Validate ownership of distribution buckets

CHANGELOG.md

@@ -6,40 +6,117 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [2.0.5] - 2021-6-15
 
-Bug fix: Support filenames with multiple periods
-Bug fix: Support text detection in images
-Bug fix: Upgrade axios package to resolve security deficiency
-Bug fix: Use the Elasticsearch node size specified by the user if it is specified
-New feature: Decouple MIE from the content analysis code base. This leads to a greatly simplified code base for content analysis, and reduces the burden of upgrading.
-Update docs to include info on error handling, XRay tracing, and cost
-New feature: Allow users to users to control playback speed in the video player.
-New feature: Allow users to enable encryption with custom KMS keys for Amazon Comprehend.
-New feature: Include the cloud formation stack name in the invitation email
-Bug fix: Use correct units for video bit rate in Media Summary box
-Documentation: Explain how to get the URL for the user interface in the README
-Documentation: Explain how to invoke workflows from the command line in the README.
-Bug fix: Use correct units for video bit rate and video frame rate in the GUI.
-Bug fix: Disable the person tracking operator by default since it is not used in the GUI.
+- Bug fix: Support filenames with multiple periods
+- Bug fix: Support text detection in images
+- Bug fix: Upgrade axios package to resolve security deficiency
+- Bug fix: Use the Elasticsearch node size specified by the user if it is specified
+- Bug fix: Use correct units for video bit rate in Media Summary box
+- Bug fix: Use correct units for video bit rate and video frame rate in the GUI.
+- Bug fix: Disable the person tracking operator by default since it is not used in the GUI.
+- New feature: Decouple MIE from the content analysis code base. This leads to a greatly simplified code base for content analysis, and reduces the burden of upgrading.
+- New feature: Add configurations for automated code scanning tools, viperlight and cfn_nag. 
+- New feature: Add GitHub action for automated build, deploy, and UI testing.
+- New feature: Allow users to control playback speed in the video player.
+- New feature: Allow users to enable encryption with custom KMS keys for Amazon Comprehend.
+- New feature: Include the cloud formation stack name in the invitation email
+- Documentation: Update docs to include info on error handling, XRay tracing, and cost
+- Documentation: Explain how to get the URL for the user interface in the README
+- Documentation: Explain how to invoke workflows from the command line in the README.
 
 ### Added
-- Nothing
+- ./.viperlightignore
+- ./buildspec.yml
+- ./deployment/aws-content-analysis-video-workflow.yaml
+- ./deployment/aws-content-analysis-use-existing-mie-stack.yaml
+- ./deployment/aws-content-analysis.yaml
+- ./deployment/aws-content-analysis-image-workflow.yaml
+- ./deployment/aws-content-analysis-auth.yaml
+- ./deployment/aws-content-analysis-web.yaml
+- ./deployment/aws-content-analysis-elasticsearch.yaml
+- ./github/workflows/pr-workflow.yml
+- ./source/website/test/Dockerfile
+- ./source/website/test/screenshot14_configure_workflow_form_clear_all.png
+- ./source/website/test/README.md
+- ./source/website/test/screenshot13_configure_workflow_form_default.png
+- ./source/website/test/screenshot15_configure_workflow_form_select_all.png
+- ./source/website/test/app.js
+- ./source/website/public/index.html
+- ./source/website/public/img
+- ./source/website/public/img/icons
+- ./source/website/public/img/icons/favicon-16x16.png
+- ./source/website/public/runtimeConfig.json
+- ./source/website/public/manifest.json
+- ./source/website/public/robots.txt
+- ./source/website/babel.config.js
+- ./source/website/package-lock.json
+- ./source/website/package.json
+- ./source/website/vue.config.js
+- ./source/website/src/App.vue
+- ./source/website/src/main.js
+- ./source/website/src/components
+- ./source/website/src/components/TechnicalCues.vue
+- ./source/website/src/components/Celebrities.vue
+- ./source/website/src/components/Translation.vue
+- ./source/website/src/components/Transcript.vue
+- ./source/website/src/components/LabelObjects.vue
+- ./source/website/src/components/ShotDetection.vue
+- ./source/website/src/components/FaceDetection.vue
+- ./source/website/src/components/ComprehendEntities.vue
+- ./source/website/src/components/ComponentLoadingError.vue
+- ./source/website/src/components/ContentModeration.vue
+- ./source/website/src/components/ImageFeature.vue
+- ./source/website/src/components/Header.vue
+- ./source/website/src/components/VideoPlayer.vue
+- ./source/website/src/components/Loading.vue
+- ./source/website/src/components/TextDetection.vue
+- ./source/website/src/components/MediaSummaryBox.vue
+- ./source/website/src/components/vue-dropzone.vue
+- ./source/website/src/components/LineChart.vue
+- ./source/website/src/components/VideoThumbnail.vue
+- ./source/website/src/components/ComprehendKeyPhrases.vue
+- ./source/website/src/router.js
+- ./source/website/src/static
+- ./source/website/src/static/favicon.ico
+- ./source/website/src/registerServiceWorker.js
+- ./source/website/src/views
+- ./source/website/src/views/UploadToAWSS3.vue
+- ./source/website/src/views/Login.vue
+- ./source/website/src/views/Analysis.vue
+- ./source/website/src/views/Collection.vue
+- ./source/website/src/services
+- ./source/website/src/services/urlsigner.js
+- ./source/website/src/store
+- ./source/website/src/store/mutations.js
+- ./source/website/src/store/actions.js
+- ./source/website/src/store/index.js
+- ./source/website/src/store/state.js
+- ./source/consumer/requirements.txt
+- ./source/consumer/lambda_handler.py
+- ./source/consumer/package
+- ./source/helper/website_helper.py
+- ./source/helper/webapp-manifest.json
 
