From 3e5b5e851440e00353ab9e3a087799bdf7b841db Mon Sep 17 00:00:00 2001 From: PoeppingT Date: Thu, 10 Nov 2022 10:42:13 -0800 Subject: [PATCH] Bugfixes for IAM certificates in China (#412) * Fix Joda time deserialization bug introduced by upgrading Jackson in 8d2f71e3d47dcfafd12a75e0a88d00bac1c725cb * Different syntax for CloudFront when the certificate is in IAM Co-authored-by: brtrvn --- .../saasfactory/saasboost/SaaSBoostInstall.java | 2 +- resources/saas-boost.yaml | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/installer/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/SaaSBoostInstall.java b/installer/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/SaaSBoostInstall.java index 5a3766cc..f0e5fc87 100644 --- a/installer/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/SaaSBoostInstall.java +++ b/installer/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/SaaSBoostInstall.java @@ -537,7 +537,7 @@ protected void installSaaSBoost(String existingBucket) { System.out.print("Type the number of the certificate to use and press enter: "); Integer choice = Keyboard.readInt(); try { - adminWebAppCertificate = serverCertificates.get((choice - 1)).arn(); + adminWebAppCertificate = serverCertificates.get((choice - 1)).serverCertificateId(); LOGGER.info("Setting admin web app certificate = [{}]", adminWebAppCertificate); break; } catch (NullPointerException | IndexOutOfBoundsException e) { diff --git a/resources/saas-boost.yaml b/resources/saas-boost.yaml index 84600aa8..85a6f355 100644 --- a/resources/saas-boost.yaml +++ b/resources/saas-boost.yaml @@ -105,9 +105,12 @@ Conditions: ShouldCreateMacroResources: !Equals [!Ref CreateMacroResources, 'true'] UseCognito: !Equals [!Ref SystemIdentityProvider, 'COGNITO'] UseKeycloak: !Equals [!Ref SystemIdentityProvider, 'KEYCLOAK'] - IsChinaRegion: !Equals [!Ref AWS::Partition, 'aws-cn'] + InChinaRegion: !Equals [!Ref AWS::Partition, 'aws-cn'] + NotInChinaRegion: !Not [!Equals [!Ref AWS::Partition, 'aws-cn']] HasAdminWebAppCustomDomain: !Not [!Equals [!Ref AdminWebAppDomain, '']] HasSystemIdPCustomDomain: !Not [!Equals [!Ref SystemIdentityProviderDomain, '']] + AdminWebAppCustomDomainInChina: !And [!Condition InChinaRegion, !Condition HasAdminWebAppCustomDomain] + AdminWebAppCustomDomainNotInChina: !And [!Condition NotInChinaRegion, !Condition HasAdminWebAppCustomDomain] Resources: SSMSaaSBoostEnvironment: Type: AWS::SSM::Parameter @@ -402,20 +405,21 @@ Resources: ViewerProtocolPolicy: redirect-to-https Compress: true ForwardedValues: !If - - IsChinaRegion + - InChinaRegion - QueryString: true Cookies: Forward: none - !Ref 'AWS::NoValue' # CachingOptimized managed cache policy - CachePolicyId: !If [IsChinaRegion, !Ref 'AWS::NoValue', 658327ea-f89d-4fab-a63d-7e88639e58f6] + CachePolicyId: !If [InChinaRegion, !Ref 'AWS::NoValue', 658327ea-f89d-4fab-a63d-7e88639e58f6] # CORS-S3Origin managed origin request policy - OriginRequestPolicyId: !If [IsChinaRegion, !Ref 'AWS::NoValue', 88a5eaf4-2fd4-4709-b370-b4c650ea3fcf] + OriginRequestPolicyId: !If [InChinaRegion, !Ref 'AWS::NoValue', 88a5eaf4-2fd4-4709-b370-b4c650ea3fcf] # CORS-with-preflight-and-SecurityHeadersPolicy managed response headers policy ResponseHeadersPolicyId: eaab4381-ed33-4a86-88ca-d9558dc6cd63 ViewerCertificate: CloudFrontDefaultCertificate: !If [HasAdminWebAppCustomDomain, !Ref 'AWS::NoValue', true] - AcmCertificateArn: !If [HasAdminWebAppCustomDomain, !Ref AdminWebAppCertificate, !Ref 'AWS::NoValue'] + AcmCertificateArn: !If [AdminWebAppCustomDomainNotInChina, !Ref AdminWebAppCertificate, !Ref 'AWS::NoValue'] + IamCertificateId: !If [AdminWebAppCustomDomainInChina, !Ref AdminWebAppCertificate, !Ref 'AWS::NoValue'] MinimumProtocolVersion: !If [HasAdminWebAppCustomDomain, TLSv1, !Ref 'AWS::NoValue'] SslSupportMethod: !If [HasAdminWebAppCustomDomain, sni-only, !Ref 'AWS::NoValue'] SaaSBoostUtilsLayer: