docs: fix duplicate word typos in README files (#37370)

### Reason for this change

Fix repeated words in README files that serve as the official documentation landing pages.

### Description of changes

- `a a` → `a` (aws-cognito-identitypool)
- `the the` → `the` (aws-cognito, aws-ec2, aws-stepfunctions)
- `of of` → `of` (aws-ec2)
- `at at` → `at` (aws-ecr)

### Description of how you validated changes

Documentation-only changes. No functional impact.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

Author: syukawa-gh

packages/aws-cdk-lib/aws-cognito-identitypool/README.md

@@ -3,7 +3,7 @@
 [Amazon Cognito Identity Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) enable you to grant your users access to other AWS services.
 
 Identity Pools are one of the two main components of [Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html), which provides authentication, authorization, and
-user management for your web and mobile apps. Your users can sign in through a a trusted identity provider, like a user 
+user management for your web and mobile apps. Your users can sign in through a trusted identity provider, like a user 
 pool or a SAML 2.0 service, as well as with third party providers such as Facebook, Amazon, Google or Apple. 
 
 The other main component in Amazon Cognito is [user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html). User Pools are user directories that provide sign-up and

packages/aws-cdk-lib/aws-cognito/README.md

@@ -823,7 +823,7 @@ about the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc674
 implementation of
 OAuth2.0](https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/).
 
-The following code configures an app client with the authorization code grant flow and registers the the app's welcome
+The following code configures an app client with the authorization code grant flow and registers the app's welcome
 page as a callback (or redirect) URL. It also configures the access token scope to 'openid'. All of these concepts can
 be found in the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749).
 

packages/aws-cdk-lib/aws-ec2/README.md

@@ -415,7 +415,7 @@ const vpc = new ec2.Vpc(this, 'TheVPC', {
       // group of the same type.
       name: 'Ingress',
 
-      // 'cidrMask' specifies the IP addresses in the range of of individual
+      // 'cidrMask' specifies the IP addresses in the range of individual
       // subnets in the group. Each of the subnets in this group will contain
       // `2^(32 address bits - 24 subnet bits) - 2 reserved addresses = 254`
       // usable IP addresses.
@@ -619,7 +619,7 @@ instance around:
 ### Importing an existing VPC
 
 If your VPC is created outside your CDK app, you can use `Vpc.fromLookup()`.
-The CDK CLI will search for the specified VPC in the the stack's region and
+The CDK CLI will search for the specified VPC in the stack's region and
 account, and import the subnet configuration. Looking up can be done by VPC
 ID, but more flexibly by searching for a specific tag on the VPC.
 

packages/aws-cdk-lib/aws-ecr/README.md

@@ -39,7 +39,7 @@ repository.onImageScanCompleted('ImageScanComplete')
 Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull
 images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and
 additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests.
-More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth).
+More information can be found at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth).
 
 A Docker authorization token can be obtained using the `GetAuthorizationToken` ECR API. The following code snippets
 grants an IAM user access to call this API.

packages/aws-cdk-lib/aws-stepfunctions/README.md

@@ -582,7 +582,7 @@ hits a particular time. The time to wait may be taken from the execution's JSON
 state.
 
 ```ts
-// Wait until it's the time mentioned in the the state object's "triggerTime"
+// Wait until it's the time mentioned in the state object's "triggerTime"
 // field.
 const wait = new sfn.Wait(this, 'Wait For Trigger Time', {
   time: sfn.WaitTime.timestampPath('$.triggerTime'),