 ### Changed
-- deployment/aws-content-analysis.yaml
-- source/operators/rekognition/start_celebrity_recognition.py
-- source/operators/rekognition/start_content_moderation.py
-- source/operators/rekognition/start_face_detection.py
-- source/operators/rekognition/start_face_search.py
-- source/operators/rekognition/start_label_detection.py
-- source/operators/rekognition/start_person_tracking.py
-- source/operators/transcribe/start_transcribe.py
-- source/webapp/src/components/MediaSummaryBox.vue
-- source/webapp/src/views/Analysis.vue
-- source/webapp/src/views/UploadToAWSS3.vue
-- source/workflowapi/app.py
+- ./CHANGELOG.md
+- ./README.md
+- ./deployment/build-s3.dist.sh
+- ./deployment/build-open-source.sh
 
 ### Removed
-- Nothing.
+- ./aws-content-analysis/
+- ./aws-content-analysis.zip
+- ./deployment/media-insights-dataplane-streaming-stack.yaml
+- ./deployment/media-insights-webapp.yaml
+- ./deployment/media-insights-elasticsearch.yaml
+- ./deployment/string.yaml
+- ./deployment/MieCompleteWorkflow.yaml
+- ./deployment/rekognition.yaml
+- ./source/workflowapi/
+- ./source/anonymous-data-logger/
+- ./source/operators/
+- ./source/lambda_layer_factory/
+- ./source/website/package-lock.json
+- ./source/webapp/
 
 ## [1.0.2] - 2020-10-15
 

deployment/build-s3-dist.sh

@@ -57,7 +57,6 @@ cleanup() {
   if [[ "$VIRTUAL_ENV" != "" ]];
   then
     deactivate
-    #rm -rf "$VENV"
     echo "------------------------------------------------------------------------------"
     echo "Cleaning up complete"
     echo "------------------------------------------------------------------------------"
@@ -319,12 +318,30 @@ if [ "$global_bucket" != "solutions-reference" ] && [ "$global_bucket" != "solut
   echo "------------------------------------------------------------------------------"
   echo "Copy dist to S3"
   echo "------------------------------------------------------------------------------"
-
+  echo "Validating ownership of distribution buckets before copying deployment assets to them..."
+  # Get account id
+  account_id=$(aws sts get-caller-identity --query Account --output text)
+  if [ $? -ne 0 ]; then
+    msg "ERROR: Failed to get AWS account ID"
+    die 1
+  fi
+  # Validate ownership of $global_dist_dir
+  aws s3api head-bucket --bucket $global_bucket --expected-bucket-owner $account_id
+  if [ $? -ne 0 ]; then
+    msg "ERROR: Your AWS account does not own s3://$global_bucket/"
+    die 1
+  fi
+  # Validate ownership of ${regional_bucket}-${region}
+  aws s3api head-bucket --bucket ${regional_bucket}-${region} --expected-bucket-owner $account_id
+  if [ $? -ne 0 ]; then
+    msg "ERROR: Your AWS account does not own s3://${regional_bucket}-${region} "
+    die 1
+  fi
+  # Copy deployment assets to distribution buckets
   cd "$build_dir"/ || exit 1
   echo "Copying the prepared distribution to:"
   echo "s3://$global_bucket/aws-content-analysis/$version/"
   echo "s3://${regional_bucket}-${region}/aws-content-analysis/$version/"
-
   set -x
   aws s3 sync $global_dist_dir s3://$global_bucket/aws-content-analysis/$version/ $(if [ ! -z $profile ]; then echo "--profile $profile"; fi)
   aws s3 sync $regional_dist_dir s3://${regional_bucket}-${region}/aws-content-analysis/$version/ $(if [ ! -z $profile ]; then echo "--profile $profile"; fi)