Add CloudFormation templates for first 10 tutorials

[mwunderl]

Summary

CloudFormation templates for the first 10 published tutorials, plus shared infrastructure and deployment scripts.

New files

Prerequisite templates (cfn/):

• prereq-bucket.yaml — shared S3 bucket with cross-stack exports
• prereq-vpc-public.yaml — VPC with public + private subnets, NAT gateway
• prereq-vpc-private.yaml — VPC with private subnets only, S3 endpoint

Deployment scripts:

• deploy.sh — universal deploy script, auto-detects and creates prerequisites
• cleanup.sh — deletes tutorial stacks; --prereqs empties buckets and deletes prereq stacks

Tutorial templates (cfn-*.yaml in each tutorial directory):

Tutorial	Resources	Prereqs
001-lightsail	Instance, Disk	None
002-vpc	VPC, IGW, Subnet, SG, EC2	None
003-s3	(pointer to prereq bucket)	Bucket
004-cloudmap	Namespace, DynamoDB, Lambda, IAM	None
005-cloudfront	Distribution, OAC, S3 origin	None
008-vpc-private	VPC, NAT, ASG, LaunchTemplate	None
009-vpc-ipam	IPAM, Pool, PoolCidr	None
010-cloudmap	Public DNS Namespace, Service	None
011-batch-fargate	ComputeEnv, JobQueue, IAM	VPC
012-transitgateway	2 VPCs, TGW, 2 Attachments	None

Design decisions

• Prereq stack pattern: S3 buckets and VPCs are shared infrastructure deployed as separate stacks with cross-stack exports. Tutorial stacks import what they need. This keeps tutorial stacks deletable without data cleanup issues.
• Each tutorial creates its own IAM roles with least-privilege permissions scoped to exactly what it needs.
• VPC tutorials are self-contained — they create their own VPCs as the core lesson. Only tutorials that need a VPC as infrastructure import from prereq stacks.
• All templates validated with aws cloudformation validate-template.

Usage

# Deploy a tutorial
./deploy.sh 004-cloudmap-custom-attributes

# Delete a tutorial stack
./cleanup.sh 004-cloudmap-custom-attributes

# Delete all prerequisite stacks
./cleanup.sh --prereqs