From ed30c4459666840a5c0396e943916e67c76b7135 Mon Sep 17 00:00:00 2001
From: Michal Ochman <ocherek@gmail.com>
Date: Wed, 22 Dec 2021 18:00:14 +0100
Subject: [PATCH] fix(region-info): ssm service principal - fix more regions
 (#18135)

The #17984 (big kudos to @rix0rrr for that) introduced a fix for the SSM service principal format which depends on the region. However, due to a typo in that PR some of regions still don't have correct SSM service principal.

Currently the SSM service principal for the following regions incorrectly include region, while according to the [issue #16188](https://github.com/aws/aws-cdk/issues/16188) it should be only added to all regions since `ap-east-1`.

```
cn-north-1
us-iso-east-1
eu-central-1
ap-northeast-2
ap-south-1
us-east-2
ca-central-1
eu-west-2
us-isob-east-1
cn-northwest-1
eu-west-3
ap-northeast-3
us-gov-east-1
eu-north-1
```

It works like that because by accident `RULE_SSM_PRINCIPALS_ARE_REGIONAL` has the same  value as `RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN`. This causes incorrect results returned by the `aws-entities/before` function.

This PR fixes that issue.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../@aws-cdk/region-info/lib/aws-entities.ts  |  4 +--
 .../__snapshots__/region-info.test.js.snap    | 28 +++++++++----------
 .../@aws-cdk/region-info/test/default.test.ts |  3 +-
 3 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/packages/@aws-cdk/region-info/lib/aws-entities.ts b/packages/@aws-cdk/region-info/lib/aws-entities.ts
index 30d8bc8c2c1d4..84749afba24b9 100644
--- a/packages/@aws-cdk/region-info/lib/aws-entities.ts
+++ b/packages/@aws-cdk/region-info/lib/aws-entities.ts
@@ -11,7 +11,7 @@ export const RULE_SSM_PRINCIPALS_ARE_REGIONAL = `${RULE_}SSM_PRINCIPALS_ARE_REGI
  *
  * Before this point, S3 website domains look like `s3-website-REGION.s3.amazonaws.com`.
  */
-export const RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN = `${RULE_}SSM_PRINCIPALS_ARE_REGIONAL`;
+export const RULE_S3_WEBSITE_REGIONAL_SUBDOMAIN = `${RULE_}S3_WEBSITE_REGIONAL_SUBDOMAIN`;
 
 /**
  * List of AWS region, ordered by launch date (oldest to newest)
@@ -144,4 +144,4 @@ export function generateRegionMap(cb: (region: string) => string): Record<string
     ret[region] = cb(region);
   }
   return ret;
-}
\ No newline at end of file
+}
diff --git a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap
index 32fdb8a6138fb..7ba9353557b9b 100644
--- a/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap
+++ b/packages/@aws-cdk/region-info/test/__snapshots__/region-info.test.js.snap
@@ -121,7 +121,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ap-northeast-2.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ap-northeast-2.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -152,7 +152,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ap-northeast-3.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ap-northeast-3.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -183,7 +183,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ap-south-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ap-south-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -307,7 +307,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.ca-central-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.ca-central-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -338,7 +338,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.cn-north-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.cn-north-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce",
@@ -369,7 +369,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.cn-northwest-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.cn-northwest-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "cn.com.amazonaws.vpce",
@@ -400,7 +400,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-central-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-central-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -431,7 +431,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-north-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-north-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -555,7 +555,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-west-2.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-west-2.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -586,7 +586,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.eu-west-3.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.eu-west-3.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -710,7 +710,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-east-2.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.us-east-2.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -741,7 +741,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-gov-east-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.us-gov-east-1.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "com.amazonaws.vpce",
@@ -803,7 +803,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-iso-east-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "gov.ic.c2s.vpce",
@@ -865,7 +865,7 @@ Object {
       "s3": "s3.amazonaws.com",
       "sns": "sns.amazonaws.com",
       "sqs": "sqs.amazonaws.com",
-      "ssm": "ssm.us-isob-east-1.amazonaws.com",
+      "ssm": "ssm.amazonaws.com",
       "states": "states.amazonaws.com",
     },
     "vpcEndPointServiceNamePrefix": "gov.sgov.sc2s.vpce",
diff --git a/packages/@aws-cdk/region-info/test/default.test.ts b/packages/@aws-cdk/region-info/test/default.test.ts
index 7ee01e802a5bd..d1a320fcaac60 100644
--- a/packages/@aws-cdk/region-info/test/default.test.ts
+++ b/packages/@aws-cdk/region-info/test/default.test.ts
@@ -54,7 +54,8 @@ describe('servicePrincipal', () => {
 describe('spot-check some service principals', () => {
   test('ssm', () => {
     expect(Default.servicePrincipal('ssm.amazonaws.com', 'us-east-1', 'x')).toBe('ssm.amazonaws.com');
+    expect(Default.servicePrincipal('ssm.amazonaws.com', 'eu-north-1', 'x')).toBe('ssm.amazonaws.com');
     expect(Default.servicePrincipal('ssm.amazonaws.com', 'ap-east-1', 'x')).toBe('ssm.ap-east-1.amazonaws.com');
     expect(Default.servicePrincipal('ssm.amazonaws.com', 'eu-south-1', 'x')).toBe('ssm.eu-south-1.amazonaws.com');
   });
-});
\ No newline at end of file
+});