diff --git a/tuts/160-ec2-security-groups/README.md b/tuts/160-ec2-security-groups/README.md new file mode 100644 index 00000000..5ea3bc23 --- /dev/null +++ b/tuts/160-ec2-security-groups/README.md @@ -0,0 +1,39 @@ +# Ec2 Security Groups + +An AWS CLI tutorial that demonstrates Ec2 operations. + +## Running + +```bash +bash ec2-security-groups.sh +``` + +To auto-run with cleanup: + +```bash +echo 'y' | bash ec2-security-groups.sh +``` + +## What it does + +1. Creating security group: $SG_NAME +2. Adding inbound rules +3. Describing rules +4. Adding a tag +5. Listing security groups + +## Resources created + +- Security Group +- Tags + +The script prompts you to clean up resources when it finishes. + +## Cost + +Free tier eligible for most operations. Clean up resources after use to avoid charges. + +## Related docs + +- [AWS CLI ec2 reference](https://docs.aws.amazon.com/cli/latest/reference/ec2/index.html) + diff --git a/tuts/160-ec2-security-groups/REVISION-HISTORY.md b/tuts/160-ec2-security-groups/REVISION-HISTORY.md new file mode 100644 index 00000000..27af4610 --- /dev/null +++ b/tuts/160-ec2-security-groups/REVISION-HISTORY.md @@ -0,0 +1,8 @@ +# Revision History: 160-ec2-security-groups + +## Shell (CLI script) + +### 2026-04-14 v1 published +- Type: functional +- Initial version + diff --git a/tuts/160-ec2-security-groups/ec2-security-groups.md b/tuts/160-ec2-security-groups/ec2-security-groups.md new file mode 100644 index 00000000..d53d0257 --- /dev/null +++ b/tuts/160-ec2-security-groups/ec2-security-groups.md @@ -0,0 +1,31 @@ +# Ec2 Security Groups + +## Prerequisites + +1. AWS CLI installed and configured (`aws configure`) +2. Appropriate IAM permissions for the AWS services used + +## Step 1: Creating security group: $SG_NAME + +The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands. + +## Step 2: Adding inbound rules + +The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands. + +## Step 3: Describing rules + +The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands. + +## Step 4: Adding a tag + +The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands. + +## Step 5: Listing security groups + +The script handles this step automatically. See `ec2-security-groups.sh` for the exact CLI commands. + +## Cleanup + +The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created. + diff --git a/tuts/160-ec2-security-groups/ec2-security-groups.sh b/tuts/160-ec2-security-groups/ec2-security-groups.sh new file mode 100644 index 00000000..784e6b3b --- /dev/null +++ b/tuts/160-ec2-security-groups/ec2-security-groups.sh @@ -0,0 +1,23 @@ +#!/bin/bash +WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/sg.log") 2>&1 +REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION" +RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); SG_NAME="tut-sg-${RANDOM_ID}" +VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" --query 'Vpcs[0].VpcId' --output text) +handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR +cleanup() { echo ""; echo "Cleaning up..."; [ -n "$SG_ID" ] && aws ec2 delete-security-group --group-id "$SG_ID" 2>/dev/null && echo " Deleted security group"; rm -rf "$WORK_DIR"; echo "Done."; } +echo "Step 1: Creating security group: $SG_NAME" +SG_ID=$(aws ec2 create-security-group --group-name "$SG_NAME" --description "Tutorial security group" --vpc-id "$VPC_ID" --query 'GroupId' --output text) +echo " SG ID: $SG_ID" +echo "Step 2: Adding inbound rules" +aws ec2 authorize-security-group-ingress --group-id "$SG_ID" --protocol tcp --port 22 --cidr 10.0.0.0/8 > /dev/null +aws ec2 authorize-security-group-ingress --group-id "$SG_ID" --protocol tcp --port 80 --cidr 0.0.0.0/0 > /dev/null +aws ec2 authorize-security-group-ingress --group-id "$SG_ID" --protocol tcp --port 443 --cidr 0.0.0.0/0 > /dev/null +echo " Added SSH (10.0.0.0/8), HTTP, HTTPS rules" +echo "Step 3: Describing rules" +aws ec2 describe-security-group-rules --filters "Name=group-id,Values=$SG_ID" --query 'SecurityGroupRules[?!IsEgress].