Apply technical requirements (R1, R2, R9, R10, R13)

- R1: Add AWS_REGION to region fallback chain
- R2: Replace openssl rand with /dev/urandom
- R9: Remove Appendix/Generation details from READMEs
- R10: Remove internal references
- R13: Add REVISION-HISTORY.md

Author: mwunderl

tuts/174-iam-access-analyzer/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 174-iam-access-analyzer
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/174-iam-access-analyzer/iam-access-analyzer.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/aa.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4); ANALYZER="tut-analyzer-${RANDOM_ID}"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); ANALYZER="tut-analyzer-${RANDOM_ID}"
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
 cleanup() { echo ""; echo "Cleaning up..."; [ -n "$ANALYZER_ARN" ] && aws accessanalyzer delete-analyzer --analyzer-name "$ANALYZER" 2>/dev/null && echo "  Deleted analyzer"; rm -rf "$WORK_DIR"; echo "Done."; }
 echo "Step 1: Creating analyzer: $ANALYZER"

tuts/188-iam-mfa-devices/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 188-iam-mfa-devices
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/188-iam-mfa-devices/iam-mfa.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/tut.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
 echo "Step 1: Listing MFA devices"
 aws iam list-mfa-devices --query 'MFADevices[].{User:UserName,Serial:SerialNumber,Enabled:EnableDate}' --output table 2>/dev/null || echo "  No MFA devices"
 echo "Step 2: Listing virtual MFA devices"

tuts/194-iam-password-policy/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 194-iam-password-policy
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/194-iam-password-policy/iam-password-policy.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/tut.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
 echo "Step 1: Getting current password policy"
 aws iam get-account-password-policy --query 'PasswordPolicy.{MinLength:MinimumPasswordLength,RequireUpper:RequireUppercaseCharacters,RequireLower:RequireLowercaseCharacters,RequireNumbers:RequireNumbers,RequireSymbols:RequireSymbols,MaxAge:MaxPasswordAge,ExpirePasswords:ExpirePasswords}' --output table 2>/dev/null || echo "  No custom password policy set"
 echo "Step 2: Getting account authorization details summary"

tuts/199-iam-groups/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 199-iam-groups
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/199-iam-groups/iam-groups.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/tut.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4); G="tut-group-${RANDOM_ID}"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); G="tut-group-${RANDOM_ID}"
 cleanup() { aws iam detach-group-policy --group-name "$G" --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess 2>/dev/null; aws iam delete-group --group-name "$G" 2>/dev/null; rm -rf "$WORK_DIR"; echo "Done."; }
 echo "Step 1: Creating group: $G"; aws iam create-group --group-name "$G" > /dev/null
 echo "Step 2: Attaching policy"; aws iam attach-group-policy --group-name "$G" --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

tuts/205-iam-service-linked-roles/REVISION-HISTORY.md

@@ -0,0 +1,8 @@
+# Revision History: 205-iam-service-linked-roles
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+

tuts/205-iam-service-linked-roles/iam-service-linked-roles.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/tut.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
 echo "Step 1: Listing service-linked roles"; aws iam list-roles --query 'Roles[?starts_with(Path, `/aws-service-role/`)][:10].{Name:RoleName,Service:Path}' --output table
 echo "Step 2: Counting roles by type"; echo "  Service-linked: $(aws iam list-roles --query 'Roles[?starts_with(Path, `/aws-service-role/`)] | length(@)' --output text)"
 echo "  Custom: $(aws iam list-roles --query 'Roles[?Path==`/`] | length(@)' --output text)"