Apply technical requirements (R1, R2, R9, R10, R13)

mwunderl · mwunderl · commit b764fed76645 · 2026-04-21T05:17:17.000Z
- R1: Add AWS_REGION to region fallback chain
- R2: Replace openssl rand with /dev/urandom
- R9: Remove Appendix/Generation details from READMEs
- R10: Remove internal references
- R13: Add REVISION-HISTORY.md
diff --git a/tuts/176-s3-encryption/REVISION-HISTORY.md b/tuts/176-s3-encryption/REVISION-HISTORY.md
@@ -0,0 +1,8 @@
+# Revision History: 176-s3-encryption
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+
diff --git a/tuts/176-s3-encryption/s3-encryption.sh b/tuts/176-s3-encryption/s3-encryption.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/s3-encryption.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-echo "Step 1: Creating bucket"; B="enc-tut-$(openssl rand -hex 4)-$(aws sts get-caller-identity --query Account --output text)"; aws s3api create-bucket --bucket "$B" > /dev/null; echo "Step 2: Enabling SSE-S3"; aws s3api put-bucket-encryption --bucket "$B" --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'; echo "Step 3: Checking encryption"; aws s3api get-bucket-encryption --bucket "$B" --query "ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault" --output table; echo "Step 4: Uploading encrypted object"; echo test > /tmp/enc.txt; aws s3 cp /tmp/enc.txt "s3://$B/test.txt" --quiet; aws s3api head-object --bucket "$B" --key test.txt --query "{Encryption:ServerSideEncryption}" --output table; echo "Do you want to clean up? (y/n): "; read -r C; [[ "$C" =~ ^[Yy]$ ]] && { aws s3 rm "s3://$B" --recursive --quiet; aws s3 rb "s3://$B"; echo Done; }
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+echo "Step 1: Creating bucket"; B="enc-tut-$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)-$(aws sts get-caller-identity --query Account --output text)"; aws s3api create-bucket --bucket "$B" > /dev/null; echo "Step 2: Enabling SSE-S3"; aws s3api put-bucket-encryption --bucket "$B" --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'; echo "Step 3: Checking encryption"; aws s3api get-bucket-encryption --bucket "$B" --query "ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault" --output table; echo "Step 4: Uploading encrypted object"; echo test > /tmp/enc.txt; aws s3 cp /tmp/enc.txt "s3://$B/test.txt" --quiet; aws s3api head-object --bucket "$B" --key test.txt --query "{Encryption:ServerSideEncryption}" --output table; echo "Do you want to clean up? (y/n): "; read -r C; [[ "$C" =~ ^[Yy]$ ]] && { aws s3 rm "s3://$B" --recursive --quiet; aws s3 rb "s3://$B"; echo Done; }
diff --git a/tuts/180-s3-access-points/REVISION-HISTORY.md b/tuts/180-s3-access-points/REVISION-HISTORY.md
@@ -0,0 +1,8 @@
+# Revision History: 180-s3-access-points
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+
diff --git a/tuts/180-s3-access-points/s3-access-points.sh b/tuts/180-s3-access-points/s3-access-points.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/ap.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; ACCOUNT=$(aws sts get-caller-identity --query Account --output text); echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4); BUCKET="ap-tut-${RANDOM_ID}-${ACCOUNT}"; AP_NAME="tut-ap-${RANDOM_ID}"
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; ACCOUNT=$(aws sts get-caller-identity --query Account --output text); echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); BUCKET="ap-tut-${RANDOM_ID}-${ACCOUNT}"; AP_NAME="tut-ap-${RANDOM_ID}"
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
 cleanup() { echo ""; echo "Cleaning up..."; aws s3control delete-access-point --account-id "$ACCOUNT" --name "$AP_NAME" 2>/dev/null && echo "  Deleted access point"; aws s3 rm "s3://$BUCKET" --recursive --quiet 2>/dev/null; aws s3 rb "s3://$BUCKET" 2>/dev/null && echo "  Deleted bucket"; rm -rf "$WORK_DIR"; echo "Done."; }
 echo "Step 1: Creating bucket"
diff --git a/tuts/186-s3-object-lock/REVISION-HISTORY.md b/tuts/186-s3-object-lock/REVISION-HISTORY.md
@@ -0,0 +1,8 @@
+# Revision History: 186-s3-object-lock
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+
diff --git a/tuts/186-s3-object-lock/s3-object-lock.sh b/tuts/186-s3-object-lock/s3-object-lock.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/tut.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4); ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
 B="lock-tut-${RANDOM_ID}-${ACCOUNT}"
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap 'handle_error $LINENO' ERR
 cleanup() { echo "Cleaning up..."; echo "  Object Lock buckets require all versions to expire before deletion."; echo "  Manual: aws s3api delete-bucket --bucket $B (after retention expires)"; rm -rf "$WORK_DIR"; echo "Done."; }
diff --git a/tuts/190-s3-transfer-acceleration/REVISION-HISTORY.md b/tuts/190-s3-transfer-acceleration/REVISION-HISTORY.md
@@ -0,0 +1,8 @@
+# Revision History: 190-s3-transfer-acceleration
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+
diff --git a/tuts/190-s3-transfer-acceleration/s3-transfer-acceleration.sh b/tuts/190-s3-transfer-acceleration/s3-transfer-acceleration.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/tut.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4); ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
 B="accel-tut-${RANDOM_ID}-${ACCOUNT}"
 cleanup() { echo "Cleaning up..."; aws s3 rm "s3://$B" --recursive --quiet 2>/dev/null; aws s3 rb "s3://$B" 2>/dev/null && echo "  Deleted bucket"; rm -rf "$WORK_DIR"; echo "Done."; }
 echo "Step 1: Creating bucket"
diff --git a/tuts/196-s3-inventory/REVISION-HISTORY.md b/tuts/196-s3-inventory/REVISION-HISTORY.md
@@ -0,0 +1,8 @@
+# Revision History: 196-s3-inventory
+
+## Shell (CLI script)
+
+### 2026-04-14 v1 published
+- Type: functional
+- Initial version
+
diff --git a/tuts/196-s3-inventory/s3-inventory.sh b/tuts/196-s3-inventory/s3-inventory.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 WORK_DIR=$(mktemp -d); exec > >(tee -a "$WORK_DIR/tut.log") 2>&1
-REGION=${AWS_DEFAULT_REGION:-$(aws configure get region 2>/dev/null)}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
-RANDOM_ID=$(openssl rand -hex 4); ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
+REGION=${AWS_DEFAULT_REGION:-${AWS_REGION:-$(aws configure get region 2>/dev/null))}; [ -z "$REGION" ] && echo "ERROR: No region" && exit 1; export AWS_DEFAULT_REGION="$REGION"; echo "Region: $REGION"
+RANDOM_ID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1); ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
 SRC="inv-src-${RANDOM_ID}-${ACCOUNT}"; DST="inv-dst-${RANDOM_ID}-${ACCOUNT}"
 handle_error() { echo "ERROR on line $1"; trap - ERR; cleanup; exit 1; }; trap '"'"'handle_error $LINENO'"'"' ERR
 cleanup() { echo "Cleaning up..."; aws s3api delete-bucket-inventory-configuration --bucket "$SRC" --id tutorial-inventory 2>/dev/null; aws s3 rm "s3://$SRC" --recursive --quiet 2>/dev/null; aws s3 rb "s3://$SRC" 2>/dev/null; aws s3 rm "s3://$DST" --recursive --quiet 2>/dev/null; aws s3 rb "s3://$DST" 2>/dev/null; rm -rf "$WORK_DIR"; echo "Done."; }