{Port:FromPort,Protocol:IpProtocol,CIDR:CidrIpv4}' --output table +echo "Step 4: Adding a tag" +aws ec2 create-tags --resources "$SG_ID" --tags Key=Environment,Value=tutorial +echo "Step 5: Listing security groups" +aws ec2 describe-security-groups --group-ids "$SG_ID" --query 'SecurityGroups[0].{Name:GroupName,Id:GroupId,InboundRules:IpPermissions|length(@)}' --output table +echo ""; echo "Tutorial complete." +echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup diff --git a/tuts/161-lambda-environment-variables/README.md b/tuts/161-lambda-environment-variables/README.md new file mode 100644 index 00000000..a27e6707 --- /dev/null +++ b/tuts/161-lambda-environment-variables/README.md @@ -0,0 +1,39 @@ +# Lambda Env Vars + +An AWS CLI tutorial that demonstrates Iam operations. + +## Running + +```bash +bash lambda-env-vars.sh +``` + +To auto-run with cleanup: + +```bash +echo 'y' | bash lambda-env-vars.sh +``` + +## What it does + +1. Creating function with environment variables +2. Invoking function +3. Updating environment variables +4. Invoking with updated vars + +## Resources created + +- Function +- Role + +The script prompts you to clean up resources when it finishes. + +## Cost + +Free tier eligible for most operations. Clean up resources after use to avoid charges. + +## Related docs + +- [AWS CLI iam reference](https://docs.aws.amazon.com/cli/latest/reference/iam/index.html) +- [AWS CLI lambda reference](https://docs.aws.amazon.com/cli/latest/reference/lambda/index.html) + diff --git a/tuts/161-lambda-environment-variables/REVISION-HISTORY.md b/tuts/161-lambda-environment-variables/REVISION-HISTORY.md new file mode 100644 index 00000000..e3cff6cb --- /dev/null +++ b/tuts/161-lambda-environment-variables/REVISION-HISTORY.md @@ -0,0 +1,8 @@ +# Revision History: 161-lambda-environment-variables + +## Shell (CLI script) + +### 2026-04-14 v1 published +- Type: functional +- Initial version + diff --git a/tuts/161-lambda-environment-variables/lambda-env-vars.md b/tuts/161-lambda-environment-variables/lambda-env-vars.md new file mode 100644 index 00000000..ae738a5f --- /dev/null +++ b/tuts/161-lambda-environment-variables/lambda-env-vars.md @@ -0,0 +1,27 @@ +# Lambda Env Vars + +## Prerequisites + +1. AWS CLI installed and configured (`aws configure`) +2. Appropriate IAM permissions for the AWS services used + +## Step 1: Creating function with environment variables + +The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands. + +## Step 2: Invoking function + +The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands. + +## Step 3: Updating environment variables + +The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands. + +## Step 4: Invoking with updated vars + +The script handles this step automatically. See `lambda-env-vars.sh` for the exact CLI commands. + +## Cleanup + +The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created. + diff --git a/tuts/161-lambda-environment-variables/lambda-env-vars.sh b/tuts/161-lambda-environment-variables/lambda-env-vars.sh new file mode 100644 index 00000000..59190a38 --- /dev/null +++ b/tuts/161-lambda-environment-variables/lambda-env-vars.sh @@ -0,0 +1,28 @@ +#!/bin/bash +WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/lambda-env.log") 2>&1 +REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION" +RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); FUNC="tut-env-${RANDOM_ID}"; ROLE="lambda-env-role-${RANDOM_ID}" +handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR +cleanup() { echo ""; echo "Cleaning up..."; aws lambda delete-function --function-name "$FUNC" 2>/dev/null && echo " Deleted function"; aws iam detach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole 2>/dev/null; aws iam delete-role --role-name "$ROLE" 2>/dev/null && echo " Deleted role"; rm -rf "$WORK_DIR"; echo "Done."; } +ROLE_ARN=$(aws iam create-role --role-name "$ROLE" --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"},"Action":"sts:AssumeRole"}]}' --query 'Role.Arn' --output text) +aws