### DynamoDB Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_dynamodb_code_examples.html A comprehensive Bash script for the DynamoDB Getting Started Tutorial. It demonstrates creating, writing, reading, updating, querying, and deleting a DynamoDB table. Includes setup for logging and error checking. ```bash #!/bin/bash # DynamoDB Getting Started Tutorial Script # This script demonstrates basic operations with Amazon DynamoDB: # - Creating a table # - Writing data to the table # - Reading data from the table # - Updating data in the table # - Querying data in the table # - Deleting the table (cleanup) set -uo pipefail # Set up logging with secure permissions LOG_DIR="${XDG_STATE_HOME:-.}/dynamodb-tutorial-logs" mkdir -p "$LOG_DIR" LOG_FILE="$LOG_DIR/dynamodb-tutorial-$(date +%Y%m%d-%H%M%S).log" chmod 700 "$LOG_DIR" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting DynamoDB Getting Started Tutorial at $(date)" echo "Logging to $LOG_FILE" # Validate AWS CLI is configured if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed or not in PATH" exit 1 fi # Check AWS credentials are available if ! aws sts get-caller-identity &> /dev/null; then echo "ERROR: AWS credentials not configured or invalid" exit 1 fi # Function to check for errors in command output check_error() { local output=$1 local cmd_name=$2 if echo "$output" | grep -qi "error\|failed"; then echo "ERROR detected in $cmd_name command:" >&2 echo "$output" >&2 return 1 fi return 0 } # Function to wait for table to be in ACTIVE state wait_for_table_active() { local table_name=$1 local max_attempts=60 local attempt=0 local status="" echo "Waiting for table $table_name to become ACTIVE..." while [[ "$status" != "ACTIVE" && $attempt -lt $max_attempts ]]; do sleep 5 status=$(aws dynamodb describe-table --table-name "$table_name" --query "Table.TableStatus" --output text 2>/dev/null || echo "UNKNOWN") echo "Current status: $status" ((attempt++)) done if [[ "$status" != "ACTIVE" ]]; then echo "ERROR: Table $table_name did not become ACTIVE within timeout period" >&2 return 1 fi echo "Table $table_name is now ACTIVE" return 0 } # Track created resources for cleanup declare -a RESOURCES=() ``` -------------------------------- ### EMR Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_emr_code_examples.html This script automates the setup, execution, and cleanup of the Amazon EMR Getting Started tutorial. It includes error handling, logging, and resource management for S3 buckets and EMR clusters. ```bash #!/bin/bash # EMR Getting Started Tutorial Script # This script automates the steps in the Amazon EMR Getting Started tutorial set -euo pipefail # Security: Set strict mode and trap errors trap 'handle_error "Script interrupted or command failed"' ERR # Set up logging with secure permissions LOG_FILE="emr-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Amazon EMR Getting Started Tutorial Script" echo "Logging to $LOG_FILE" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created so far:" if [ -n "${BUCKET_NAME:-}" ]; then echo "- S3 Bucket: $BUCKET_NAME"; fi if [ -n "${CLUSTER_ID:-}" ]; then echo "- EMR Cluster: $CLUSTER_ID"; fi echo "Attempting to clean up resources..." cleanup exit 1 } # Function to clean up resources cleanup() { echo "" echo "===========================================" echo "CLEANUP IN PROGRESS" echo "===========================================" echo "Starting cleanup process..." # Terminate EMR cluster if it exists if [ -n "${CLUSTER_ID:-}" ]; then echo "Terminating EMR cluster: $CLUSTER_ID" aws emr terminate-clusters --cluster-ids "$CLUSTER_ID" 2>/dev/null || true echo "Waiting for cluster to terminate..." aws emr wait cluster-terminated --cluster-id "$CLUSTER_ID" 2>/dev/null || true echo "Cluster terminated successfully." fi # Delete S3 bucket and contents if it exists and is not shared if [ -n "${BUCKET_NAME:-}" ] && [ "${BUCKET_IS_SHARED:-false}" != "true" ]; then echo "Deleting S3 bucket contents: $BUCKET_NAME" aws s3 rm "s3://$BUCKET_NAME" --recursive 2>/dev/null || true echo "Deleting S3 bucket: $BUCKET_NAME" aws s3 rb "s3://$BUCKET_NAME" 2>/dev/null || true fi # Remove temporary key pair file if created by this script if [ -f "${KEY_NAME_FILE:-}" ]; then rm -f "$KEY_NAME_FILE" echo "Removed temporary key pair file." fi echo "Cleanup completed." } # Validate AWS CLI is installed and configured if ! command -v aws &> /dev/null; then handle_error "AWS CLI is not installed" fi # Test AWS credentials if ! aws sts get-caller-identity > /dev/null 2>&1; then handle_error "AWS credentials are not configured or invalid" fi # Generate a random identifier for S3 bucket RANDOM_ID=$(openssl rand -hex 6) # Check for shared prereq bucket PREREQ_BUCKET=$(aws cloudformation describe-stacks --stack-name tutorial-prereqs-bucket --query 'Stacks[0].Outputs[?OutputKey==`BucketName`].OutputValue' --output text 2>/dev/null || true) if [ -n "$PREREQ_BUCKET" ] && [ "$PREREQ_BUCKET" != "None" ]; then BUCKET_NAME="$PREREQ_BUCKET" BUCKET_IS_SHARED=true echo "Using shared bucket: $BUCKET_NAME" else BUCKET_IS_SHARED=false BUCKET_NAME="emr-${RANDOM_ID}" fi echo "Using bucket name: $BUCKET_NAME" # Create S3 bucket with security best practices echo "Creating S3 bucket: $BUCKET_NAME" aws s3 mb "s3://$BUCKET_NAME" --region "${AWS_REGION:-us-east-1}" || handle_error "Failed to create S3 bucket" # Tag the bucket aws s3api put-bucket-tagging --bucket "$BUCKET_NAME" \ --tagging 'TagSet=[{Key=project,Value=doc-smith},{Key=tutorial,Value=emr-gs}]' # Enable bucket versioning for safety aws s3api put-bucket-versioning --bucket "$BUCKET_NAME" --versioning-configuration Status=Enabled || true # Block public access to bucket aws s3api put-public-access-block --bucket "$BUCKET_NAME" \ --public-access-block-configuration \ "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" || true # Enable encryption on bucket aws s3api put-bucket-encryption --bucket "$BUCKET_NAME" \ --server-side-encryption-configuration '{ "Rules": [ { "ApplyServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }' || true echo "S3 bucket created successfully with security best practices." ``` -------------------------------- ### Amazon MSK Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_kafka_code_examples.html This Bash script automates the Amazon MSK Getting Started tutorial. It handles cluster creation, IAM permissions, client machine setup, and resource cleanup. It includes error handling and logging. ```bash #!/bin/bash # Amazon MSK Getting Started Tutorial Script - Version 8 # This script automates the steps in the Amazon MSK Getting Started tutorial # It creates an MSK cluster, sets up IAM permissions, creates a client machine, # and configures the client to interact with the cluster # Set up logging LOG_FILE="msk_tutorial_$(date +%Y%m%d_%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Amazon MSK Getting Started Tutorial Script - Version 8" echo "Logging to $LOG_FILE" echo "==============================================" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created so far:" if [ -n "$CLUSTER_ARN" ]; then echo "- MSK Cluster: $CLUSTER_ARN"; fi if [ -n "$POLICY_ARN" ]; then echo "- IAM Policy: $POLICY_ARN"; fi if [ -n "$ROLE_NAME" ]; then echo "- IAM Role: $ROLE_NAME"; fi if [ -n "$INSTANCE_PROFILE_NAME" ]; then echo "- IAM Instance Profile: $INSTANCE_PROFILE_NAME"; fi if [ -n "$CLIENT_SG_ID" ]; then echo "- Client Security Group: $CLIENT_SG_ID"; fi if [ -n "$INSTANCE_ID" ]; then echo "- EC2 Instance: $INSTANCE_ID"; fi if [ -n "$KEY_NAME" ]; then echo "- Key Pair: $KEY_NAME"; fi echo "Attempting to clean up resources..." cleanup_resources exit 1 } ``` -------------------------------- ### EMR Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_ec2_code_examples.html This script automates the setup and cleanup for the Amazon EMR Getting Started tutorial. It includes error handling, logging, S3 bucket creation with security best practices, and EMR cluster termination. ```bash #!/bin/bash # EMR Getting Started Tutorial Script # This script automates the steps in the Amazon EMR Getting Started tutorial set -euo pipefail # Security: Set strict mode and trap errors trap 'handle_error "Script interrupted or command failed"' ERR # Set up logging with secure permissions LOG_FILE="emr-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Amazon EMR Getting Started Tutorial Script" echo "Logging to $LOG_FILE" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created so far:" if [ -n "${BUCKET_NAME:-}" ]; then echo "- S3 Bucket: $BUCKET_NAME"; fi if [ -n "${CLUSTER_ID:-}" ]; then echo "- EMR Cluster: $CLUSTER_ID"; fi echo "Attempting to clean up resources..." cleanup exit 1 } # Function to clean up resources cleanup() { echo "" echo "===========================================" echo "CLEANUP IN PROGRESS" echo "===========================================" echo "Starting cleanup process..." # Terminate EMR cluster if it exists if [ -n "${CLUSTER_ID:-}" ]; then echo "Terminating EMR cluster: $CLUSTER_ID" aws emr terminate-clusters --cluster-ids "$CLUSTER_ID" 2>/dev/null || true echo "Waiting for cluster to terminate..." aws emr wait cluster-terminated --cluster-id "$CLUSTER_ID" 2>/dev/null || true echo "Cluster terminated successfully." fi # Delete S3 bucket and contents if it exists and is not shared if [ -n "${BUCKET_NAME:-}" ] && [ "${BUCKET_IS_SHARED:-false}" != "true" ]; then echo "Deleting S3 bucket contents: $BUCKET_NAME" aws s3 rm "s3://$BUCKET_NAME" --recursive 2>/dev/null || true echo "Deleting S3 bucket: $BUCKET_NAME" aws s3 rb "s3://$BUCKET_NAME" 2>/dev/null || true fi # Remove temporary key pair file if created by this script if [ -f "${KEY_NAME_FILE:-}" ]; then rm -f "$KEY_NAME_FILE" echo "Removed temporary key pair file." fi echo "Cleanup completed." } # Validate AWS CLI is installed and configured if ! command -v aws &> /dev/null; then handle_error "AWS CLI is not installed" fi # Test AWS credentials if ! aws sts get-caller-identity > /dev/null 2>&1; then handle_error "AWS credentials are not configured or invalid" fi # Generate a random identifier for S3 bucket RANDOM_ID=$(openssl rand -hex 6) # Check for shared prereq bucket PREREQ_BUCKET=$(aws cloudformation describe-stacks --stack-name tutorial-prereqs-bucket --query 'Stacks[0].Outputs[?OutputKey==`BucketName`].OutputValue' --output text 2>/dev/null || true) if [ -n "$PREREQ_BUCKET" ] && [ "$PREREQ_BUCKET" != "None" ]; then BUCKET_NAME="$PREREQ_BUCKET" BUCKET_IS_SHARED=true echo "Using shared bucket: $BUCKET_NAME" else BUCKET_IS_SHARED=false BUCKET_NAME="emr-${RANDOM_ID}" fi echo "Using bucket name: $BUCKET_NAME" # Create S3 bucket with security best practices echo "Creating S3 bucket: $BUCKET_NAME" aws s3 mb "s3://$BUCKET_NAME" --region "${AWS_REGION:-us-east-1}" || handle_error "Failed to create S3 bucket" # Tag the bucket aws s3api put-bucket-tagging --bucket "$BUCKET_NAME" \ --tagging 'TagSet=[{Key=project,Value=doc-smith},{Key=tutorial,Value=emr-gs}]' # Enable bucket versioning for safety aws s3api put-bucket-versioning --bucket "$BUCKET_NAME" --versioning-configuration Status=Enabled || true # Block public access to bucket aws s3api put-public-access-block --bucket "$BUCKET_NAME" \ --public-access-block-configuration \ "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" || true # Enable encryption on bucket aws s3api put-bucket-encryption --bucket "$BUCKET_NAME" \ --server-side-encryption-configuration '{ "Rules": [{ "ApplyServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } }] }' || true echo "S3 bucket created successfully with security best practices." ``` -------------------------------- ### AWS Marketplace Buyer Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_ec2_code_examples.html This Bash script guides users through AWS Marketplace, demonstrating how to search for products, launch an EC2 instance with a product AMI, and manage subscriptions. It includes setup for logging and validation of AWS CLI and jq installation. ```bash #!/bin/bash # AWS Marketplace Buyer Getting Started Script # This script demonstrates how to search for products in AWS Marketplace, # launch an EC2 instance with a product AMI, and manage subscriptions. set -euo pipefail # Setup logging with secure permissions LOG_FILE="marketplace-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "===================================================" echo "AWS Marketplace Buyer Getting Started Tutorial" echo "===================================================" echo "This script will:" echo "1. List available products in AWS Marketplace" echo "2. Create resources needed to launch an EC2 instance" echo "3. Launch an EC2 instance with an Amazon Linux 2 AMI" echo "4. Show how to manage and terminate the instance" echo "===================================================" echo "" # Validate AWS CLI is installed and configured if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed. Please install it first." exit 1 fi # Verify AWS credentials are configured if ! aws sts get-caller-identity &> /dev/null; then echo "ERROR: AWS credentials are not configured. Please configure them first." exit 1 fi # Validate jq is installed if ! command -v jq &> /dev/null; then echo "ERROR: jq is not installed. Please install jq for safe JSON parsing." exit 1 fi # Function to safely extract JSON values using jq extract_json_value() { local json=$1 local query=$2 echo "$json" | jq -r "$query" 2>/dev/null || { echo "ERROR: Failed to parse JSON with query: $query" >&2 return 1 } } # Function to validate AWS permissions validate_aws_permissions() { echo "Validating AWS permissions..." local identity identity=$(aws sts get-caller-identity --output json) local account_id account_id=$(extract_json_value "$identity" '.Account') || return 1 local arn arn=$(extract_json_value "$identity" '.Arn') || return 1 echo "AWS Account ID: $account_id" echo "AWS Principal ARN: $arn" echo "Note: This script requires EC2 permissions for key pair, security group, and instance management." echo "" } ``` -------------------------------- ### DynamoDB Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_dynamodb_code_examples.html A comprehensive Bash script for the DynamoDB Getting Started Tutorial. It demonstrates creating a table, writing, reading, updating, querying data, and cleaning up resources. Includes error checking and logging. ```bash #!/bin/bash # DynamoDB Getting Started Tutorial Script # This script demonstrates basic operations with Amazon DynamoDB: # - Creating a table # - Writing data to the table # - Reading data from the table # - Updating data in the table # - Querying data in the table # - Deleting the table (cleanup) set -uo pipefail # Set up logging with secure permissions LOG_DIR="${XDG_STATE_HOME:-.