && echo "  Deleted role"; rm -rf "$WORK_DIR"; echo "Done."; }
+ROLE_ARN=$(aws iam create-role --role-name "$ROLE" --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"},"Action":"sts:AssumeRole"}]}' --query 'Role.Arn' --output text)
+aws iam attach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole; sleep 10
+echo "Step 1: Creating function with environment variables"
+cat > "$WORK_DIR/index.py" << 'EOF'
+import os
+def handler(event, context):
+    return {k: os.environ.get(k, 'not set') for k in ['APP_ENV', 'DB_HOST', 'LOG_LEVEL', 'FEATURE_FLAG']}
+EOF
+(cd "$WORK_DIR" && zip func.zip index.py > /dev/null)
+aws lambda create-function --function-name "$FUNC" --zip-file "fileb://$WORK_DIR/func.zip" --handler index.handler --runtime python3.12 --role "$ROLE_ARN" --environment 'Variables={APP_ENV=production,DB_HOST=db.example.com,LOG_LEVEL=INFO,FEATURE_FLAG=enabled}' --architectures x86_64 > /dev/null
+aws lambda wait function-active-v2 --function-name "$FUNC"
+echo "Step 2: Invoking function"
+aws lambda invoke --function-name "$FUNC" --cli-binary-format raw-in-base64-out "$WORK_DIR/out.json" > /dev/null
+cat "$WORK_DIR/out.json" | python3 -m json.tool
+echo "Step 3: Updating environment variables"
+aws lambda update-function-configuration --function-name "$FUNC" --environment 'Variables={APP_ENV=staging,DB_HOST=staging-db.example.com,LOG_LEVEL=DEBUG,FEATURE_FLAG=disabled}' --query 'Environment.Variables' --output table > /dev/null
+aws lambda wait function-updated-v2 --function-name "$FUNC"
+echo "Step 4: Invoking with updated vars"
+aws lambda invoke --function-name "$FUNC" --cli-binary-format raw-in-base64-out "$WORK_DIR/out2.json" > /dev/null
+cat "$WORK_DIR/out2.json" | python3 -m json.tool
+echo ""; echo "Tutorial complete."
+echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup

tuts/166-lambda-aliases/README.md

@@ -0,0 +1,41 @@
+# Lambda Aliases
+
+An AWS CLI tutorial that demonstrates Iam operations.
+
+## Running
+
+```bash
+bash lambda-aliases.sh
+```
+
+To auto-run with cleanup:
+
+```bash
+echo 'y' | bash lambda-aliases.sh
+```
+
+## What it does
+
+1. Creating function (v1)
+2. Creating alias pointing to v1
+3. Deploying v2 with canary
+4. Invoking via alias (multiple times)
+5. Shifting all traffic to v2
+
+## Resources created
+
+- Alias
+- Function
+- Role
+
+The script prompts you to clean up resources when it finishes.
+
+## Cost
+
+Free tier eligible for most operations. Clean up resources after use to avoid charges.
+
+## Related docs
+
+- [AWS CLI iam reference](https://docs.aws.amazon.com/cli/latest/reference/iam/index.html)
+- [AWS CLI lambda reference](https://docs.aws.amazon.com/cli/latest/reference/lambda/index.html)
+

tuts/166-lambda-aliases/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 166-lambda-aliases
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/166-lambda-aliases/lambda-aliases.md

@@ -0,0 +1,31 @@
+# Lambda Aliases
+
+## Prerequisites
+
+1. AWS CLI installed and configured (`aws configure`)
+2. Appropriate IAM permissions for the AWS services used
+
+## Step 1: Creating function (v1)
+
+The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands.
+
+## Step 2: Creating alias pointing to v1
+
+The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands.
+
+## Step 3: Deploying v2 with canary
+
+The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands.
+
+## Step 4: Invoking via alias (multiple times)
+
+The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands.
+
+## Step 5: Shifting all traffic to v2
+
+The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands.
+
+## Cleanup
+
+The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created.
+

tuts/166-lambda-aliases/lambda-aliases.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/alias.log") 2>&1
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); FUNC="tut-alias-${RANDOM_ID}"; ROLE="lambda-alias-role-${RANDOM_ID}"
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
+cleanup() { echo ""; echo "Cleaning up..."; aws lambda delete-alias --function-name "$FUNC" --name live 2>/dev/null; aws lambda delete-function --function-name "$FUNC" 2>/dev/null && echo "  Deleted function"; aws iam detach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole 2>/dev/null; aws iam delete-role --role-name "$ROLE" 2>/dev/null && echo "  Deleted role"; rm -rf "$WORK_DIR"; echo "Done."; }
+ROLE_ARN=$(aws iam create-role --role-name "$ROLE" --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"},"Action":"sts:AssumeRole"}]}' --query 'Role.Arn' --output text)
+aws iam attach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole; sleep 10
+echo "Step 1: Creating function (v1)"
+cat > "$WORK_DIR/v1.py" << 'EOF'
+def handler(event, context): return {"version": "1.0", "message": "Hello from v1"}
+EOF
+(cd "$WORK_DIR" && zip v1.zip v1.py > /dev/null)
+aws lambda create-function --function-name "$FUNC" --zip-file "fileb://$WORK_DIR/v1.zip" --handler v1.handler --runtime python3.12 --role "$ROLE_ARN" --architectures x86_64 > /dev/null
+aws lambda wait function-active-v2 --function-name "$FUNC"
+V1=$(aws lambda publish-version --function-name "$FUNC" --query 'Version' --output text)
+echo "  Published version $V1"
+echo "Step 2: Creating alias pointing to v1"
+aws lambda create-alias --function-name "$FUNC" --name live --function-version "$V1" --query '{Alias:Name,Version:FunctionVersion}' --output table
+echo "Step 3: Deploying v2 with canary"
+cat > "$WORK_DIR/v2.py" << 'EOF'
+def handler(event, context): return {"version": "2.0", "message": "Hello from v2"}
+EOF
+(cd "$WORK_DIR" && zip v2.zip v2.py > /dev/null)
+aws lambda update-function-code --function-name "$FUNC" --zip-file "fileb://$WORK_DIR/v2.zip" > /dev/null
+aws lambda wait function-updated-v2 --function-name "$FUNC"
+V2=$(aws lambda publish-version --function-name "$FUNC" --query 'Version' --output text)
+aws lambda update-alias --function-name "$FUNC" --name live --function-version "$V2" --routing-config "{\"AdditionalVersionWeights\":{\"$V1\":0.1}}" > /dev/null
+echo "  Alias 'live' → v2 (90%) + v1 (10%)"
+echo "Step 4: Invoking via alias (multiple times)"
+for i in $(seq 1 5); do aws lambda invoke --function-name "$FUNC" --qualifier live --cli-binary-format raw-in-base64-out "$WORK_DIR/out.json" > /dev/null; echo "  $(cat $WORK_DIR/out.json)"; done
+echo "Step 5: Shifting all traffic to v2"
+aws lambda update-alias --function-name "$FUNC" --name live --function-version "$V2" --routing-config '{}' > /dev/null
+echo "  Alias 'live' → v2 (100%)"
+echo ""; echo "Tutorial complete."
+echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup

tuts/169-ec2-key-pairs/README.md

@@ -0,0 +1,37 @@
+# Ec2 Keypairs
+
+An AWS CLI tutorial that demonstrates Ec2 operations.
+
+## Running
+
+```bash
+bash ec2-keypairs.sh
+```
+
+To auto-run with cleanup:
+
+```bash
+echo 'y' | bash ec2-keypairs.sh
+```
+
+## What it does
+
+1. Creating RSA key pair
+2. Creating ED25519 key pair
+3. Describing key pairs
+4. Listing all tutorial key pairs
+
+## Resources created
+
+- Key Pair
+
+The script prompts you to clean up resources when it finishes.
+
+## Cost
+
+Free tier eligible for most operations. Clean up resources after use to avoid charges.
+
+## Related docs
+
+- [AWS CLI ec2 reference](https://docs.aws.amazon.com/cli/latest/reference/ec2/index.html)
+

tuts/169-ec2-key-pairs/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 169-ec2-key-pairs
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+