fix(cli): support CA bundle and proxy at the same time

packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts

@@ -376,30 +376,21 @@ function parseHttpOptions(options: SdkHttpOptions) {
 
   const caBundlePath = options.caBundlePath || caBundlePathFromEnvironment();
 
-  if (options.proxyAddress && caBundlePath) {
-    throw new Error(`At the moment, cannot specify Proxy (${options.proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https://github.com/aws/aws-cdk/issues/5804`);
-    // Maybe it's possible after all, but I've been staring at
-    // https://github.com/TooTallNate/node-proxy-agent/blob/master/index.js#L79
-    // a while now trying to figure out what to pass in so that the underlying Agent
-    // object will get the 'ca' argument. It's not trivial and I don't want to risk it.
-  }
-
   if (caBundlePath) {
     debug('Using CA bundle path: %s', caBundlePath);
-    config.httpOptions.agent = new https.Agent({
-      ca: readIfPossible(caBundlePath),
-      keepAlive: true,
-    });
-  } else {
-    // Configure the proxy agent. By default, this will use HTTPS?_PROXY and
-    // NO_PROXY environment variables to determine which proxy to use for each
-    // request.
-    //
-    // eslint-disable-next-line @typescript-eslint/no-require-imports
-    const ProxyAgent: any = require('proxy-agent');
-    config.httpOptions.agent = new ProxyAgent();
   }
 
+  // Configure the proxy agent. By default, this will use HTTPS?_PROXY and
+  // NO_PROXY environment variables to determine which proxy to use for each
+  // request.
+  //
+  // eslint-disable-next-line @typescript-eslint/no-require-imports
+  const ProxyAgent: any = require('proxy-agent');
+  config.httpOptions.agent = new ProxyAgent({
+    ...caBundlePath ? { ca: readIfPossible(caBundlePath) } : undefined,
+    keepAlive: true,
+  });
+
   return config;
 }