aws-samples
diff --git a/‎.gitignore‎
Lines changed: 4 additions & 25 deletions b/‎.gitignore‎
Lines changed: 4 additions & 25 deletions
diff --git a/‎tuts/001-lightsail-gs/lightsail-gs.sh‎
Lines changed: 6 additions & 3 deletions b/‎tuts/001-lightsail-gs/lightsail-gs.sh‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎tuts/002-vpc-gs/vpc-gs.sh‎
Lines changed: 15 additions & 13 deletions b/‎tuts/002-vpc-gs/vpc-gs.sh‎
Lines changed: 15 additions & 13 deletions
diff --git a/‎tuts/003-s3-gettingstarted/s3-gettingstarted.sh‎
Lines changed: 44 additions & 2 deletions b/‎tuts/003-s3-gettingstarted/s3-gettingstarted.sh‎
Lines changed: 44 additions & 2 deletions
diff --git a/‎tuts/004-cloudmap-custom-attributes/cloudmap-custom-attributes.sh‎
Lines changed: 7 additions & 6 deletions b/‎tuts/004-cloudmap-custom-attributes/cloudmap-custom-attributes.sh‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎tuts/005-cloudfront-gettingstarted/cloudfront-gettingstarted.sh‎
Lines changed: 5 additions & 0 deletions b/‎tuts/005-cloudfront-gettingstarted/cloudfront-gettingstarted.sh‎
Lines changed: 5 additions & 0 deletions
@@ -1,26 +1,5 @@
-*.log
-*.pem
-aws-eump-logs/
-dynamodb-tutorial-logs/
-Dockerfile
-document.png
-dashboard-body-*.json
-comprehend-policy.json
-hello-world.json
-input.json
-query-results.csv
-sentiment-*.json
-step-functions-trust-policy.json
-stepfunctions-policy.json
-textract-*.json
-updated-hello-world.json
-webserver-template-*.yaml
-qbusiness-*.json
-datazone_script_v3_fixed.log
-idc_setup_*.log
 workspaces_creation.log
-logs/
-*.csv
-*.png
-Dockerfile
-cfn/
+datazone_script_v3_fixed.log
+idc_setup_20260429_064540.log
+qbusiness-permissions-policy.json
+qbusiness-trust-policy.json
@@ -122,7 +122,8 @@ aws lightsail create-instances \
   --availability-zone "$AVAILABILITY_ZONE" \
   --blueprint-id amazon_linux_2023 \
   --bundle-id nano_3_0 \
-  --region "$AWS_REGION"
+  --region "$AWS_REGION" \
+  --tags key=project,value=doc-smith key=tutorial,value=lightsail-gs
 check_status "Failed to create Lightsail instance"
 track_resource "instance" "$INSTANCE_NAME"
 
@@ -180,7 +181,8 @@ aws lightsail create-disk \
   --disk-name "$DISK_NAME" \
   --availability-zone "$AVAILABILITY_ZONE" \
   --size-in-gb 8 \
-  --region "$AWS_REGION"
+  --region "$AWS_REGION" \
+  --tags key=project,value=doc-smith key=tutorial,value=lightsail-gs
 check_status "Failed to create disk"
 track_resource "disk" "$DISK_NAME"
 
@@ -223,7 +225,8 @@ echo "Step 6: Creating snapshot of the instance: $SNAPSHOT_NAME"
 aws lightsail create-instance-snapshot \
   --instance-name "$INSTANCE_NAME" \
   --instance-snapshot-name "$SNAPSHOT_NAME" \
-  --region "$AWS_REGION"
+  --region "$AWS_REGION" \
+  --tags key=project,value=doc-smith key=tutorial,value=lightsail-gs
 check_status "Failed to create instance snapshot"
 track_resource "instance_snapshot" "$SNAPSHOT_NAME"
 
 
@@ -115,7 +115,7 @@ fi
 
 # Create VPC
 echo "Creating VPC with CIDR block 10.0.0.0/16..."
-VPC_ID=$(aws ec2 create-vpc --cidr-block 10.0.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=MyVPC}]' --query 'Vpc.VpcId' --output text)
+VPC_ID=$(aws ec2 create-vpc --cidr-block 10.0.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=MyVPC},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' --query 'Vpc.VpcId' --output text)
 
 if [ -z "$VPC_ID" ]; then
   handle_error "Failed to create VPC"
@@ -146,7 +146,7 @@ PUBLIC_SUBNET_AZ1=$(aws ec2 create-subnet \
   --vpc-id "$VPC_ID" \
   --cidr-block 10.0.0.0/24 \
   --availability-zone "$AZ1" \
-  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Public-Subnet-AZ1}]' \
+  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Public-Subnet-AZ1},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'Subnet.SubnetId' \
   --output text)
 
@@ -162,7 +162,7 @@ PUBLIC_SUBNET_AZ2=$(aws ec2 create-subnet \
   --vpc-id "$VPC_ID" \
   --cidr-block 10.0.1.0/24 \
   --availability-zone "$AZ2" \
-  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Public-Subnet-AZ2}]' \
+  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Public-Subnet-AZ2},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'Subnet.SubnetId' \
   --output text)
 
@@ -179,7 +179,7 @@ PRIVATE_SUBNET_AZ1=$(aws ec2 create-subnet \
   --vpc-id "$VPC_ID" \
   --cidr-block 10.0.2.0/24 \
   --availability-zone "$AZ1" \
-  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Private-Subnet-AZ1}]' \
+  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Private-Subnet-AZ1},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'Subnet.SubnetId' \
   --output text)
 
@@ -195,7 +195,7 @@ PRIVATE_SUBNET_AZ2=$(aws ec2 create-subnet \
   --vpc-id "$VPC_ID" \
   --cidr-block 10.0.3.0/24 \
   --availability-zone "$AZ2" \
-  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Private-Subnet-AZ2}]' \
+  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=Private-Subnet-AZ2},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'Subnet.SubnetId' \
   --output text)
 
@@ -209,7 +209,7 @@ echo "Private subnet created in $AZ2 with ID: $PRIVATE_SUBNET_AZ2"
 # Create Internet Gateway
 echo "Creating Internet Gateway..."
 IGW_ID=$(aws ec2 create-internet-gateway \
-  --tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=MyIGW}]' \
+  --tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=MyIGW},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'InternetGateway.InternetGatewayId' \
   --output text)
 
@@ -228,7 +228,7 @@ aws ec2 attach-internet-gateway --internet-gateway-id "$IGW_ID" --vpc-id "$VPC_I
 echo "Creating public route table..."
 PUBLIC_RT=$(aws ec2 create-route-table \
   --vpc-id "$VPC_ID" \
-  --tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=Public-RT}]' \
+  --tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=Public-RT},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'RouteTable.RouteTableId' \
   --output text)
 
@@ -266,7 +266,7 @@ CREATED_RESOURCES+=("ROUTE_TABLE_ASSOCIATION:$PUBLIC_RT_ASSOC_2")
 echo "Creating private route table..."
 PRIVATE_RT=$(aws ec2 create-route-table \
   --vpc-id "$VPC_ID" \
-  --tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=Private-RT}]' \
+  --tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=Private-RT},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'RouteTable.RouteTableId' \
   --output text)
 
@@ -298,7 +298,7 @@ CREATED_RESOURCES+=("ROUTE_TABLE_ASSOCIATION:$PRIVATE_RT_ASSOC_2")
 
 # Allocate Elastic IP for NAT Gateway
 echo "Allocating Elastic IP for NAT Gateway..."
-EIP_ALLOC=$(aws ec2 allocate-address --domain vpc --query 'AllocationId' --output text)
+EIP_ALLOC=$(aws ec2 allocate-address --domain vpc --tag-specifications 'ResourceType=elastic-ip,Tags=[{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' --query 'AllocationId' --output text)
 
 if [ -z "$EIP_ALLOC" ]; then
   handle_error "Failed to allocate Elastic IP"
@@ -312,7 +312,7 @@ echo "Creating NAT Gateway in public subnet in $AZ1..."
 NAT_GW=$(aws ec2 create-nat-gateway \
   --subnet-id "$PUBLIC_SUBNET_AZ1" \
   --allocation-id "$EIP_ALLOC" \
-  --tag-specifications 'ResourceType=natgateway,Tags=[{Key=Name,Value=MyNATGateway}]' \
+  --tag-specifications 'ResourceType=natgateway,Tags=[{Key=Name,Value=MyNATGateway},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'NatGateway.NatGatewayId' \
   --output text)
 
@@ -344,6 +344,7 @@ WEB_SG=$(aws ec2 create-security-group \
   --group-name "WebServerSG-$(date +%s)" \
   --description "Security group for web servers" \
   --vpc-id "$VPC_ID" \
+  --tag-specifications 'ResourceType=security-group,Tags=[{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'GroupId' \
   --output text)
 
@@ -370,6 +371,7 @@ DB_SG=$(aws ec2 create-security-group \
   --group-name "DBServerSG-$(date +%s)" \
   --description "Security group for database servers" \
   --vpc-id "$VPC_ID" \
+  --tag-specifications 'ResourceType=security-group,Tags=[{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'GroupId' \
   --output text)
 
@@ -428,7 +430,7 @@ echo "Deploying EC2 instances..."
 # Create key pair for SSH access
 KEY_NAME="vpc-tutorial-key-$(date +%s)"
 echo "Creating key pair $KEY_NAME..."
-aws ec2 create-key-pair --key-name "$KEY_NAME" --query 'KeyMaterial' --output text > "${KEY_NAME}.pem" || handle_error "Failed to create key pair"
+aws ec2 create-key-pair --key-name "$KEY_NAME" --tag-specifications 'ResourceType=key-pair,Tags=[{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' --query 'KeyMaterial' --output text > "${KEY_NAME}.pem" || handle_error "Failed to create key pair"
 chmod 400 "${KEY_NAME}.pem"
 echo "Key pair saved to ${KEY_NAME}.pem"
 CREATED_RESOURCES+=("KEY_PAIR:$KEY_NAME")
@@ -456,7 +458,7 @@ WEB_INSTANCE=$(aws ec2 run-instances \
     systemctl start httpd
     systemctl enable httpd
     echo "<h1>Hello from $(hostname -f) in the public subnet</h1>" > /var/www/html/index.html' \
-  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=WebServer}]' \
+  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=WebServer},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'Instances[0].InstanceId' \
   --output text) || handle_error "Failed to launch web server"
 echo "Web server instance created with ID: $WEB_INSTANCE"
@@ -486,7 +488,7 @@ DB_INSTANCE=$(aws ec2 run-instances \
     yum install -y mariadb-server
     systemctl start mariadb
     systemctl enable mariadb' \
-  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=DBServer}]' \
+  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=DBServer},{Key=project,Value=doc-smith},{Key=tutorial,Value=vpc-gs}]' \
   --query 'Instances[0].InstanceId' \
   --output text) || handle_error "Failed to launch database server"
 echo "Database server instance created with ID: $DB_INSTANCE"
 
@@ -169,6 +169,23 @@ if [ "$BUCKET_IS_SHARED" = "false" ]; then
     fi
     CREATED_RESOURCES+=("s3:bucket:${BUCKET_NAME}")
     echo "Bucket created."
+    
+    if ! aws s3api put-bucket-tagging \
+        --bucket "$BUCKET_NAME" \
+        --tagging '{
+            "TagSet": [
+                {
+                    "Key": "project",
+                    "Value": "doc-smith"
+                },
+                {
+                    "Key": "tutorial",
+                    "Value": "s3-gettingstarted"
+                }
+            ]
+        }' >/dev/null 2>&1; then
+        echo "WARNING: Failed to tag bucket"
+    fi
 fi
 echo ""
 
@@ -317,12 +334,29 @@ LOG_TARGET_BUCKET="${BUCKET_NAME}-logs"
 if [ "$BUCKET_IS_SHARED" = "false" ]; then
     REGION=$(get_region)
     if [ "$REGION" = "us-east-1" ]; then
-        aws s3api create-bucket --bucket "$LOG_TARGET_BUCKET" 2>/dev/null || true
+        aws s3api create-bucket --bucket "$LOG_TARGET_BUCKET" >/dev/null 2>&1 || true
     else
         aws s3api create-bucket \
             --bucket "$LOG_TARGET_BUCKET" \
             --region "$REGION" \
-            --create-bucket-configuration LocationConstraint="$REGION" 2>/dev/null || true
+            --create-bucket-configuration LocationConstraint="$REGION" >/dev/null 2>&1 || true
+    fi
+    
+    if ! aws s3api put-bucket-tagging \
+        --bucket "$LOG_TARGET_BUCKET" \
+        --tagging '{
+            "TagSet": [
+                {
+                    "Key": "project",
+                    "Value": "doc-smith"
+                },
+                {
+                    "Key": "tutorial",
+                    "Value": "s3-gettingstarted"
+                }
+            ]
+        }' >/dev/null 2>&1; then
+        echo "WARNING: Failed to tag log bucket"
     fi
 
     aws s3api put-bucket-acl --bucket "$LOG_TARGET_BUCKET" --acl log-delivery-write 2>/dev/null || true
@@ -354,6 +388,14 @@ if ! aws s3api put-bucket-tagging \
     --bucket "$BUCKET_NAME" \
     --tagging '{
         "TagSet": [
+            {
+                "Key": "project",
+                "Value": "doc-smith"
+            },
+            {
+                "Key": "tutorial",
+                "Value": "s3-gettingstarted"
+            },
             {
                 "Key": "Environment",
                 "Value": "Tutorial"
 
@@ -180,7 +180,7 @@ NAMESPACE_ID=$(aws servicediscovery list-namespaces --query "Namespaces[?Name=='
 
 if [[ -z "$NAMESPACE_ID" || "$NAMESPACE_ID" == "None" ]]; then
   log_cmd "aws servicediscovery create-http-namespace --name cloudmap-tutorial --creator-request-id namespace-request-\$(date +%s)"
-  OPERATION_ID=$(aws servicediscovery create-http-namespace --name cloudmap-tutorial --creator-request-id "namespace-request-$(date +%s)" --query 'OperationId' --output text)
+  OPERATION_ID=$(aws servicediscovery create-http-namespace --name cloudmap-tutorial --creator-request-id "namespace-request-$(date +%s)" --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes --query 'OperationId' --output text)
 
   # Wait for namespace creation to complete
   echo "Waiting for namespace creation to complete..." | tee -a "$LOG_FILE"
@@ -202,7 +202,7 @@ echo "Step 2: Creating DynamoDB table..." | tee -a "$LOG_FILE"
 TABLE_EXISTS=$(aws dynamodb describe-table --table-name cloudmap 2>&1 || echo "NOT_EXISTS")
 
 if [[ $TABLE_EXISTS == *"ResourceNotFoundException"* || $TABLE_EXISTS == "NOT_EXISTS" ]]; then
-  log_cmd "aws dynamodb create-table --table-name cloudmap --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --billing-mode PAY_PER_REQUEST"
+  log_cmd "aws dynamodb create-table --table-name cloudmap --attribute-definitions AttributeName=id,AttributeType=S --key-schema AttributeName=id,KeyType=HASH --billing-mode PAY_PER_REQUEST --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes"
 
   # Wait for DynamoDB table to become active
   echo "Waiting for DynamoDB table to become active..." | tee -a "$LOG_FILE"
@@ -235,7 +235,7 @@ if [[ -z "$DATA_SERVICE_ID" ]]; then
   echo "Data service does not exist, creating it..." | tee -a "$LOG_FILE"
   # Create the service and capture the ID directly
   echo "$ aws servicediscovery create-service --name data-service --namespace-id $NAMESPACE_ID --creator-request-id data-service-request-\$(date +%s)" | tee -a "$LOG_FILE"
-  CREATE_OUTPUT=$(aws servicediscovery create-service --name data-service --namespace-id "$NAMESPACE_ID" --creator-request-id "data-service-request-$(date +%s)")
+  CREATE_OUTPUT=$(aws servicediscovery create-service --name data-service --namespace-id "$NAMESPACE_ID" --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes --creator-request-id "data-service-request-$(date +%s)")
   echo "$CREATE_OUTPUT" | tee -a "$LOG_FILE"
 
   # Extract the service ID using AWS CLI query
@@ -292,6 +292,7 @@ ROLE_EXISTS=$(aws iam get-role --role-name cloudmap-tutorial-role 2>&1 || echo "
 