}/dynamodb-tutorial-logs" mkdir -p "$LOG_DIR" LOG_FILE="$LOG_DIR/dynamodb-tutorial-$(date +%Y%m%d-%H%M%S).log" chmod 700 "$LOG_DIR" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting DynamoDB Getting Started Tutorial at $(date)" echo "Logging to $LOG_FILE" # Validate AWS CLI is configured if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed or not in PATH" exit 1 fi # Check AWS credentials are available if ! aws sts get-caller-identity &> /dev/null; then echo "ERROR: AWS credentials not configured or invalid" exit 1 fi # Function to check for errors in command output check_error() { local output=$1 local cmd_name=$2 if echo "$output" | grep -qi "error\|failed"; then echo "ERROR detected in $cmd_name command:" >&2 echo "$output" >&2 return 1 fi return 0 } # Function to wait for table to be in ACTIVE state wait_for_table_active() { local table_name=$1 local max_attempts=60 local attempt=0 local status="" echo "Waiting for table $table_name to become ACTIVE..." while [[ "$status" != "ACTIVE" && $attempt -lt $max_attempts ]]; do sleep 5 status=$(aws dynamodb describe-table --table-name "$table_name" --query "Table.TableStatus" --output text 2>/dev/null || echo "UNKNOWN") echo "Current status: $status" ((attempt++)) done if [[ "$status" != "ACTIVE" ]]; then echo "ERROR: Table $table_name did not become ACTIVE within timeout period" >&2 return 1 fi echo "Table $table_name is now ACTIVE" return 0 } # Track created resources for cleanup declare -a RESOURCES=() ``` -------------------------------- ### AWS Marketplace Buyer Getting Started Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_ec2_code_examples.html This is a placeholder script for the AWS Marketplace Buyer Getting Started guide. It indicates the intention to demonstrate searching for products in AWS Marketplace. ```bash #!/bin/bash # AWS Marketplace Buyer Getting Started Script # This script demonstrates how to search for products in AWS Marketplace, ``` -------------------------------- ### Get Started with EC2 Instances Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_ec2_code_examples.html Runs an interactive scenario to demonstrate getting started with EC2 instances. Requires EC2 access permissions. ```Bash #!/bin/bash ############################################################################### # function get_started_with_ec2_instances # # Runs an interactive scenario that shows how to get started using EC2 instances. # # "EC2 access" permissions are needed to run this code. # # Returns: # 0 - If successful. ############################################################################### function get_started_with_ec2_instances() { # Placeholder for the actual script logic echo "Running interactive EC2 instance scenario..." return 0 } # Example of how to call the function: # get_started_with_ec2_instances ``` -------------------------------- ### AWS Batch Fargate Getting Started Script (Bash) Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_batch_code_examples.html This script demonstrates creating AWS Batch resources with Fargate orchestration. It includes configuration, logging, error handling, and resource cleanup for a secure setup. ```bash #!/bin/bash # AWS Batch Fargate Getting Started Script - Security Hardened Version # This script demonstrates creating AWS Batch resources with Fargate orchestration # set -euo pipefail # Exit on any error, undefined variables, and pipe failures # Configuration SCRIPT_NAME="batch-fargate-tutorial" LOG_FILE="${SCRIPT_NAME}-$(date +%Y%m%d-%H%M%S).log" RANDOM_SUFFIX=$(openssl rand -hex 6) COMPUTE_ENV_NAME="batch-fargate-compute-${RANDOM_SUFFIX}" JOB_QUEUE_NAME="batch-fargate-queue-${RANDOM_SUFFIX}" JOB_DEF_NAME="batch-fargate-jobdef-${RANDOM_SUFFIX}" JOB_NAME="batch-hello-world-${RANDOM_SUFFIX}" ROLE_NAME="BatchEcsTaskExecutionRole-${RANDOM_SUFFIX}" TRUST_POLICY_FILE="batch-trust-policy-${RANDOM_SUFFIX}.json" # Security: Set restrictive umask umask 0077 # Array to track created resources for cleanup CREATED_RESOURCES=() # Logging function with sanitization log() { local message="${1//[$'\t\r\n']/}" echo "[$(date '+%Y-%m-%d %H:%M:%S')] ${message}" | tee -a "${LOG_FILE}" } # Error handling function handle_error() { log "ERROR: Script failed at line $1" log "Attempting to clean up resources created so far..." cleanup_resources exit 1 } # Set up error handling trap 'handle_error ${LINENO}' ERR ``` -------------------------------- ### CloudFront Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_cloudfront_code_examples.html This Bash script automates the creation of an S3 bucket, uploads sample content, sets up a CloudFront distribution with Origin Access Control (OAC), and includes error handling and cleanup functions. It's designed for a getting started tutorial. ```bash #!