Tutorials: networking-batch-19 (5 tutorials)

tuts/117-elastic-load-balancing-gs/README.md

@@ -0,0 +1,61 @@
+# ELB: Create an Application Load Balancer
+
+Create an Application Load Balancer with a security group, target group, and HTTP listener using the default VPC.
+
+## Source
+
+https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html
+
+## Use case
+
+- **ID**: elbv2/getting-started
+- **Level**: intermediate
+- **Core actions**: `elbv2:CreateLoadBalancer`, `elbv2:CreateListener`, `elbv2:CreateTargetGroup`
+
+## Steps
+
+1. Get VPC and subnets
+2. Create a security group
+3. Create a target group
+4. Create the Application Load Balancer
+5. Wait for ALB to be active
+6. Create an HTTP listener
+7. Describe the ALB
+
+## Resources created
+
+| Resource | Type |
+|----------|------|
+| `tut-alb-<random>` | Application Load Balancer |
+| `tut-tg-<random>` | Target group |
+| `tut-alb-sg-<random>` | Security group |
+| HTTP listener on port 80 | Listener |
+
+## Duration
+
+~121 seconds (most time spent waiting for ALB provisioning)
+
+## Cost
+
+~$0.02/hr while the ALB is running. Clean up promptly to avoid charges.
+
+## Related docs
+
+- [Getting started with Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html)
+- [Create an Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html)
+- [Target groups for ALBs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html)
+- [Elastic Load Balancing pricing](https://aws.amazon.com/elasticloadbalancing/pricing/)
+
+---
+
+## Appendix
+
+| Field | Value |
+|-------|-------|
+| Date | 2026-04-14 |
+| Script lines | 112 |
+| Exit code | 0 |
+| Runtime | 121s |
+| Steps | 7 |
+| Issues | None |
+| Version | v1 |

tuts/117-elastic-load-balancing-gs/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 117-elastic-load-balancing-gs
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/117-elastic-load-balancing-gs/elastic-load-balancing-gs.md

@@ -0,0 +1,142 @@
+# Create an Application Load Balancer with Elastic Load Balancing
+
+## Overview
+
+In this tutorial, you use the AWS CLI to create an Application Load Balancer (ALB) in your default VPC. You create a security group, target group, and HTTP listener, then verify the ALB is active. You then delete all resources during cleanup.
+
+## Prerequisites
+
+- AWS CLI installed and configured with appropriate permissions.
+- A default VPC with at least two subnets in different Availability Zones.
+- An IAM principal with permissions for `elbv2:CreateLoadBalancer`, `elbv2:CreateTargetGroup`, `elbv2:CreateListener`, `elbv2:DescribeLoadBalancers`, `elbv2:DeleteLoadBalancer`, `elbv2:DeleteTargetGroup`, `elbv2:DeleteListener`, `ec2:CreateSecurityGroup`, `ec2:AuthorizeSecurityGroupIngress`, `ec2:DeleteSecurityGroup`, `ec2:DescribeVpcs`, and `ec2:DescribeSubnets`.
+
+## Step 1: Get VPC and subnets
+
+Identify the default VPC and select two subnets for the ALB. An ALB requires subnets in at least two Availability Zones.
+
+```bash
+VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" \
+    --query 'Vpcs[0].VpcId' --output text)
+
+SUBNETS=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" \
+    --query 'Subnets[:2].SubnetId' --output text)
+SUBNET1=$(echo "$SUBNETS" | awk '{print $1}')
+SUBNET2=$(echo "$SUBNETS" | awk '{print $2}')
+echo "VPC: $VPC_ID  Subnets: $SUBNET1, $SUBNET2"
+```
+
+## Step 2: Create a security group
+
+Create a security group that allows inbound HTTP traffic on port 80.
+
+```bash
+RANDOM_ID=$(openssl rand -hex 4)
+
+SG_ID=$(aws ec2 create-security-group --group-name "tut-alb-sg-${RANDOM_ID}" \
