chore: sync w gitfarm (#1229)

* sync w Gitfarm

.crux_dry_run_build

@@ -0,0 +1,2 @@
+AUTOBUILD
+

addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml

@@ -997,6 +997,29 @@ Resources:
       SecurityGroupIds:
         - !Ref InterfaceEndpointSecurityGroup
 
+  EC2Endpoint:
+    Type: 'AWS::EC2::VPCEndpoint'
+    Condition: isAppStream
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Sid: AllowPrefixListDescription
+            Effect: Allow
+            Principal: '*'
+            Action:
+              - 'ec2:DescribeManagedPrefixLists'
+              - 'ec2:DescribePrefixLists'
+            Resource: '*'
+      SubnetIds:
+        - !Ref PrivateWorkspaceSubnet
+      VpcEndpointType: Interface
+      PrivateDnsEnabled: true
+      ServiceName: !Sub 'com.amazonaws.${AWS::Region}.ec2'
+      VpcId: !Ref VPC
+      SecurityGroupIds:
+        - !Ref InterfaceEndpointSecurityGroup
+
   CfnEndpoint:
     Type: 'AWS::EC2::VPCEndpoint'
     Condition: isAppStream

addons/addon-base-raas/packages/base-raas-services/lib/plugins/roles-only-strategy-plugin.js

@@ -38,15 +38,16 @@ async function onStudyRegistration(payload) {
   const studyEntityUpdated = await studyService.update(systemContext, { id: studyEntity.id, appRoleArn: appRole.arn });
 
   const vpcePolicyService = await container.find('roles-only/vpcePolicyService');
-  const ec2Client = await vpcePolicyService.getEc2ServiceForStudy(systemContext, studyEntity);
-
-  const { accountId, region } = studyEntity;
 
   // Dynamically add the BYOB fs role to the STS VPCE Policy
   const stsVpceId = await vpcePolicyService.getVpceIdFromStudy(systemContext, studyEntity, 'STS');
 
   // null means this is not appstream enabled therefore these steps can be skipped.
   if (stsVpceId !== null) {
+    const ec2Client = await vpcePolicyService.getEc2ServiceForStudy(systemContext, studyEntity);
+
+    const { accountId, region } = studyEntity;
+
     const roleArn = `arn:aws:iam::${accountId}:role/swb-*-fs-*`;
     await vpcePolicyService.addRoleToStsVpcePolicy(ec2Client, roleArn, stsVpceId, 'AllowAssumeRole');
 

main/cicd/cicd-pipeline/config/buildspec/buildspec-delay.yml

@@ -4,7 +4,7 @@ phases:
   install:
     # See supported runtimes at https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
     runtime-versions:
-      nodejs: 12
+      nodejs: 14
 
   build:
     commands:

main/cicd/cicd-pipeline/config/buildspec/buildspec-int-tests.yml

@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      nodejs: 12
+      nodejs: 14
 
   pre_build:
     commands:

main/cicd/cicd-pipeline/config/buildspec/buildspec-uninstall.yml

@@ -4,7 +4,7 @@ phases:
   install:
     # See supported runtimes at https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
     runtime-versions:
-      nodejs: 12
+      nodejs: 14
 
   pre_build:
     commands:

main/cicd/cicd-pipeline/config/buildspec/buildspec.yml

@@ -4,8 +4,7 @@ phases:
   install:
     # See supported runtimes at https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
     runtime-versions:
-      nodejs: 12
-      golang: 1.13
+      nodejs: 14
 
   pre_build:
     commands:

main/cicd/cicd-pipeline/config/infra/cloudformation.yml

@@ -815,7 +815,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -844,7 +844,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -871,7 +871,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -898,7 +898,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -926,7 +926,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
         EnvironmentVariables:
           - Name: DEPLOYMENT_BUCKET
             Value: ${self:provider.deploymentBucket.name}
@@ -953,7 +953,7 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_LARGE
         Type: LINUX_CONTAINER
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0
+        Image: aws/codebuild/standard:5.0
       ServiceRole: !GetAtt AppDeployerRole.Arn
       QueuedTimeoutInMinutes: 180
       TimeoutInMinutes: 90

scripts/app-stream/start-image-builder.js

@@ -23,7 +23,7 @@ const StartImageBuilder = class StartImageBuilder {
     this.imageBuilderName = `SWBImageBuilder-${Date.now()}`;
     this.imageName =
       imageName === "default"
-        ? "AppStream-WinServer2019-07-12-2022"
+        ? "AppStream-WinServer2019-06-12-2023"
         : imageName;
     this.imageSize =
       imageSize === "default" ? "stream.standard.medium" : imageSize;