/bin/bash # CloudFront Getting Started Tutorial Script # This script creates an S3 bucket, uploads sample content, creates a CloudFront distribution with OAC, # and demonstrates how to access content through CloudFront. set -euo pipefail # Set up logging LOG_FILE="cloudfront-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting CloudFront Getting Started Tutorial at $(date)" # Function to handle errors handle_error() { echo "ERROR: $1" >&2 echo "Resources created before error:" if [ -n "${BUCKET_NAME:-}" ]; then echo "- S3 Bucket: $BUCKET_NAME" fi if [ -n "${OAC_ID:-}" ]; then echo "- CloudFront Origin Access Control: $OAC_ID" fi if [ -n "${DISTRIBUTION_ID:-}" ]; then echo "- CloudFront Distribution: $DISTRIBUTION_ID" fi echo "Attempting to clean up resources..." cleanup exit 1 } ``` -------------------------------- ### EMR Getting Started Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_emr_code_examples.html This Bash script automates the steps in the Amazon EMR Getting Started tutorial. It includes error handling and logging. ```bash #!/bin/bash # EMR Getting Started Tutorial Script # This script automates the steps in the Amazon EMR Getting Started tutorial set -euo pipefail # Security: Set strict mode and trap errors trap 'handle_error "Script interrupted or command failed"' ERR # Set up logging with secure permissions LOG_FILE="emr-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Amazon EMR Getting Started Tutorial Script" echo "Logging to $LOG_FILE" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created so far:" if [ -n "${BUCKET_NAME:-}" ]; then echo "- S3 Bucket: $BUCKET_NAME"; fi if [ -n "${CLUSTER_ID:-}" ]; then echo "- EMR Cluster: $CLUSTER_ID"; fi echo "Attempting to clean up resources..." cleanup exit 1 } ``` -------------------------------- ### Connect and Setup Kafka Client Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_kafka_code_examples.html These commands guide you through connecting to an EC2 instance, uploading a setup script, and sourcing environment variables for Kafka client operations. ```bash echo "NEXT STEPS:" echo "1. Connect to your EC2 instance:" echo " ssh -i $KEY_FILE ec2-user@$CLIENT_DNS" echo "" echo "2. Upload the setup script to your instance:" echo " scp -i $KEY_FILE setup_client.sh ec2-user@$CLIENT_DNS:~/ " echo "3. Run the setup script on your instance:" echo " ssh -i $KEY_FILE ec2-user@$CLIENT_DNS 'chmod +x ~/setup_client.sh && ~/setup_client.sh'" echo "" echo "4. Source the environment setup script:" echo " source ~/setup_env.sh" echo "" ``` -------------------------------- ### Initialize Logging and Setup Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_cloudwatch_code_examples.html Sets up a log file with secure permissions and logs the script's start time. This is a prerequisite for other logging functions. ```bash LOG_FILE="cloudwatch-dashboard-script-v4.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" echo "Starting script execution at $(date)" >> "$LOG_FILE" ``` -------------------------------- ### Create Client Setup Script with Java Installation Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_kafka_code_examples.html Generates a shell script named 'setup_client.sh' that configures logging and installs Java 11 on the client machine. The script redirects output to a log file. ```bash # Create setup script for the client machine echo "Creating setup script for the client machine" cat > setup_client.sh << 'EOF' #!/bin/bash # Set up logging LOG_FILE="client_setup_$(date +%Y%m%d_%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting client setup" echo "==============================================" # Install Java echo "Installing Java" sudo yum -y install java-11 EOF ``` -------------------------------- ### Create Client Setup Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_kafka_code_examples.html Generates a shell script named 'setup_client.sh' that configures a client machine. The script includes basic logging setup and installs Java 11. ```bash # Create setup script for the client machine echo "Creating setup script for the client machine" cat > setup_client.sh << 'EOF' #!/bin/bash # Set up logging LOG_FILE="client_setup_$(date +%Y%m%d_%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting client setup" echo "============================================== ``` -------------------------------- ### AWS IoT Device Defender Getting Started Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_iam_code_examples.html This comprehensive Bash script demonstrates how to use AWS IoT Device Defender. It covers enabling audit checks, viewing results, creating mitigation actions, and applying them to findings. The script includes setup, logging, and error handling. ```bash #!/bin/bash # AWS IoT Device Defender Getting Started Script # This script demonstrates how to use AWS IoT Device Defender to enable audit checks, # view audit results, create mitigation actions, and apply them to findings. set -euo pipefail # Set up logging LOG_FILE="iot-device-defender-script-$(date +%Y%m%d%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "===================================================" echo "AWS IoT Device Defender Getting Started Script" echo "===================================================" echo "Starting script execution at $(date)" echo "" # Function to check for errors in command output check_error() { if echo "$1" | grep -iE "An error occurred|Exception|Failed|usage: aws" > /dev/null; then echo "ERROR: Command failed with the following output:" echo "$1" return 1 fi return 0 } # Function to safely extract JSON values using jq extract_json_value() { local json="$1" local key="$2" echo "$json" | jq -r ".