fix(s3-deployment): doesn't work in ADC regions (#25363)

The AWS CLI that we use to run `aws s3 sync` comes with its own certificate bundle, which doesn't include the certificates used in ADC regions.

Fortunately, Lambda has curated a CA bundle already, we just need to force the CLI to use it.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: rix0rrr

packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeilne-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.assets.json

@@ -53,15 +53,15 @@
         }
       }
     },
-    "f30f5d2688dbc7b1ebba16623b198fd11257f447cb2d01e5325ebad5bfb206d8": {
+    "700b33b613fbd899489f08c591ff8e002d433573bc48eca4a106e66109f3087f": {
       "source": {
         "path": "aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "f30f5d2688dbc7b1ebba16623b198fd11257f447cb2d01e5325ebad5bfb206d8.json",
+          "objectKey": "700b33b613fbd899489f08c591ff8e002d433573bc48eca4a106e66109f3087f.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeilne-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json

@@ -326,6 +326,11 @@
       "Arn"
      ]
     },
+    "Environment": {
+     "Variables": {
+      "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
+     }
+    },
     "Handler": "index.handler",
     "Layers": [
      {

packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeilne-elastic-beanstalk-deploy.js.snapshot/manifest.json

@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f30f5d2688dbc7b1ebba16623b198fd11257f447cb2d01e5325ebad5bfb206d8.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/700b33b613fbd899489f08c591ff8e002d433573bc48eca4a106e66109f3087f.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [

packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeilne-elastic-beanstalk-deploy.js.snapshot/tree.json

@@ -508,6 +508,11 @@
                         "Arn"
                       ]
                     },
+                    "environment": {
+                      "variables": {
+                        "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
+                      }
+                    },
                     "handler": "index.handler",
                     "layers": [
                       {

packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.assets.json

@@ -66,15 +66,15 @@
         }
       }
     },
-    "8aa5759f14144b0e926e1a721b0d46e3703a8858ef439535708bc694c4388650": {
+    "1a9bbcda71c448921127f084fce2798f586bec7ad012007e06ea6a63ef8cdefc": {
       "source": {
         "path": "aws-ecs-integ.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "8aa5759f14144b0e926e1a721b0d46e3703a8858ef439535708bc694c4388650.json",
+          "objectKey": "1a9bbcda71c448921127f084fce2798f586bec7ad012007e06ea6a63ef8cdefc.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json

@@ -1298,6 +1298,11 @@
       "Arn"
      ]
     },
+    "Environment": {
+     "Variables": {
+      "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
+     }
+    },
     "Handler": "index.handler",
     "Layers": [
      {

packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/manifest.json

@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8aa5759f14144b0e926e1a721b0d46e3703a8858ef439535708bc694c4388650.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1a9bbcda71c448921127f084fce2798f586bec7ad012007e06ea6a63ef8cdefc.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [

packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/tree.json

@@ -2092,6 +2092,11 @@
                         "Arn"
                       ]
                     },
+                    "environment": {
+                      "variables": {
+                        "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
+                      }
+                    },
                     "handler": "index.handler",
                     "layers": [
                       {

packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/manifest.json

@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bbd88d83102b3e32b899afe0d87246311679398907317a82708147a774e14faf.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/95bddee0ddc3585e4b7e3eb6a1676f7a96abb59a75d7d9b0631ffa6d30996d20.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [

packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.assets.json

@@ -53,15 +53,15 @@
         }
       }
     },
-    "bbd88d83102b3e32b899afe0d87246311679398907317a82708147a774e14faf": {
+    "95bddee0ddc3585e4b7e3eb6a1676f7a96abb59a75d7d9b0631ffa6d30996d20": {
       "source": {
         "path": "test-bucket-deployments-1.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "bbd88d83102b3e32b899afe0d87246311679398907317a82708147a774e14faf.json",
+          "objectKey": "95bddee0ddc3585e4b7e3eb6a1676f7a96abb59a75d7d9b0631ffa6d30996d20.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }