Add networking tutorials (batch 19)

mwunderl · mwunderl · commit be222bc88d3a · 2026-04-14T16:35:01.000Z
diff --git a/tuts/117-elastic-load-balancing-gs/README.md b/tuts/117-elastic-load-balancing-gs/README.md
@@ -0,0 +1,61 @@
+# ELB: Create an Application Load Balancer
+
+Create an Application Load Balancer with a security group, target group, and HTTP listener using the default VPC.
+
+## Source
+
+https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html
+
+## Use case
+
+- **ID**: elbv2/getting-started
+- **Level**: intermediate
+- **Core actions**: `elbv2:CreateLoadBalancer`, `elbv2:CreateListener`, `elbv2:CreateTargetGroup`
+
+## Steps
+
+1. Get VPC and subnets
+2. Create a security group
+3. Create a target group
+4. Create the Application Load Balancer
+5. Wait for ALB to be active
+6. Create an HTTP listener
+7. Describe the ALB
+
+## Resources created
+
+| Resource | Type |
+|----------|------|
+| `tut-alb-<random>` | Application Load Balancer |
+| `tut-tg-<random>` | Target group |
+| `tut-alb-sg-<random>` | Security group |
+| HTTP listener on port 80 | Listener |
+
+## Duration
+
+~121 seconds (most time spent waiting for ALB provisioning)
+
+## Cost
+
+~$0.02/hr while the ALB is running. Clean up promptly to avoid charges.
+
+## Related docs
+
+- [Getting started with Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html)
+- [Create an Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html)
+- [Target groups for ALBs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html)
+- [Elastic Load Balancing pricing](https://aws.amazon.com/elasticloadbalancing/pricing/)
+
+---
+
+## Appendix
+
+| Field | Value |
+|-------|-------|
+| Date | 2026-04-14 |
+| Script lines | 112 |
+| Exit code | 0 |
+| Runtime | 121s |
+| Steps | 7 |
+| Issues | None |
+| Version | v1 |
diff --git a/tuts/117-elastic-load-balancing-gs/elastic-load-balancing-gs.md b/tuts/117-elastic-load-balancing-gs/elastic-load-balancing-gs.md
@@ -0,0 +1,142 @@
+# Create an Application Load Balancer with Elastic Load Balancing
+
+## Overview
+
+In this tutorial, you use the AWS CLI to create an Application Load Balancer (ALB) in your default VPC. You create a security group, target group, and HTTP listener, then verify the ALB is active. You then delete all resources during cleanup.
+
+## Prerequisites
+
+- AWS CLI installed and configured with appropriate permissions.
+- A default VPC with at least two subnets in different Availability Zones.
+- An IAM principal with permissions for `elbv2:CreateLoadBalancer`, `elbv2:CreateTargetGroup`, `elbv2:CreateListener`, `elbv2:DescribeLoadBalancers`, `elbv2:DeleteLoadBalancer`, `elbv2:DeleteTargetGroup`, `elbv2:DeleteListener`, `ec2:CreateSecurityGroup`, `ec2:AuthorizeSecurityGroupIngress`, `ec2:DeleteSecurityGroup`, `ec2:DescribeVpcs`, and `ec2:DescribeSubnets`.
+
+## Step 1: Get VPC and subnets
+
+Identify the default VPC and select two subnets for the ALB. An ALB requires subnets in at least two Availability Zones.
+
+```bash
+VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" \
+    --query 'Vpcs[0].VpcId' --output text)
+
+SUBNETS=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" \
+    --query 'Subnets[:2].SubnetId' --output text)
+SUBNET1=$(echo "$SUBNETS" | awk '{print $1}')
+SUBNET2=$(echo "$SUBNETS" | awk '{print $2}')
+echo "VPC: $VPC_ID  Subnets: $SUBNET1, $SUBNET2"
+```
+
+## Step 2: Create a security group
+
+Create a security group that allows inbound HTTP traffic on port 80.
+
+```bash
+RANDOM_ID=$(openssl rand -hex 4)
+
+SG_ID=$(aws ec2 create-security-group --group-name "tut-alb-sg-${RANDOM_ID}" \
+    --description "Tutorial ALB security group" --vpc-id "$VPC_ID" \
+    --query 'GroupId' --output text)
+
+aws ec2 authorize-security-group-ingress --group-id "$SG_ID" \
+    --protocol tcp --port 80 --cidr 0.0.0.0/0 > /dev/null
+echo "Security group: $SG_ID"
+```
+
+This rule allows HTTP traffic from any source. In production, restrict the CIDR to known IP ranges.
+
+## Step 3: Create a target group
+
+Create an IP-based target group. The ALB forwards traffic to targets registered in this group.
+
+```bash
+TG_NAME="tut-tg-${RANDOM_ID}"
+
+TG_ARN=$(aws elbv2 create-target-group --name "$TG_NAME" \
+    --protocol HTTP --port 80 --vpc-id "$VPC_ID" \
+    --target-type ip \
+    --query 'TargetGroups[0].TargetGroupArn' --output text)
+echo "Target group: $TG_ARN"
+```
+
+Target type `ip` lets you register IP addresses directly. Use `instance` to register EC2 instances by ID instead.
+
+## Step 4: Create the Application Load Balancer
+
+Create the ALB across the two subnets with the security group attached.
+
+```bash
+ALB_NAME="tut-alb-${RANDOM_ID}"
+
+ALB_ARN=$(aws elbv2 create-load-balancer --name "$ALB_NAME" \
+    --subnets $SUBNET1 $SUBNET2 \
+    --security-groups "$SG_ID" \
+    --query 'LoadBalancers[0].LoadBalancerArn' --output text)
+echo "ALB ARN: $ALB_ARN"
+```
+
+## Step 5: Wait for ALB to be active
+
+The ALB takes 1–2 minutes to provision. Wait for it to reach the `active` state.
+
+```bash
+aws elbv2 wait load-balancer-available --load-balancer-arns "$ALB_ARN"
+
+DNS_NAME=$(aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].DNSName' --output text)
+echo "DNS: $DNS_NAME"
+```
+
+The DNS name is publicly resolvable. Without registered targets, requests to this DNS return a 503 error.
+
+## Step 6: Create an HTTP listener
+
+Create a listener on port 80 that forwards traffic to the target group.
+
+```bash
+LISTENER_ARN=$(aws elbv2 create-listener --load-balancer-arn "$ALB_ARN" \
+    --protocol HTTP --port 80 \
+    --default-actions "Type=forward,TargetGroupArn=$TG_ARN" \
+    --query 'Listeners[0].ListenerArn' --output text)
+echo "Listener: $LISTENER_ARN"
+```
+
+The default action forwards all requests to the target group. You can add rules to route requests based on path or host header.
+
+## Step 7: Describe the ALB
+
+View the ALB configuration.
+
+```bash
+aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].{Name:LoadBalancerName,DNS:DNSName,State:State.Code,Type:Type}' \
+    --output table
+```
+
+## Cleanup
+
+Delete resources in reverse order. The ALB must be fully deleted before you can remove the target group.
+
+```bash
+aws elbv2 delete-listener --listener-arn "$LISTENER_ARN"
+aws elbv2 delete-load-balancer --load-balancer-arn "$ALB_ARN"
+
+echo "Waiting for ALB deletion..."
+aws elbv2 wait load-balancers-deleted --load-balancer-arns "$ALB_ARN"
+
+aws elbv2 delete-target-group --target-group-arn "$TG_ARN"
+aws ec2 delete-security-group --group-id "$SG_ID"
+```
+
+ALBs incur hourly charges (~$0.02/hr) plus data processing fees. Clean up promptly to avoid costs.
+
+The script automates all steps including cleanup:
+
+```bash
+bash elastic-load-balancing-gs.sh
+```
+
+## Related resources
+
+- [Getting started with Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html)
+- [Create an Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html)
+- [Target groups for ALBs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html)
+- [Elastic Load Balancing pricing](https://aws.amazon.com/elasticloadbalancing/pricing/)
diff --git a/tuts/117-elastic-load-balancing-gs/elastic-load-balancing-gs.sh b/tuts/117-elastic-load-balancing-gs/elastic-load-balancing-gs.sh
@@ -0,0 +1,112 @@
+#!/bin/bash
+# Tutorial: Create an Application Load Balancer
+# Source: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html
+
+WORK_DIR=$(mktemp -d)
+LOG_FILE="$WORK_DIR/elbv2-$(date +%Y%m%d-%H%M%S).log"
+exec > >(tee -a "$LOG_FILE") 2>&1
+
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null)}}
+if [ -z "$REGION" ]; then
+    echo "ERROR: No AWS region configured. Set one with: export AWS_DEFAULT_REGION=us-east-1"
+    exit 1
+fi
+export AWS_DEFAULT_REGION="$REGION"
+echo "Region: $REGION"
+
+RANDOM_ID=$(openssl rand -hex 4)
+ALB_NAME="tut-alb-${RANDOM_ID}"
+TG_NAME="tut-tg-${RANDOM_ID}"
+
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }
+trap 'handle_error $LINENO' ERR
+
+cleanup() {
+    echo ""
+    echo "Cleaning up resources..."
+    [ -n "$LISTENER_ARN" ] && aws elbv2 delete-listener --listener-arn "$LISTENER_ARN" 2>/dev/null && echo "  Deleted listener"
+    [ -n "$ALB_ARN" ] && aws elbv2 delete-load-balancer --load-balancer-arn "$ALB_ARN" 2>/dev/null && echo "  Deleted ALB $ALB_NAME"
+    # Wait for ALB to be deleted before deleting TG
+    if [ -n "$ALB_ARN" ]; then
+        echo "  Waiting for ALB deletion..."
+        aws elbv2 wait load-balancers-deleted --load-balancer-arns "$ALB_ARN" 2>/dev/null || sleep 30
+    fi
+    [ -n "$TG_ARN" ] && aws elbv2 delete-target-group --target-group-arn "$TG_ARN" 2>/dev/null && echo "  Deleted target group $TG_NAME"
+    [ -n "$SG_ID" ] && aws ec2 delete-security-group --group-id "$SG_ID" 2>/dev/null && echo "  Deleted security group $SG_ID"
+    rm -rf "$WORK_DIR"
+    echo "Cleanup complete."
+}
+
+# Step 1: Get VPC and subnets
+echo "Step 1: Getting VPC and subnets"
+VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" --query 'Vpcs[0].VpcId' --output text)
+SUBNETS=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" \
+    --query 'Subnets[:2].SubnetId' --output text)
+SUBNET1=$(echo "$SUBNETS" | awk '{print $1}')
+SUBNET2=$(echo "$SUBNETS" | awk '{print $2}')
+echo "  VPC: $VPC_ID"
+echo "  Subnets: $SUBNET1, $SUBNET2"
+
+# Step 2: Create security group
+echo "Step 2: Creating security group"
+SG_ID=$(aws ec2 create-security-group --group-name "tut-alb-sg-${RANDOM_ID}" \
+    --description "Tutorial ALB security group" --vpc-id "$VPC_ID" \
+    --query 'GroupId' --output text)
+aws ec2 authorize-security-group-ingress --group-id "$SG_ID" \
+    --protocol tcp --port 80 --cidr 0.0.0.0/0 > /dev/null
+echo "  Security group: $SG_ID (port 80 open)"
+
+# Step 3: Create target group
+echo "Step 3: Creating target group: $TG_NAME"
+TG_ARN=$(aws elbv2 create-target-group --name "$TG_NAME" \
+    --protocol HTTP --port 80 --vpc-id "$VPC_ID" \
+    --target-type ip \
+    --query 'TargetGroups[0].TargetGroupArn' --output text)
+echo "  Target group ARN: $TG_ARN"
+
+# Step 4: Create ALB
+echo "Step 4: Creating Application Load Balancer: $ALB_NAME"
+ALB_ARN=$(aws elbv2 create-load-balancer --name "$ALB_NAME" \
+    --subnets $SUBNET1 $SUBNET2 \
+    --security-groups "$SG_ID" \
+    --query 'LoadBalancers[0].LoadBalancerArn' --output text)
+echo "  ALB ARN: $ALB_ARN"
+
+# Step 5: Wait for ALB to be active
+echo "Step 5: Waiting for ALB to be active..."
+aws elbv2 wait load-balancer-available --load-balancer-arns "$ALB_ARN"
+DNS_NAME=$(aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].DNSName' --output text)
+echo "  DNS: $DNS_NAME"
+
+# Step 6: Create listener
+echo "Step 6: Creating HTTP listener"
+LISTENER_ARN=$(aws elbv2 create-listener --load-balancer-arn "$ALB_ARN" \
+    --protocol HTTP --port 80 \
+    --default-actions "Type=forward,TargetGroupArn=$TG_ARN" \
+    --query 'Listeners[0].ListenerArn' --output text)
+echo "  Listener ARN: $LISTENER_ARN"
+
+# Step 7: Describe the ALB
+echo "Step 7: ALB details"
+aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].{Name:LoadBalancerName,DNS:DNSName,State:State.Code,Type:Type}' --output table
+
+echo ""
+echo "Tutorial complete."
+echo "The ALB is running but has no targets registered."
+echo "Note: ALBs incur hourly charges (~\$0.02/hr). Clean up promptly."
+echo ""
+echo "Do you want to clean up all resources? (y/n): "
+read -r CHOICE
+if [[ "$CHOICE" =~ ^[Yy]$ ]]; then
+    cleanup
+else
+    echo "Resources left running. ALB charges ~\$0.02/hr."
+    echo "Manual cleanup:"
+    echo "  aws elbv2 delete-listener --listener-arn $LISTENER_ARN"
+    echo "  aws elbv2 delete-load-balancer --load-balancer-arn $ALB_ARN"
+    echo "  # Wait 1-2 minutes, then:"
+    echo "  aws elbv2 delete-target-group --target-group-arn $TG_ARN"
+    echo "  aws ec2 delete-security-group --group-id $SG_ID"
+fi
diff --git a/tuts/143-aws-transfer-gs/aws-transfer-gs.sh b/tuts/143-aws-transfer-gs/aws-transfer-gs.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/transfer.log") 2>&1
+REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(openssl rand -hex 4)
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
+cleanup() { echo ""; echo "Cleaning up..."; [ -n "$SERVER_ID" ] && aws transfer delete-server --server-id "$SERVER_ID" 2>/dev/null && echo "  Deleted server (takes ~1 min)"; rm -rf "$WORK_DIR"; echo "Done."; }
+echo "Step 1: Creating SFTP server"
+SERVER_ID=$(aws transfer create-server --protocols SFTP --endpoint-type PUBLIC --identity-provider-type SERVICE_MANAGED --query 'ServerId' --output text)
+echo "  Server ID: $SERVER_ID"
+echo "Step 2: Waiting for server..."
+for i in $(seq 1 20); do STATUS=$(aws transfer describe-server --server-id "$SERVER_ID" --query 'Server.State' --output text); echo "  $STATUS"; [ "$STATUS" = "ONLINE" ] && break; sleep 10; done
+echo "Step 3: Server details"
+aws transfer describe-server --server-id "$SERVER_ID" --query 'Server.{Id:ServerId,State:State,Endpoint:EndpointDetails.AddressAllocationIds,Protocols:Protocols}' --output table
+echo "Step 4: Listing servers"
+aws transfer list-servers --query 'Servers[:3].{Id:ServerId,State:State,Protocols:Protocols}' --output table
+echo ""; echo "Tutorial complete."
+echo "Note: Transfer Family servers incur hourly charges (~\$0.30/hr). Clean up promptly."
+echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup
diff --git a/tuts/144-aws-datasync-gs/aws-datasync-gs.sh b/tuts/144-aws-datasync-gs/aws-datasync-gs.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/datasync.log") 2>&1
+REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+echo "Step 1: Listing agents"
+aws datasync list-agents --query 'Agents[:5].{Arn:AgentArn,Name:Name,Status:Status}' --output table 2>/dev/null || echo "  No agents configured"
+echo "Step 2: Listing locations"
+aws datasync list-locations --query 'Locations[:5].{Uri:LocationUri,Arn:LocationArn}' --output table 2>/dev/null || echo "  No locations configured"
+echo "Step 3: Listing tasks"
+aws datasync list-tasks --query 'Tasks[:5].{Name:Name,Status:Status,Arn:TaskArn}' --output table 2>/dev/null || echo "  No tasks configured"
+echo ""; echo "Tutorial complete. DataSync requires an agent (on-premises or EC2) for data transfer."