${key} // empty" 2>/dev/null || echo "" } # Function to validate JSON validate_json() { local json="$1" echo "$json" | jq empty 2>/dev/null } # Function to check AWS CLI availability check_aws_cli() { if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed or not in PATH" return 1 fi if ! command -v jq &> /dev/null; then echo "ERROR: jq is not installed or not in PATH" return 1 fi return 0 } ``` -------------------------------- ### Install Java on Client Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_kafka_code_examples.html Installs Java 11 on the client machine using yum package manager. This is part of the client setup script. ```bash # Install Java echo "Installing Java" sudo yum -y install java-11 ``` -------------------------------- ### Describe All Fast Snapshot Restores Source: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-fast-snapshot-restores.html This example describes all fast snapshot restores. Ensure the AWS CLI is installed and configured. ```bash aws ec2 describe-fast-snapshot-restores ``` -------------------------------- ### Describe Network Interface Permissions Source: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-network-interface-permissions.html This example describes all of your network interface permissions. Ensure you have the AWS CLI installed and configured. ```bash aws ec2 describe-network-interface-permissions ``` -------------------------------- ### Display Setup Completion Summary Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_elastic-load-balancing-v2_code_examples.html Prints a summary of the completed setup, including the Load Balancer DNS Name and ARNs for created resources. ```bash echo "" echo "==============================================" echo "SETUP COMPLETE" echo "==============================================" echo "Load Balancer DNS Name: $LB_DNS" echo "" echo "Resources created:" echo "- Load Balancer: $LOAD_BALANCER_ARN" echo "- Target Group: $TARGET_GROUP_ARN" echo "- Listener: $LISTENER_ARN" echo "- Security Group: $SECURITY_GROUP_ID" echo "" ``` -------------------------------- ### Connect to ElastiCache Serverless Cache with valkey-cli Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_elasticache_code_examples.html Provides instructions to install valkey-cli and connect to an ElastiCache serverless cache using its endpoint. Shows example commands for setting and getting data. ```bash # Step 5: Instructions for connecting to the cache echo "" echo "============================================================" echo "Your Valkey serverless cache has been successfully created!" echo "Cache Name: $CACHE_NAME" echo "Endpoint: $ENDPOINT" echo "============================================================" echo "" echo "To connect to your cache from an EC2 instance, follow these steps:" echo "" echo "1. Install valkey-cli on your EC2 instance:" echo " sudo amazon-linux-extras install epel -y" echo " sudo yum install gcc jemalloc-devel openssl-devel tcl tcl-devel -y" echo " wget https://github.com/valkey-io/valkey/archive/refs/tags/8.0.0.tar.gz" echo " tar xvzf 8.0.0.tar.gz" echo " cd valkey-8.0.0" echo " make BUILD_TLS=yes" echo "" echo "2. Connect to your cache using valkey-cli:" echo " src/valkey-cli -h $ENDPOINT --tls -p 6379" echo "" echo "3. Once connected, you can run commands like:" echo " set mykey \"Hello ElastiCache\"" echo " get mykey" echo "" ``` -------------------------------- ### Get Instance Types Excluding Specific Instance Types Source: https://docs.aws.amazon.com/cli/latest/reference/ec2/get-instance-types-from-instance-requirements.html Retrieve instance types while excluding specific instance types or patterns. This example excludes all instance types starting with 'm5a.' and the 'c5.8xlarge' type. ```bash aws ec2 get-instance-types-from-instance-requirements \ --instance-requirements ExcludedInstanceTypes=m5a.*,c5.8xlarge ``` -------------------------------- ### Get CPU Utilization Metrics from CloudWatch Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_cloudwatch_code_examples.html Fetches CPU utilization metrics from CloudWatch for the last 10 minutes using the AWS CLI. This example demonstrates cross-platform compatible date calculation for the start time. ```bash # Get CPU utilization metrics echo "Getting CPU utilization metrics..." END_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") # FIXED: Cross-platform compatible way to calculate time 10 minutes ago # This approach uses epoch seconds and basic arithmetic which works on all Linux distributions CURRENT_EPOCH=$(date +%s) TEN_MINUTES_AGO_EPOCH=$((CURRENT_EPOCH - 600)) START_TIME=$(date -u -d "@$TEN_MINUTES_AGO_EPOCH" +"%Y-%m-%dT%H:%M:%SZ" 2>/dev/null || date -u -r "$TEN_MINUTES_AGO_EPOCH" +"%Y-%m-%dT%H:%M:%SZ") ``` -------------------------------- ### Elastic Load Balancing Getting Started Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_elastic-load-balancing-v2_code_examples.html This Bash script automates the setup of an Application Load Balancer with an HTTP listener and target group. It includes error handling, logging, and validation functions for AWS CLI commands. ```bash #!