Fix 5 scripts + linter: 032 zip test, 066 cognito (4 bugs), 074 textract grep, 010 regex, validation.yaml

mwunderl · mwunderl · commit 2b6809f8384c · 2026-04-28T18:42:20.000Z
032-cloudwatch-streams: zip -t → unzip -t (zip -t means set-date on this system)
066-amazon-cognito-gs: MFA OFF, user pool ID regex, auth flow, temp password symbols, deletion protection
074-amazon-textract-gs: grep -o returns exit 1 on no match under set -e
010-cloudmap-service-discovery: allow uppercase hex in operation_id
.doc_gen/validation.yaml: allow === separator string
diff --git a/.doc_gen/validation.yaml b/.doc_gen/validation.yaml
@@ -1,5 +1,6 @@
 allow_list:
   - "bPxRfiCYEXAMPLEKEY/wJalrXUtnFEMI/K7MDENG"
   - "role/AmazonEC2ContainerServiceforEC2Role"
+  - "========================================"
 sample_files:
   - "README.md"
diff --git a/tuts/010-cloudmap-service-discovery/cloudmap-service-discovery.sh b/tuts/010-cloudmap-service-discovery/cloudmap-service-discovery.sh
@@ -89,7 +89,7 @@ check_operation() {
     local retry_count=0
     
     # Validate operation_id format (basic UUID validation)
-    if [[ -z "$operation_id" ]] || ! [[ "$operation_id" =~ ^[a-f0-9-]+$ ]]; then
+    if [[ -z "$operation_id" ]] || ! [[ "$operation_id" =~ ^[a-fA-F0-9-]+$ ]]; then
         log "Error: Invalid operation_id format"
         return 1
     fi
@@ -240,7 +240,7 @@ NAMESPACE_ID=$(aws servicediscovery list-namespaces \
     --query "Namespaces[?Name=='$NAMESPACE_NAME'].Id" \
     --output text)
 
-if [[ -z "$NAMESPACE_ID" ]] || ! [[ "$NAMESPACE_ID" =~ ^[a-f0-9-]+$ ]]; then
+if [[ -z "$NAMESPACE_ID" ]] || ! [[ "$NAMESPACE_ID" =~ ^[a-fA-F0-9-]+$ ]]; then
     log "Error: Failed to retrieve namespace ID"
     exit 1
 fi
diff --git a/tuts/032-cloudwatch-streams/cloudwatch-streams.sh b/tuts/032-cloudwatch-streams/cloudwatch-streams.sh
@@ -195,15 +195,15 @@ if ! python3 -m py_compile lambda_function.py 2>/dev/null; then
 fi
 
 # Zip the Lambda function code
-log_cmd "zip -j -q lambda_function.zip lambda_function.py"
+zip -j -q lambda_function.zip lambda_function.py
 if [ ! -f lambda_function.zip ]; then
     echo "ERROR: Failed to create lambda_function.zip" | tee -a "$LOG_FILE"
     exit 1
 fi
 chmod 600 lambda_function.zip
 
 # Validate zip file integrity
-if ! zip -t lambda_function.zip > /dev/null 2>&1; then
+if ! unzip -t lambda_function.zip > /dev/null 2>&1; then
     echo "ERROR: Created zip file is corrupted" | tee -a "$LOG_FILE"
     exit 1
 fi
diff --git a/tuts/066-amazon-cognito-gs/amazon-cognito-gs.sh b/tuts/066-amazon-cognito-gs/amazon-cognito-gs.sh
@@ -134,10 +134,10 @@ USER_POOL_OUTPUT=$(aws cognito-idp create-user-pool \
   --username-attributes email \
   --policies '{"PasswordPolicy":{"MinimumLength":12,"RequireUppercase":true,"RequireLowercase":true,"RequireNumbers":true,"RequireSymbols":true}}' \
   --schema '[{"Name":"email","Required":true,"Mutable":true}]' \
-  --mfa-configuration OPTIONAL \
+  --mfa-configuration OFF \
   --user-attribute-update-settings '{"AttributesRequireVerificationBeforeUpdate":["email"]}' \
   --account-recovery-setting 'RecoveryMechanisms=[{Name=verified_email,Priority=1}]' \
-  --deletion-protection ACTIVE \
+  --deletion-protection INACTIVE \
   --region "$AWS_REGION" \
   2>&1)
 check_aws_error "create-user-pool"
@@ -150,7 +150,7 @@ if [ -z "$USER_POOL_ID" ]; then
 fi
 
 # Validate User Pool ID format
-if ! [[ "$USER_POOL_ID" =~ ^[a-z]{2}-[a-z]+-[0-9]{1}_[a-zA-Z0-9]{25}$ ]]; then
+if ! [[ "$USER_POOL_ID" =~ ^[a-z]{2}-[a-z]+-[0-9]+_[a-zA-Z0-9]+$ ]]; then
   echo "ERROR: Invalid User Pool ID format: $USER_POOL_ID" >&2
   exit 1
 fi
@@ -167,7 +167,7 @@ APP_CLIENT_OUTPUT=$(aws cognito-idp create-user-pool-client \
   --user-pool-id "$USER_POOL_ID" \
   --client-name "$APP_CLIENT_NAME" \
   --no-generate-secret \
-  --explicit-auth-flows ALLOW_REFRESH_TOKEN_AUTH \
+  --explicit-auth-flows ALLOW_REFRESH_TOKEN_AUTH ALLOW_USER_PASSWORD_AUTH \
   --callback-urls '["https://localhost:3000/callback"]' \
   --allowed-o-auth-flows 'code' \
   --allowed-o-auth-scopes 'openid' 'email' 'profile' \
@@ -231,7 +231,7 @@ echo "App Client details retrieved successfully"
 # Step 6: Create a User (Admin)
 echo "Creating admin user..."
 ADMIN_USER_EMAIL="admin@example.com"
-TEMP_PASSWORD=$(openssl rand -base64 12 | tr -d '\n')
+TEMP_PASSWORD="$(openssl rand -base64 12 | tr -d '\n')!@#"
 if [ -z "$TEMP_PASSWORD" ]; then
   echo "ERROR: Failed to generate temporary password" >&2
   cleanup_on_error
diff --git a/tuts/074-amazon-textract-gs/amazon-textract-getting-started.sh b/tuts/074-amazon-textract-gs/amazon-textract-getting-started.sh
@@ -198,13 +198,13 @@ BLOCKS_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType":' | wc -l)
 echo "Total blocks detected: $BLOCKS_COUNT"
 
 # Count different block types using jq if available, fallback to grep
-PAGE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "PAGE"' | wc -l)
-LINE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "LINE"' | wc -l)
-WORD_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "WORD"' | wc -l)
-TABLE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "TABLE"' | wc -l)
-CELL_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "CELL"' | wc -l)
-KEY_VALUE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "KEY_VALUE_SET"' | wc -l)
-SIGNATURE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "SIGNATURE"' | wc -l)
+PAGE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "PAGE"' | wc -l || echo 0)
+LINE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "LINE"' | wc -l || echo 0)
+WORD_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "WORD"' | wc -l || echo 0)
+TABLE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "TABLE"' | wc -l || echo 0)
+CELL_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "CELL"' | wc -l || echo 0)
+KEY_VALUE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "KEY_VALUE_SET"' | wc -l || echo 0)
+SIGNATURE_COUNT=$(echo "$ANALYZE_OUTPUT" | grep -o '"BlockType": "SIGNATURE"' | wc -l || echo 0)
 
 echo "Pages: $PAGE_COUNT"
 echo "Lines of text: $LINE_COUNT"
