s3-bucket-versioning-enabled

restricted-ssh

encrypted-volumes

# For EBS Volume Demo
# Create volume
echo "Creating EBS volume..."
VOLUME_ID=$(aws ec2 create-volume \
    --volume-type gp3 \
    --size 1 \
    --availability-zone us-east-1a \
    --query 'VolumeId' \
    --output text)
echo "Created Volume ID: $VOLUME_ID"

# Get AMI ID
echo "Getting latest Amazon Linux 2 AMI..."
AMI_ID=$(aws ec2 describe-images \
    --owners amazon \
    --filters "Name=name,Values=amzn2-ami-hvm-*-x86_64-gp2" \
    "Name=state,Values=available" \
    --query 'sort_by(Images, &CreationDate)[-1].ImageId' \
    --output text)
echo "Using AMI ID: $AMI_ID"

# Get Subnet ID
echo "Getting subnet in us-east-1a..."
SUBNET_ID=$(aws ec2 describe-subnets \
    --filters "Name=availabilityZone,Values=us-east-1a" \
    --query 'Subnets[0].SubnetId' \
    --output text)
echo "Using Subnet ID: $SUBNET_ID"

# Launch EC2 instance
echo "Launching EC2 instance..."
INSTANCE_ID=$(aws ec2 run-instances \
    --image-id $AMI_ID \
    --instance-type t2.micro \
    --subnet-id $SUBNET_ID \
    --count 1 \
    --query 'Instances[0].InstanceId' \
    --output text)
echo "Created Instance ID: $INSTANCE_ID"

# Wait for instance
echo "Waiting for instance to be running..."
aws ec2 wait instance-running --instance-ids $INSTANCE_ID

# Attach volume
echo "Attaching volume to instance..."
aws ec2 attach-volume \
    --volume-id $VOLUME_ID \
    --instance-id $INSTANCE_ID \
    --device /dev/sdf

echo "Triggering encrypted-volumes rule evaluation..."
aws configservice start-config-rules-evaluation \
    --config-rule-names encrypted-volumes

# For S3 Bucket Demo
echo -e "\nStarting S3 bucket versioning demo..."
BUCKET_NAME="test-config-bucket-$(date +%s)"
echo "Creating bucket: $BUCKET_NAME"
aws s3api create-bucket \
    --bucket $BUCKET_NAME \
    --region us-east-1

echo "Triggering s3-bucket-versioning-enabled rule evaluation..."
aws configservice start-config-rules-evaluation \
    --config-rule-names s3-bucket-versioning-enabled

# For Security Group Demo (Automated version)
echo -e "\nStarting security group demo..."
echo "Creating security group..."
SG_ID=$(aws ec2 create-security-group \
    --group-name test-ssh-open \
    --description "Test security group for SSH rule" \
    --query 'GroupId' \
    --output text)

echo "Adding SSH rule to security group..."
aws ec2 authorize-security-group-ingress \
    --group-id $SG_ID \
    --protocol tcp \
    --port 22 \
    --cidr 0.0.0.0/0

echo "Triggering restricted-ssh rule evaluation..."
aws configservice start-config-rules-evaluation \
    --config-rule-names restricted-ssh