/bin/bash # Elastic Load Balancing Getting Started Script - v2 # This script creates an Application Load Balancer with HTTP listener and target group set -euo pipefail # Set up logging LOG_FILE="elb-script-v2.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Elastic Load Balancing setup script at $(date)" echo "All commands and outputs will be logged to $LOG_FILE" # Function to handle errors handle_error() { echo "ERROR: $1" >&2 echo "Attempting to clean up resources..." cleanup_resources exit 1 } # Function to check AWS CLI command success check_command() { local output="$1" if [[ -z "$output" ]] || [[ "$output" == "None" ]]; then handle_error "AWS CLI command returned empty or invalid output" fi } # Function to validate ARN format validate_arn() { local arn="$1" if [[ ! "$arn" =~ ^arn:aws:[a-z0-9-]+:[a-z0-9\-]*:[0-9]{12}:.+$ ]]; then handle_error "Invalid ARN format: $arn" fi } # Function to validate security group ID validate_security_group_id() { local sg_id="$1" if [[ ! "$sg_id" =~ ^sg-[a-f0-9]{8,17}$ ]]; then handle_error "Invalid security group ID format: $sg_id" fi } # Function to validate VPC ID validate_vpc_id() { local vpc_id="$1" if [[ ! "$vpc_id" =~ ^vpc-[a-f0-9]{8,17}$ ]]; then handle_error "Invalid VPC ID format: $vpc_id" fi } ``` -------------------------------- ### Initialize ECR Tutorial Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_ecr_code_examples.html Sets up logging for the ECR tutorial script by redirecting stdout and stderr to a log file and the console. ```bash # Set up logging LOG_FILE="ecr-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 ``` -------------------------------- ### Example Output for Modify Instance Event Start Time Source: https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-event-start-time.html This is an example of the JSON output returned after successfully modifying an instance event's start time. ```json { "Event": { "InstanceEventId": "instance-event-0abcdef1234567890", "Code": "system-reboot", "Description": "scheduled reboot", "NotAfter": "2019-03-25T12:00:00.000Z", "NotBefore": "2019-03-25T10:00:00.000Z", "NotBeforeDeadline": "2019-04-22T21:00:00.000Z" } } ``` -------------------------------- ### EC2 Instance Connection and Client Setup Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_ec2_code_examples.html Provides steps to connect to an EC2 instance, upload and run a setup script, and source environment variables. This is a prerequisite for most other MSK operations. ```bash echo "NEXT STEPS:" echo "1. Connect to your EC2 instance:" echo " ssh -i $KEY_FILE ec2-user@$CLIENT_DNS" echo "" echo "2. Upload the setup script to your instance:" echo " scp -i $KEY_FILE setup_client.sh ec2-user@$CLIENT_DNS:~/ ``` ```bash echo "3. Run the setup script on your instance:" echo " ssh -i $KEY_FILE ec2-user@$CLIENT_DNS 'chmod +x ~/setup_client.sh && ~/setup_client.sh'" echo "" echo "4. Source the environment setup script:" echo " source ~/setup_env.sh" echo "" ``` -------------------------------- ### Amazon ECR Getting Started Script Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_ecr_code_examples.html This Bash script demonstrates the lifecycle of a Docker image in Amazon ECR, including creating an image and repository, authenticating, pushing, pulling, and cleaning up resources. It also checks for AWS CLI installation and configuration. ```bash #!/bin/bash # Amazon ECR Getting Started Script # This script demonstrates the lifecycle of a Docker image in Amazon ECR # Set up logging LOG_FILE="ecr-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "===================================================" echo "Amazon ECR Getting Started Tutorial" echo "===================================================" echo "This script will:" echo "1. Create a Docker image" echo "2. Create an Amazon ECR repository" echo "3. Authenticate to Amazon ECR" echo "4. Push the image to Amazon ECR" echo "5. Pull the image from Amazon ECR" echo "6. Clean up resources (optional)" echo "===================================================" # Check prerequisites echo "Checking prerequisites..." # Check if AWS CLI is installed if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed. Please install it before running this script." echo "Visit https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html for installation instructions." exit 1 fi # Check if AWS CLI is configured if ! aws sts get-caller-identity &> /dev/null; then echo "ERROR: AWS CLI is not configured properly. Please run 'aws configure' to set up your credentials." exit 1 fi ``` -------------------------------- ### Setup Logging and Environment Variables Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_glue_code_examples.html Initializes logging to a file and sets up environment variables for resource names and region. Ensures all output is captured. ```bash # Setup logging LOG_FILE="glue-tutorial-$(date +%Y%m%d-%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting AWS Glue Data Catalog tutorial script at $(date)" echo "All operations will be logged to $LOG_FILE" # Generate a unique identifier for resource names UNIQUE_ID=$(openssl rand -hex 4) DB_NAME="tutorial-db-${UNIQUE_ID}" TABLE_NAME="flights-data-${UNIQUE_ID}" TABLE_INPUT_FILE="table-input-${UNIQUE_ID}.json" # Track created resources declare -a CREATED_RESOURCES=() # Set default region if not provided AWS_REGION="${AWS_REGION:-us-east-1}" # Flag to track if database was successfully created DATABASE_CREATED=false ``` -------------------------------- ### Bash Script for Amazon Athena Getting Started Source: https://docs.aws.amazon.com/cli/latest/userguide/bash_athena_code_examples.html This script automates the setup and management of Amazon Athena resources, including S3 bucket creation, database and table definition, query execution, and named query management. It includes security checks for AWS credentials, bucket names, and identifiers, and sets up logging. ```bash #!/bin/bash # Amazon Athena Getting Started Script # This script demonstrates how to use Amazon Athena with AWS CLI # It creates a database, table, runs queries, and manages named queries set -euo pipefail # Security: Validate AWS credentials are configured if ! aws sts get-caller-identity &>/dev/null; then echo "ERROR: AWS credentials not configured or invalid" exit 1 fi # Security: Restrict umask to prevent world-readable files umask 0077 # Set up logging with restricted permissions LOG_FILE="athena-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Amazon Athena Getting Started Tutorial..." echo "Logging to $LOG_FILE" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created:" if [ -n "${NAMED_QUERY_ID:-}" ]; then echo "- Named Query: $NAMED_QUERY_ID" fi if [ -n "${DATABASE_NAME:-}" ]; then echo "- Database: $DATABASE_NAME" if [ -n "${TABLE_NAME:-}" ]; then echo "- Table: $TABLE_NAME in $DATABASE_NAME" fi fi if [ -n "${S3_BUCKET:-}" ]; then echo "- S3 Bucket: $S3_BUCKET" fi echo "Exiting..." exit 1 } # Security: Validate bucket name format validate_bucket_name() { local bucket_name="$1" if [[ ! "$bucket_name" =~ ^[a-z0-9][a-z0-9.-]*[a-z0-9]$ ]] || [ ${#bucket_name} -lt 3 ] || [ ${#bucket_name} -gt 63 ]; then return 1 fi return 0 } # Security: Validate database and table names validate_identifier() { local identifier="$1" if [[ ! "$identifier" =~ ^[a-zA-Z_][a-zA-Z0-9_]*$ ]]; then return 1 fi return 0 } # Security: Safely generate random identifier if ! command -v openssl &>/dev/null; then RANDOM_ID=$(head -c 6 /dev/urandom | od -An -tx1 | tr -d ' ') else RANDOM_ID=$(openssl rand -hex 6) fi # Security: Validate random ID format if [[ ! "$RANDOM_ID" =~ ^[a-f0-9]{12}$ ]]; then handle_error "Failed to generate valid random ID" fi # Check for shared prereq bucket with proper error handling PREREQ_BUCKET="" if aws cloudformation describe-stacks --stack-name tutorial-prereqs-bucket \ --query 'Stacks[0].Outputs[?OutputKey==`BucketName`].OutputValue' --output text 2>/dev/null | grep -qv "^$"; then PREREQ_BUCKET=$(aws cloudformation describe-stacks --stack-name tutorial-prereqs-bucket \ --query 'Stacks[0].Outputs[?OutputKey==`BucketName`].OutputValue' --output text 2>/dev/null) fi if [ -n "$PREREQ_BUCKET" ] && [ "$PREREQ_BUCKET" != "None" ]; then S3_BUCKET="$PREREQ_BUCKET" BUCKET_IS_SHARED=true echo "Using shared bucket: $S3_BUCKET" else BUCKET_IS_SHARED=false S3_BUCKET="athena-${RANDOM_ID}" fi if ! validate_bucket_name "$S3_BUCKET"; then handle_error "Invalid S3 bucket name: $S3_BUCKET" fi DATABASE_NAME="mydatabase" TABLE_NAME="cloudfront_logs" if ! validate_identifier "$DATABASE_NAME"; then handle_error "Invalid database name: $DATABASE_NAME" fi if ! validate_identifier "$TABLE_NAME"; then handle_error "Invalid table name: $TABLE_NAME" fi # Get the current AWS region with validation AWS_REGION=$(aws configure get region 2>/dev/null || echo "") if [ -z "$AWS_REGION" ]; then AWS_REGION="us-east-1" echo "No AWS region found in configuration, defaulting to $AWS_REGION" fi # Security: Validate region format - expanded regex for newer regions if [[ ! "$AWS_REGION" =~ ^[a-z]{2}-[a-z]+-[0-9]{1}$ ]] && [[ ! "$AWS_REGION" =~ ^[a-z]+-[a-z]+-[0-9]{1}$ ]]; then echo "WARNING: Region format may be invalid: $AWS_REGION" fi echo "Using AWS Region: $AWS_REGION" ``` -------------------------------- ### Example AWS CLI emr-serverless Command Source: https://docs.aws.amazon.com/cli/latest/reference/emr-serverless/index.html This is an example of how to use the emr-serverless prefix in an AWS CLI command to start a job run. ```bash aws emr-serverless start-job-run ```