fix(region-info): ssm service principal - fix more regions (#18135)

ocher · web-flow · commit ed30c4459666 · 2021-12-22T17:00:14.000Z
The #17984 (big kudos to @rix0rrr for that) introduced a fix for the SSM service principal format which depends on the region. However, due to a typo in that PR some of regions still don't have correct SSM service principal. Currently the SSM service principal for the following regions incorrectly include region, while according to the [issue #16188](#16188) it should be only added to all regions since `ap-east-1`. ``` cn-north-1 us-iso-east-1 eu-central-1 ap-northeast-2 ap-south-1 us-east-2 ca-central-1 eu-west-2 us-isob-east-1 cn-northwest-1 eu-west-3 ap-northeast-3 us-gov-east-1 eu-north-1 ``` It works like that because by accident `RULE_SSM_PRINCIPALS_ARE_REGIONAL` has the same value as `RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN`. This causes incorrect results returned by the `aws-entities/before` function. This PR fixes that issue. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk/region-info/lib/aws-entities.ts b/packages/@aws-cdk/region-info/lib/aws-entities.ts
@@ -11,7 +11,7 @@ export const RULE_SSM_PRINCIPALS_ARE_REGIONAL = `${RULE_}SSM_PRINCIPALS_ARE_REGI
  *
  * Before this point, S3 website domains look like `s3-website-REGION.s3.amazonaws.com`.
  */
-export const RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN = `${RULE_}SSM_PRINCIPALS_ARE_REGIONAL`;
+export const RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN = `${RULE_}S3_WEBSITE_REGIONAL_SUBDOMAIN`;
 
 /**
  * List of AWS region, ordered by launch date (oldest to newest)
@@ -144,4 +144,4 @@ export function generateRegionMap(cb: (region: string) => string): Record<string
     ret[region] = cb(region);
   }
   return ret;
-}
+}
diff --git a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap
@@ -121,7 +121,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ap-northeast-2.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ap-northeast-2.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -152,7 +152,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ap-northeast-3.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ap-northeast-3.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -183,7 +183,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ap-south-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ap-south-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -307,7 +307,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ca-central-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ca-central-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -338,7 +338,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.cn-north-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.cn-north-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce",
@@ -369,7 +369,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.cn-northwest-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.cn-northwest-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce",
@@ -400,7 +400,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-central-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-central-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -431,7 +431,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-north-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-north-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -555,7 +555,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-west-2.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-west-2.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -586,7 +586,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-west-3.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-west-3.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -710,7 +710,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-east-2.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.us-east-2.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -741,7 +741,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-gov-east-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.us-gov-east-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -803,7 +803,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-iso-east-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "gov.ic.c2s.vpce",
@@ -865,7 +865,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-isob-east-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "gov.sgov.sc2s.vpce",
diff --git a/packages/@aws-cdk/region-info/test/default.test.ts b/packages/@aws-cdk/region-info/test/default.test.ts
@@ -54,7 +54,8 @@ describe('servicePrincipal', () => {
 describe('spot-check some service principals', () => {
   test('ssm', () => {
     expect(Default.servicePrincipal('ssm.amazonaws.com', 'us-east-1', 'x')).toBe('ssm.amazonaws.com');
+    expect(Default.servicePrincipal('ssm.amazonaws.com', 'eu-north-1', 'x')).toBe('ssm.amazonaws.com');
     expect(Default.servicePrincipal('ssm.amazonaws.com', 'ap-east-1', 'x')).toBe('ssm.ap-east-1.amazonaws.com');
     expect(Default.servicePrincipal('ssm.amazonaws.com', 'eu-south-1', 'x')).toBe('ssm.eu-south-1.amazonaws.com');
   });
-});
+});

Original file line number	Diff line number	Diff line change
@@ -11,7 +11,7 @@ export const RULE_SSM_PRINCIPALS_ARE_REGIONAL = `${RULE_}SSM_PRINCIPALS_ARE_REGI
`11`	`11`	`*`
`12`	`12`	* Before this point, S3 website domains look like `s3-website-REGION.s3.amazonaws.com`.
`13`	`13`	`*/`
`14`		-export const RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN = `${RULE_}SSM_PRINCIPALS_ARE_REGIONAL`;
	`14`	+export const RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN = `${RULE_}S3_WEBSITE_REGIONAL_SUBDOMAIN`;
`15`	`15`
`16`	`16`	`/**`
`17`	`17`	`* List of AWS region, ordered by launch date (oldest to newest)`
`@@ -144,4 +144,4 @@ export function generateRegionMap(cb: (region: string) => string): Record<string`
`144`	`144`	`ret[region] = cb(region);`
`145`	`145`	`}`
`146`	`146`	`return ret;`
`147`		`-}`
	`147`	`+}`