#!/bin/bash

# A script to enable AWS Shield Advanced and then clean up using AWS CLI.

# --- Configuration ---
REGION="us-east-1"

# --- 1. Create Shield Advanced Subscription ---
echo "--- Creating AWS Shield Advanced Subscription ---"
# Note: Shield Advanced is a paid service. Creating a subscription will incur costs.
# This operation might fail if your account is not eligible or if a subscription already exists.
SUBSCRIPTION_ARN=$(aws shield create-subscription \
  --region $REGION \
  --query 'Subscription.SubscriptionArn' --output text)

echo "AWS Shield Advanced subscription created. ARN: $SUBSCRIPTION_ARN"

# --- 2. Output Subscription ARN ---
echo -e "\n--- AWS Shield Advanced Enabled Successfully! ---"
echo "Subscription ARN: $SUBSCRIPTION_ARN"
echo "Your account is now protected by Shield Advanced."

read -p "Press Enter to delete the AWS Shield Advanced subscription..."

# --- Clean Up ---
echo -e "\n--- Cleaning up resources ---"

# Delete Shield Advanced Subscription
echo "Deleting AWS Shield Advanced subscription '$SUBSCRIPTION_ARN'"...
aws shield delete-subscription \
  --region $REGION

echo "AWS Shield Advanced subscription deleted."

echo -e "\n--- AWS Shield Advanced demonstration and cleanup complete ---"