iam attach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole; sleep 10 +echo "Step 1: Creating function with environment variables" +cat > "$WORK_DIR/index.py" << 'EOF' +import os +def handler(event, context): + return {k: os.environ.get(k, 'not set') for k in ['APP_ENV', 'DB_HOST', 'LOG_LEVEL', 'FEATURE_FLAG']} +EOF +(cd "$WORK_DIR" && zip func.zip index.py > /dev/null) +aws lambda create-function --function-name "$FUNC" --zip-file "fileb://$WORK_DIR/func.zip" --handler index.handler --runtime python3.12 --role "$ROLE_ARN" --environment 'Variables={APP_ENV=production,DB_HOST=db.example.com,LOG_LEVEL=INFO,FEATURE_FLAG=enabled}' --architectures x86_64 > /dev/null +aws lambda wait function-active-v2 --function-name "$FUNC" +echo "Step 2: Invoking function" +aws lambda invoke --function-name "$FUNC" --cli-binary-format raw-in-base64-out "$WORK_DIR/out.json" > /dev/null +cat "$WORK_DIR/out.json" | python3 -m json.tool +echo "Step 3: Updating environment variables" +aws lambda update-function-configuration --function-name "$FUNC" --environment 'Variables={APP_ENV=staging,DB_HOST=staging-db.example.com,LOG_LEVEL=DEBUG,FEATURE_FLAG=disabled}' --query 'Environment.Variables' --output table > /dev/null +aws lambda wait function-updated-v2 --function-name "$FUNC" +echo "Step 4: Invoking with updated vars" +aws lambda invoke --function-name "$FUNC" --cli-binary-format raw-in-base64-out "$WORK_DIR/out2.json" > /dev/null +cat "$WORK_DIR/out2.json" | python3 -m json.tool +echo ""; echo "Tutorial complete." +echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup diff --git a/tuts/166-lambda-aliases/README.md b/tuts/166-lambda-aliases/README.md new file mode 100644 index 00000000..4590f015 --- /dev/null +++ b/tuts/166-lambda-aliases/README.md @@ -0,0 +1,41 @@ +# Lambda Aliases + +An AWS CLI tutorial that demonstrates Iam operations. + +## Running + +```bash +bash lambda-aliases.sh +``` + +To auto-run with cleanup: + +```bash +echo 'y' | bash lambda-aliases.sh +``` + +## What it does + +1. Creating function (v1) +2. Creating alias pointing to v1 +3. Deploying v2 with canary +4. Invoking via alias (multiple times) +5. Shifting all traffic to v2 + +## Resources created + +- Alias +- Function +- Role + +The script prompts you to clean up resources when it finishes. + +## Cost + +Free tier eligible for most operations. Clean up resources after use to avoid charges. + +## Related docs + +- [AWS CLI iam reference](https://docs.aws.amazon.com/cli/latest/reference/iam/index.html) +- [AWS CLI lambda reference](https://docs.aws.amazon.com/cli/latest/reference/lambda/index.html) + diff --git a/tuts/166-lambda-aliases/REVISION-HISTORY.md b/tuts/166-lambda-aliases/REVISION-HISTORY.md new file mode 100644 index 00000000..7f08ab35 --- /dev/null +++ b/tuts/166-lambda-aliases/REVISION-HISTORY.md @@ -0,0 +1,8 @@ +# Revision History: 166-lambda-aliases + +## Shell (CLI script) + +### 2026-04-14 v1 published +- Type: functional +- Initial version + diff --git a/tuts/166-lambda-aliases/lambda-aliases.md b/tuts/166-lambda-aliases/lambda-aliases.md new file mode 100644 index 00000000..5c0a2195 --- /dev/null +++ b/tuts/166-lambda-aliases/lambda-aliases.md @@ -0,0 +1,31 @@ +# Lambda Aliases + +## Prerequisites + +1. AWS CLI installed and configured (`aws configure`) +2. Appropriate IAM permissions for the AWS services used + +## Step 1: Creating function (v1) + +The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands. + +## Step 2: Creating alias pointing to v1 + +The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands. + +## Step 3: Deploying v2 with canary + +The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands. + +## Step 4: Invoking via alias (multiple times) + +The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands. + +## Step 5: Shifting all traffic to v2 + +The script handles this step automatically. See `lambda-aliases.sh` for the exact CLI commands. + +## Cleanup + +The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created. + diff --git a/tuts/166-lambda-aliases/lambda-aliases.sh b/tuts/166-lambda-aliases/lambda-aliases.sh new file mode 100644 index 00000000..7b51e90b --- /dev/null +++ b/tuts/166-lambda-aliases/lambda-aliases.sh @@ -0,0 +1,36 @@ +#!/bin/bash +WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/alias.log") 2>&1 +REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION" +RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); FUNC="tut-alias-${RANDOM_ID}"; ROLE="lambda-alias-role-${RANDOM_ID}" +handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR +cleanup() { echo ""; echo "Cleaning up..."; aws lambda delete-alias --function-name "$FUNC" --name live 2>/dev/null; aws lambda delete-function --function-name "$FUNC" 2>/dev/null && echo " Deleted function"; aws iam detach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole 2>/dev/null; aws iam delete-role --role-name "$ROLE" 2>/dev/null && echo " Deleted role"; rm -rf "$WORK_DIR"; echo "Done."; } +ROLE_ARN=$(aws iam create-role --role-name "$ROLE" --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"},"Action":"sts:AssumeRole"}]}' --query 'Role.Arn' --output text) +aws iam attach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole; sleep 10 +echo "Step 1: Creating function (v1)" +cat > "$WORK_DIR/v1.py" << 'EOF' +def handler(event, context): return {"version": "1.0", "message": "Hello from v1"} +EOF +(cd "$WORK_DIR" && zip v1.zip v1.py > /dev/null) +aws lambda create-function --function-name "$FUNC" --zip-file "fileb://$WORK_DIR/v1.zip" --handler v1.handler --runtime python3.12 --role "$ROLE_ARN" --architectures x86_64 > /dev/null +aws lambda wait function-active-v2 --function-name "$FUNC" +V1=$(aws lambda publish-version --function-name "$FUNC" --query 'Version' --output text) +echo " Published version $V1" +echo "Step 2: Creating alias pointing to v1" +aws lambda create-alias --function-name "$FUNC" --name live --function-version "$V1" --query '{Alias:Name,Version:FunctionVersion}' --output table +echo "Step 3: Deploying v2 with canary" +cat > "$WORK_DIR/v2.py" << 'EOF' +def handler(event, context): return {"version": "2.0", "message": "Hello from v2"} +EOF +(cd "$WORK_DIR" && zip v2.zip v2.py > /dev/null) +aws lambda update-function-code --function-name "$FUNC" --zip-file "fileb://$WORK_DIR/v2.zip" > /dev/null +aws lambda wait function-updated-v2 --function-name "$FUNC" +V2=$(aws lambda publish-version --function-name "$FUNC" --query 'Version' --output text) +aws lambda update-alias --function-name "$FUNC" --name live --function-version "$V2" --routing-config "{\"AdditionalVersionWeights\":{\"$V1\":0.1}}" > /dev/null +echo " Alias 'live' → v2 (90%) + v1 (10%)" +echo "Step 4: Invoking via alias (multiple times)" +for i in $(seq 1 5); do aws lambda invoke --function-name "$FUNC" --qualifier live --cli-binary-format raw-in-base64-out "$WORK_DIR/out.json" > /dev/null; echo " $(cat $WORK_DIR/out.json)"; done +echo "Step 5: Shifting all traffic to v2" +aws lambda update-alias --function-name "$FUNC" --name live --function-version "$V2" --routing-config '{}' > /dev/null +echo " Alias 'live' → v2 (100%)" +echo ""; echo "Tutorial complete." +echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup diff --git a/tuts/169-ec2-key-pairs/README.md b/tuts/169-ec2-key-pairs/README.md new file mode 100644 index 00000000..a5017968 --- /dev/null +++ b/tuts/169-ec2-key-pairs/README.md @@ -0,0 +1,37 @@ +# Ec2 Keypairs + +An AWS CLI tutorial that demonstrates Ec2 operations. + +## Running + +```bash +bash ec2-keypairs.sh +``` + +To auto-run with cleanup: + +```bash +echo 'y' | bash ec2-keypairs.sh +``` + +## What it does + +1. Creating RSA key pair +2. Creating ED25519 key pair +3. Describing key pairs +4. Listing all tutorial key pairs + +## Resources created + +- Key Pair + +The script prompts you to clean up resources when it finishes. + +## Cost + +Free tier eligible for most operations. Clean up resources after use to avoid charges. + +## Related docs + +- [AWS CLI ec2 reference](https://docs.aws.amazon.com/cli/latest/reference/ec2/index.html) + diff --git a/tuts/169-ec2-key-pairs/REVISION-HISTORY.md b/tuts/169-ec2-key-pairs/REVISION-HISTORY.md new file mode 100644 index 00000000..480153e2 --- /dev/null +++ b/tuts/169-ec2-key-pairs/REVISION-HISTORY.md @@ -0,0 +1,8 @@ +# Revision History: 169-ec2-key-pairs + +## Shell (CLI script) + +### 2026-04-14 v1 published +- Type: functional +- Initial version + diff --git a/tuts/169-ec2-key-pairs/ec2-keypairs.md b/tuts/169-ec2-key-pairs/ec2-keypairs.md new file mode 100644 index 00000000..c45295a9 --- /dev/null +++ b/tuts/169-ec2-key-pairs/ec2-keypairs.md @@ -0,0 +1,27 @@ +# Ec2 Keypairs + +## Prerequisites + +1. AWS CLI installed and configured (`aws configure`) +2. Appropriate IAM permissions for the AWS services used + +## Step 1: Creating RSA key pair + +The script handles this step automatically. See `ec2-keypairs.sh` for the exact CLI commands. + +## Step 2: Creating ED25519 key pair + +The script handles this step automatically. See `ec2-keypairs.sh` for the exact CLI commands. + +## Step 3: Describing key pairs + +The script handles this step automatically. See `ec2-keypairs.sh` for the exact CLI commands. + +## Step 4: Listing all tutorial key pairs + +The script handles this step automatically. See `ec2-keypairs.sh` for the exact CLI commands. + +## Cleanup + +The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created. + diff --git a/tuts/169-ec2-key-pairs/ec2-keypairs.sh b/tuts/169-ec2-key-pairs/ec2-keypairs.sh new file mode 100644 index 00000000..cb651683 --- /dev/null +++ b/tuts/169-ec2-key-pairs/ec2-keypairs.sh @@ -0,0 +1,18 @@ +#!/bin/bash +WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/kp.log") 2>&1 +REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION" +RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); KEY1="tut-key-${RANDOM_ID}-rsa"; KEY2="tut-key-${RANDOM_ID}-ed25519" +handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR +cleanup() { echo ""; echo "Cleaning up..."; aws ec2 delete-key-pair --key-name "$KEY1" 2>/dev/null && echo " Deleted $KEY1"; aws ec2 delete-key-pair --key-name "$KEY2" 2>/dev/null && echo " Deleted $KEY2"; rm -rf "$WORK_DIR"; echo "Done."; } +echo "Step 1: Creating RSA key pair" +aws ec2 create-key-pair --key-name "$KEY1" --key-type rsa --query 'KeyFingerprint' --output text > /dev/null +echo " Created $KEY1 (RSA)" +echo "Step 2: Creating ED25519 key pair" +aws ec2 create-key-pair --key-name "$KEY2" --key-type ed25519 --query 'KeyFingerprint' --output text > /dev/null +echo " Created $KEY2 (ED25519)" +echo "Step 3: Describing key pairs" +aws ec2 describe-key-pairs --key-names "$KEY1" "$KEY2" --query 'KeyPairs[].{Name:KeyName,Type:KeyType,Fingerprint:KeyFingerprint}' --output table +echo "Step 4: Listing all tutorial key pairs" +aws ec2 describe-key-pairs --filters "Name=key-name,Values=tut-key-*" --query 'KeyPairs[].{Name:KeyName,Type:KeyType}' --output table +echo ""; echo "Tutorial complete." +echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup diff --git a/tuts/170-lambda-function-urls/README.md b/tuts/170-lambda-function-urls/README.md new file mode 100644 index 00000000..aa80ce3c --- /dev/null +++ b/tuts/170-lambda-function-urls/README.md @@ -0,0 +1,40 @@ +# Lambda Urls + +An AWS CLI tutorial that demonstrates Iam operations. + +## Running + +```bash +bash lambda-urls.sh +``` + +To auto-run with cleanup: + +```bash +echo 'y' | bash lambda-urls.sh +``` + +## What it does + +1. Creating function +2. Creating function URL +3. Testing the URL +4. Getting URL config + +## Resources created + +- Function +- Function Url Config +- Role + +The script prompts you to clean up resources when it finishes. + +## Cost + +Free tier eligible for most operations. Clean up resources after use to avoid charges. + +## Related docs + +- [AWS CLI iam reference](https://docs.aws.amazon.com/cli/latest/reference/iam/index.html) +- [AWS CLI lambda reference](https://docs.aws.amazon.com/cli/latest/reference/lambda/index.html) + diff --git