+echo "No resources created — this tutorial shows the DataSync API structure."
+rm -rf "$WORK_DIR"
diff --git a/tuts/145-aws-globalaccelerator-gs/aws-globalaccelerator-gs.sh b/tuts/145-aws-globalaccelerator-gs/aws-globalaccelerator-gs.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/ga.log") 2>&1
+export AWS_DEFAULT_REGION=us-west-2; echo "Region: us-west-2 (Global Accelerator)"
+RANDOM_ID=$(openssl rand -hex 4); GA_NAME="tut-ga-${RANDOM_ID}"
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
+cleanup() { echo ""; echo "Cleaning up..."; [ -n "$GA_ARN" ] && { aws globalaccelerator update-accelerator --accelerator-arn "$GA_ARN" --no-enabled 2>/dev/null; sleep 5; aws globalaccelerator delete-accelerator --accelerator-arn "$GA_ARN" 2>/dev/null && echo "  Deleted accelerator"; }; rm -rf "$WORK_DIR"; echo "Done."; }
+echo "Step 1: Creating accelerator: $GA_NAME"
+GA_ARN=$(aws globalaccelerator create-accelerator --name "$GA_NAME" --query 'Accelerator.AcceleratorArn' --output text)
+echo "  ARN: $GA_ARN"
+echo "Step 2: Waiting for deployment..."
+for i in $(seq 1 20); do STATUS=$(aws globalaccelerator describe-accelerator --accelerator-arn "$GA_ARN" --query 'Accelerator.Status' --output text); echo "  $STATUS"; [ "$STATUS" = "DEPLOYED" ] && break; sleep 10; done
+echo "Step 3: Accelerator details"
+aws globalaccelerator describe-accelerator --accelerator-arn "$GA_ARN" --query 'Accelerator.{Name:Name,Status:Status,DNS:DnsName,IPs:IpSets[0].IpAddresses}' --output table
+echo "Step 4: Listing accelerators"
+aws globalaccelerator list-accelerators --query 'Accelerators[?starts_with(Name, `tut-`)].{Name:Name,Status:Status}' --output table
+echo ""; echo "Tutorial complete."
+echo "Note: Global Accelerator incurs hourly charges. Clean up promptly."
+echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup
diff --git a/tuts/158-vpc-endpoints/vpc-endpoints.sh b/tuts/158-vpc-endpoints/vpc-endpoints.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/vpc-ep.log") 2>&1
+REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(openssl rand -hex 4)
+VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" --query 'Vpcs[0].VpcId' --output text)
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
+cleanup() { echo ""; echo "Cleaning up..."; [ -n "$EP_ID" ] && aws ec2 delete-vpc-endpoints --vpc-endpoint-ids "$EP_ID" > /dev/null 2>&1 && echo "  Deleted endpoint"; rm -rf "$WORK_DIR"; echo "Done."; }
+echo "Step 1: Listing available VPC endpoint services"
+aws ec2 describe-vpc-endpoint-services --query 'ServiceNames[:10]' --output table
+echo "Step 2: Creating a gateway endpoint (S3)"
+RT_ID=$(aws ec2 describe-route-tables --filters "Name=vpc-id,Values=$VPC_ID" --query 'RouteTables[0].RouteTableId' --output text)
+EP_ID=$(aws ec2 create-vpc-endpoint --vpc-id "$VPC_ID" --service-name "com.amazonaws.${REGION}.s3" --route-table-ids "$RT_ID" --query 'VpcEndpoint.VpcEndpointId' --output text)
+echo "  Endpoint: $EP_ID"
+echo "Step 3: Describing endpoint"
+aws ec2 describe-vpc-endpoints --vpc-endpoint-ids "$EP_ID" --query 'VpcEndpoints[0].{Id:VpcEndpointId,Service:ServiceName,State:State,Type:VpcEndpointType}' --output table
+echo "Step 4: Listing endpoints"
+aws ec2 describe-vpc-endpoints --filters "Name=vpc-id,Values=$VPC_ID" --query 'VpcEndpoints[].{Id:VpcEndpointId,Service:ServiceName,Type:VpcEndpointType}' --output table
+echo ""; echo "Tutorial complete."
+echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup
