Apply technical requirements (R1, R2, R9, R10, R13)

- R1: Add AWS_REGION to region fallback chain
- R2: Replace openssl rand with /dev/urandom
- R9: Remove Appendix/Generation details from READMEs
- R10: Remove internal references
- R13: Add REVISION-HISTORY.md

Author: mwunderl

tuts/128-aws-waf-gs/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 128-aws-waf-gs
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/128-aws-waf-gs/aws-waf-gs.sh

@@ -1,11 +1,11 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d)
 exec > >(tee -a "$WORK_DIR/waf-$(date +%Y%m%d-%H%M%S).log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}
 [ -z "$REGION" ] && echo "ERROR: No region" && exit 1
 export AWS_DEFAULT_REGION="$REGION"
 echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4)
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
 ACL_NAME="tut-acl-${RANDOM_ID}"
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }
 trap 'handle_error $LINENO' ERR

tuts/129-amazon-macie-gs/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 129-amazon-macie-gs
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/129-amazon-macie-gs/amazon-macie-gs.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d)
 exec > >(tee -a "$WORK_DIR/macie-$(date +%Y%m%d-%H%M%S).log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}
 [ -z "$REGION" ] && echo "ERROR: No region" && exit 1
 export AWS_DEFAULT_REGION="$REGION"
 echo "Region: $REGION"

tuts/130-amazon-detective-gs/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 130-amazon-detective-gs
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/130-amazon-detective-gs/amazon-detective-gs.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d)
 exec > >(tee -a "$WORK_DIR/detective-$(date +%Y%m%d-%H%M%S).log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
 PREEXISTING=false
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
 cleanup() { echo ""; echo "Cleaning up..."; [ "$PREEXISTING" != true ] && [ -n "$GRAPH_ARN" ] && aws detective delete-graph --graph-arn "$GRAPH_ARN" 2>/dev/null && echo "  Deleted graph" || echo "  Pre-existing — not deleting"; rm -rf "$WORK_DIR"; echo "Done."; }

tuts/131-amazon-verifiedpermissions-gs/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 131-amazon-verifiedpermissions-gs
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/131-amazon-verifiedpermissions-gs/amazon-verifiedpermissions-gs.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d)
 exec > >(tee -a "$WORK_DIR/avp-$(date +%Y%m%d-%H%M%S).log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4)
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
 cleanup() { echo ""; echo "Cleaning up..."; [ -n "$STORE_ID" ] && aws verifiedpermissions delete-policy-store --policy-store-id "$STORE_ID" 2>/dev/null && echo "  Deleted policy store"; rm -rf "$WORK_DIR"; echo "Done."; }
 echo "Step 1: Creating policy store"

tuts/154-iam-policies/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 154-iam-policies
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/154-iam-policies/iam-policies.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/iam-policies.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4); POLICY_NAME="tut-policy-${RANDOM_ID}"; ROLE_NAME="tut-iam-role-${RANDOM_ID}"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); POLICY_NAME="tut-policy-${RANDOM_ID}"; ROLE_NAME="tut-iam-role-${RANDOM_ID}"
 ACCOUNT=$(aws sts get-caller-identity --query 'Account' --output text)
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
 cleanup() { echo ""; echo "Cleaning up..."; aws iam detach-role-policy --role-name "$ROLE_NAME" --policy-arn "arn:aws:iam::${ACCOUNT}:policy/$POLICY_NAME" 2>/dev/null; aws iam delete-role --role-name "$ROLE_NAME" 2>/dev/null && echo "  Deleted role"; aws iam delete-policy --policy-arn "arn:aws:iam::${ACCOUNT}:policy/$POLICY_NAME" 2>/dev/null && echo "  Deleted policy"; rm -rf "$WORK_DIR"; echo "Done."; }