a/tuts/170-lambda-function-urls/REVISION-HISTORY.md b/tuts/170-lambda-function-urls/REVISION-HISTORY.md new file mode 100644 index 00000000..c190feb9 --- /dev/null +++ b/tuts/170-lambda-function-urls/REVISION-HISTORY.md @@ -0,0 +1,8 @@ +# Revision History: 170-lambda-function-urls + +## Shell (CLI script) + +### 2026-04-14 v1 published +- Type: functional +- Initial version + diff --git a/tuts/170-lambda-function-urls/lambda-urls.md b/tuts/170-lambda-function-urls/lambda-urls.md new file mode 100644 index 00000000..d2aed1a0 --- /dev/null +++ b/tuts/170-lambda-function-urls/lambda-urls.md @@ -0,0 +1,27 @@ +# Lambda Urls + +## Prerequisites + +1. AWS CLI installed and configured (`aws configure`) +2. Appropriate IAM permissions for the AWS services used + +## Step 1: Creating function + +The script handles this step automatically. See `lambda-urls.sh` for the exact CLI commands. + +## Step 2: Creating function URL + +The script handles this step automatically. See `lambda-urls.sh` for the exact CLI commands. + +## Step 3: Testing the URL + +The script handles this step automatically. See `lambda-urls.sh` for the exact CLI commands. + +## Step 4: Getting URL config + +The script handles this step automatically. See `lambda-urls.sh` for the exact CLI commands. + +## Cleanup + +The script prompts you to clean up all created resources. If you need to clean up manually, check the script log for the resource names that were created. + diff --git a/tuts/170-lambda-function-urls/lambda-urls.sh b/tuts/170-lambda-function-urls/lambda-urls.sh new file mode 100644 index 00000000..2a440c18 --- /dev/null +++ b/tuts/170-lambda-function-urls/lambda-urls.sh @@ -0,0 +1,26 @@ +#!/bin/bash +WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/url.log") 2>&1 +REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION" +RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); FUNC="tut-url-${RANDOM_ID}"; ROLE="lambda-url-role-${RANDOM_ID}" +handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR +cleanup() { echo ""; echo "Cleaning up..."; aws lambda delete-function-url-config --function-name "$FUNC" 2>/dev/null; aws lambda delete-function --function-name "$FUNC" 2>/dev/null && echo " Deleted function"; aws iam detach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole 2>/dev/null; aws iam delete-role --role-name "$ROLE" 2>/dev/null && echo " Deleted role"; rm -rf "$WORK_DIR"; echo "Done."; } +ROLE_ARN=$(aws iam create-role --role-name "$ROLE" --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"},"Action":"sts:AssumeRole"}]}' --query 'Role.Arn' --output text) +aws iam attach-role-policy --role-name "$ROLE" --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole; sleep 10 +echo "Step 1: Creating function" +cat > "$WORK_DIR/index.mjs" << 'EOF' +export const handler = async (event) => ({statusCode: 200, body: JSON.stringify({message: "Hello from Lambda URL!", method: event.requestContext?.http?.method, path: event.rawPath})}); +EOF +(cd "$WORK_DIR" && zip func.zip index.mjs > /dev/null) +aws lambda create-function --function-name "$FUNC" --zip-file "fileb://$WORK_DIR/func.zip" --handler index.handler --runtime nodejs22.x --role "$ROLE_ARN" --architectures x86_64 > /dev/null +aws lambda wait function-active-v2 --function-name "$FUNC" +echo "Step 2: Creating function URL" +FUNC_URL=$(aws lambda create-function-url-config --function-name "$FUNC" --auth-type NONE --query 'FunctionUrl' --output text) +aws lambda add-permission --function-name "$FUNC" --statement-id url-invoke --action lambda:InvokeFunctionUrl --principal "*" --function-url-auth-type NONE > /dev/null +echo " URL: $FUNC_URL" +echo "Step 3: Testing the URL" +sleep 2 +curl -s --max-time 10 "$FUNC_URL" | python3 -m json.tool +echo "Step 4: Getting URL config" +aws lambda get-function-url-config --function-name "$FUNC" --query '{URL:FunctionUrl,Auth:AuthType,CORS:Cors}' --output table +echo ""; echo "Tutorial complete." +echo "Do you want to clean up? (y/n): "; read -r CHOICE; [[ "$CHOICE" =~ ^[Yy]$ ]] && cleanup