+    --description "Tutorial ALB security group" --vpc-id "$VPC_ID" \
+    --query 'GroupId' --output text)
+
+aws ec2 authorize-security-group-ingress --group-id "$SG_ID" \
+    --protocol tcp --port 80 --cidr 0.0.0.0/0 > /dev/null
+echo "Security group: $SG_ID"
+```
+
+This rule allows HTTP traffic from any source. In production, restrict the CIDR to known IP ranges.
+
+## Step 3: Create a target group
+
+Create an IP-based target group. The ALB forwards traffic to targets registered in this group.
+
+```bash
+TG_NAME="tut-tg-${RANDOM_ID}"
+
+TG_ARN=$(aws elbv2 create-target-group --name "$TG_NAME" \
+    --protocol HTTP --port 80 --vpc-id "$VPC_ID" \
+    --target-type ip \
+    --query 'TargetGroups[0].TargetGroupArn' --output text)
+echo "Target group: $TG_ARN"
+```
+
+Target type `ip` lets you register IP addresses directly. Use `instance` to register EC2 instances by ID instead.
+
+## Step 4: Create the Application Load Balancer
+
+Create the ALB across the two subnets with the security group attached.
+
+```bash
+ALB_NAME="tut-alb-${RANDOM_ID}"
+
+ALB_ARN=$(aws elbv2 create-load-balancer --name "$ALB_NAME" \
+    --subnets $SUBNET1 $SUBNET2 \
+    --security-groups "$SG_ID" \
+    --query 'LoadBalancers[0].LoadBalancerArn' --output text)
+echo "ALB ARN: $ALB_ARN"
+```
+
+## Step 5: Wait for ALB to be active
+
+The ALB takes 1–2 minutes to provision. Wait for it to reach the `active` state.
+
+```bash
+aws elbv2 wait load-balancer-available --load-balancer-arns "$ALB_ARN"
+
+DNS_NAME=$(aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].DNSName' --output text)
+echo "DNS: $DNS_NAME"
+```
+
+The DNS name is publicly resolvable. Without registered targets, requests to this DNS return a 503 error.
+
+## Step 6: Create an HTTP listener
+
+Create a listener on port 80 that forwards traffic to the target group.
+
+```bash
+LISTENER_ARN=$(aws elbv2 create-listener --load-balancer-arn "$ALB_ARN" \
+    --protocol HTTP --port 80 \
+    --default-actions "Type=forward,TargetGroupArn=$TG_ARN" \
+    --query 'Listeners[0].ListenerArn' --output text)
+echo "Listener: $LISTENER_ARN"
+```
+
+The default action forwards all requests to the target group. You can add rules to route requests based on path or host header.
+
+## Step 7: Describe the ALB
+
+View the ALB configuration.
+
+```bash
+aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].{Name:LoadBalancerName,DNS:DNSName,State:State.Code,Type:Type}' \
+    --output table
+```
+
+## Cleanup
+
+Delete resources in reverse order. The ALB must be fully deleted before you can remove the target group.
+
+```bash
+aws elbv2 delete-listener --listener-arn "$LISTENER_ARN"
+aws elbv2 delete-load-balancer --load-balancer-arn "$ALB_ARN"
+
+echo "Waiting for ALB deletion..."
+aws elbv2 wait load-balancers-deleted --load-balancer-arns "$ALB_ARN"
+
+aws elbv2 delete-target-group --target-group-arn "$TG_ARN"
+aws ec2 delete-security-group --group-id "$SG_ID"
+```
+
+ALBs incur hourly charges (~$0.02/hr) plus data processing fees. Clean up promptly to avoid costs.
+
+The script automates all steps including cleanup:
+
+```bash
+bash elastic-load-balancing-gs.sh
+```
+
+## Related resources
+
+- [Getting started with Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html)
+- [Create an Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html)
+- [Target groups for ALBs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html)
+- [Elastic Load Balancing pricing](https://aws.amazon.com/elasticloadbalancing/pricing/)

tuts/117-elastic-load-balancing-gs/elastic-load-balancing-gs.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+# Tutorial: Create an Application Load Balancer
+# Source: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html
+
+WORK_DIR=$(mktemp -d)
+LOG_FILE="$WORK_DIR/elbv2-$(date +%Y%m%d-%H%M%S).log"
+exec > >(tee -a "$LOG_FILE") 2>&1
+
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null)}}
+if [ -z "$REGION" ]; then
+    echo "ERROR: No AWS region configured. Set one with: export AWS_DEFAULT_REGION=us-east-1"
+    exit 1
+fi
+export AWS_DEFAULT_REGION="$REGION"
+echo "Region: $REGION"
+
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
+ALB_NAME="tut-alb-${RANDOM_ID}"
+TG_NAME="tut-tg-${RANDOM_ID}"
+
+handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }
+trap 'handle_error $LINENO' ERR
+
+cleanup() {
+    echo ""
+    echo "Cleaning up resources..."
+    [ -n "$LISTENER_ARN" ] && aws elbv2 delete-listener --listener-arn "$LISTENER_ARN" 2>/dev/null && echo "  Deleted listener"
+    [ -n "$ALB_ARN" ] && aws elbv2 delete-load-balancer --load-balancer-arn "$ALB_ARN" 2>/dev/null && echo "  Deleted ALB $ALB_NAME"
+    # Wait for ALB to be deleted before deleting TG
+    if [ -n "$ALB_ARN" ]; then
+        echo "  Waiting for ALB deletion..."
+        aws elbv2 wait load-balancers-deleted --load-balancer-arns "$ALB_ARN" 2>/dev/null || sleep 30
+    fi
+    [ -n "$TG_ARN" ] && aws elbv2 delete-target-group --target-group-arn "$TG_ARN" 2>/dev/null && echo "  Deleted target group $TG_NAME"
+    [ -n "$SG_ID" ] && aws ec2 delete-security-group --group-id "$SG_ID" 2>/dev/null && echo "  Deleted security group $SG_ID"
+    rm -rf "$WORK_DIR"
+    echo "Cleanup complete."
+}
+
+# Step 1: Get VPC and subnets
+echo "Step 1: Getting VPC and subnets"
+VPC_ID=$(aws ec2 describe-vpcs --filters "Name=isDefault,Values=true" --query 'Vpcs[0].VpcId' --output text)
+SUBNETS=$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" \
+    --query 'Subnets[:2].SubnetId' --output text)
+SUBNET1=$(echo "$SUBNETS" | awk '{print $1}')
+SUBNET2=$(echo "$SUBNETS" | awk '{print $2}')
+echo "  VPC: $VPC_ID"
+echo "  Subnets: $SUBNET1, $SUBNET2"
+
+# Step 2: Create security group
+echo "Step 2: Creating security group"
+SG_ID=$(aws ec2 create-security-group --group-name "tut-alb-sg-${RANDOM_ID}" \
+    --description "Tutorial ALB security group" --vpc-id "$VPC_ID" \
+    --query 'GroupId' --output text)
+aws ec2 authorize-security-group-ingress --group-id "$SG_ID" \
+    --protocol tcp --port 80 --cidr 0.0.0.0/0 > /dev/null
+echo "  Security group: $SG_ID (port 80 open)"
+
+# Step 3: Create target group
+echo "Step 3: Creating target group: $TG_NAME"
+TG_ARN=$(aws elbv2 create-target-group --name "$TG_NAME" \
+    --protocol HTTP --port 80 --vpc-id "$VPC_ID" \
+    --target-type ip \
+    --query 'TargetGroups[0].TargetGroupArn' --output text)
+echo "  Target group ARN: $TG_ARN"
+
+# Step 4: Create ALB
+echo "Step 4: Creating Application Load Balancer: $ALB_NAME"
+ALB_ARN=$(aws elbv2 create-load-balancer --name "$ALB_NAME" \
+    --subnets $SUBNET1 $SUBNET2 \
+    --security-groups "$SG_ID" \
+    --query 'LoadBalancers[0].LoadBalancerArn' --output text)
+echo "  ALB ARN: $ALB_ARN"
+
+# Step 5: Wait for ALB to be active
+echo "Step 5: Waiting for ALB to be active..."
+aws elbv2 wait load-balancer-available --load-balancer-arns "$ALB_ARN"
+DNS_NAME=$(aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].DNSName' --output text)
+echo "  DNS: $DNS_NAME"
+
+# Step 6: Create listener
+echo "Step 6: Creating HTTP listener"
+LISTENER_ARN=$(aws elbv2 create-listener --load-balancer-arn "$ALB_ARN" \
+    --protocol HTTP --port 80 \
+    --default-actions "Type=forward,TargetGroupArn=$TG_ARN" \
+    --query 'Listeners[0].ListenerArn' --output text)
+echo "  Listener ARN: $LISTENER_ARN"
+
+# Step 7: Describe the ALB
+echo "Step 7: ALB details"
+aws elbv2 describe-load-balancers --load-balancer-arns "$ALB_ARN" \
+    --query 'LoadBalancers[0].{Name:LoadBalancerName,DNS:DNSName,State:State.Code,Type:Type}' --output table
+
+echo ""
+echo "Tutorial complete."
+echo "The ALB is running but has no targets registered."
+echo "Note: ALBs incur hourly charges (~\$0.02/hr). Clean up promptly."
+echo ""
+echo "Do you want to clean up all resources? (y/n): "
+read -r CHOICE
+if [[ "$CHOICE" =~ ^[Yy]$ ]]; then
+    cleanup
+else
+    echo "Resources left running. ALB charges ~\$0.02/hr."
+    echo "Manual cleanup:"
+    echo "  aws elbv2 delete-listener --listener-arn $LISTENER_ARN"
+    echo "  aws elbv2 delete-load-balancer --load-balancer-arn $ALB_ARN"
+    echo "  # Wait 1-2 minutes, then:"
+    echo "  aws elbv2 delete-target-group --target-group-arn $TG_ARN"
+    echo "  aws ec2 delete-security-group --group-id $SG_ID"
+fi

tuts/143-aws-transfer-gs/README.md

@@ -0,0 +1,37 @@
+# Aws Transfer Gs
+
+An AWS CLI tutorial that demonstrates Transfer operations.
+
+## Running
+
+```bash
+bash aws-transfer-gs.sh
+```
+
+To auto-run with cleanup:
+
+```bash
+echo 'y' | bash aws-transfer-gs.sh
+```
+
+## What it does
+
+1. Creating SFTP server
+2. Waiting for server...
+3. Server details
+4. Listing servers
+
+## Resources created
+
+- Server
+
+The script prompts you to clean up resources when it finishes.
+
+## Cost
+
+Free tier eligible for most operations. Clean up resources after use to avoid charges.
+
+## Related docs
+
+- [AWS CLI transfer reference](https://docs.aws.amazon.com/cli/latest/reference/transfer/index.html)
+

tuts/143-aws-transfer-gs/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 143-aws-transfer-gs
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+