 if [[ $ROLE_EXISTS == *"NoSuchEntity"* || $ROLE_EXISTS == "NOT_EXISTS" ]]; then
     log_cmd "aws iam create-role --role-name cloudmap-tutorial-role --assume-role-policy-document file://lambda-trust-policy.json"
+    aws iam tag-role --role-name cloudmap-tutorial-role --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes
 else
     echo "Role cloudmap-tutorial-role already exists, using existing role" | tee -a "$LOG_FILE"
 fi
@@ -375,7 +376,7 @@ if [[ -z "$APP_SERVICE_ID" ]]; then
   echo "App service does not exist, creating it..." | tee -a "$LOG_FILE"
   # Create the service and capture the ID directly
   echo "$ aws servicediscovery create-service --name app-service --namespace-id $NAMESPACE_ID --creator-request-id app-service-request-\$(date +%s)" | tee -a "$LOG_FILE"
-  CREATE_OUTPUT=$(aws servicediscovery create-service --name app-service --namespace-id "$NAMESPACE_ID" --creator-request-id "app-service-request-$(date +%s)")
+  CREATE_OUTPUT=$(aws servicediscovery create-service --name app-service --namespace-id "$NAMESPACE_ID" --tags Key=project,Value=doc-smith Key=tutorial,Value=cloudmap-custom-attributes --creator-request-id "app-service-request-$(date +%s)")
   echo "$CREATE_OUTPUT" | tee -a "$LOG_FILE"
 
   # Extract the service ID using AWS CLI query
@@ -448,7 +449,7 @@ log_cmd "zip writefunction.zip writefunction.py"
 # Create the Lambda function
 FUNCTION_EXISTS=$(aws lambda list-functions --query "Functions[?FunctionName=='writefunction'].FunctionName" --output text 2>/dev/null || echo "")
 if [[ -z "$FUNCTION_EXISTS" ]]; then
-  log_cmd "aws lambda create-function --function-name writefunction --runtime python3.12 --role $ROLE_ARN --handler writefunction.lambda_handler --zip-file fileb://writefunction.zip --architectures x86_64 --timeout 10"
+  log_cmd "aws lambda create-function --function-name writefunction --runtime python3.12 --role $ROLE_ARN --handler writefunction.lambda_handler --zip-file fileb://writefunction.zip --architectures x86_64 --timeout 10 --tags project=doc-smith,tutorial=cloudmap-custom-attributes"
 
   # Wait for the Lambda function to be active before updating
   echo "Waiting for Lambda function to become active..." | tee -a "$LOG_FILE"
@@ -537,7 +538,7 @@ log_cmd "zip readfunction.zip readfunction.py"
 # Create the Lambda function
 FUNCTION_EXISTS=$(aws lambda list-functions --query "Functions[?FunctionName=='readfunction'].FunctionName" --output text 2>/dev/null || echo "")
 if [[ -z "$FUNCTION_EXISTS" ]]; then
-  log_cmd "aws lambda create-function --function-name readfunction --runtime python3.12 --role $ROLE_ARN --handler readfunction.lambda_handler --zip-file fileb://readfunction.zip --architectures x86_64 --timeout 10"
+  log_cmd "aws lambda create-function --function-name readfunction --runtime python3.12 --role $ROLE_ARN --handler readfunction.lambda_handler --zip-file fileb://readfunction.zip --architectures x86_64 --timeout 10 --tags project=doc-smith,tutorial=cloudmap-custom-attributes"
 
   # Wait for the Lambda function to be active before updating
   echo "Waiting for Lambda function to become active..." | tee -a "$LOG_FILE"
 
@@ -179,6 +179,8 @@ if [ "$BUCKET_IS_SHARED" != "true" ]; then
         handle_error "Failed to create S3 bucket"
     fi
 
+    aws s3api put-bucket-tagging --bucket "$BUCKET_NAME" --tagging 'TagSet=[{Key=project,Value=doc-smith},{Key=tutorial,Value=cloudfront-gettingstarted}]'
+    
     # Batch bucket configuration calls for efficiency
     aws s3api put-bucket-versioning --bucket "$BUCKET_NAME" --versioning-configuration Status=Enabled &
     aws s3api put-public-access-block \
@@ -335,6 +337,9 @@ fi
 echo "Created CloudFront distribution with ID: $DISTRIBUTION_ID"
 echo "CloudFront domain name: $DOMAIN_NAME"
 
+# Tag the CloudFront distribution
+aws cloudfront tag-resource --resource "arn:aws:cloudfront::$ACCOUNT_ID:distribution/$DISTRIBUTION_ID" --tags 'Items=[{Key=project,Value=doc-smith},{Key=tutorial,Value=cloudfront-gettingstarted}]'
+
 # Step 6: Update S3 bucket policy
 echo "Updating S3 bucket policy..."