Update from upstream to v6.0.0 (#9)

* git actions to origin (awslabs#1139)

* chore(deps): bump golang.org/x/sys (awslabs#1138)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.0.0-20201026173827-119d4633e4d1 to 0.1.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: FernandoAranda <fernandoarandacarrillo@gmail.com>

* Revert "chore(deps): bump golang.org/x/sys (awslabs#1138)" (awslabs#1140)

This reverts commit c836c57.

Co-authored-by: Fernando Aranda <farandac@amazon.com>

* fix: s3 CLI command fix (awslabs#1149)

* docs: remove Docusaurus and use IG (awslabs#1150)

* fix: sagemaker autostop (awslabs#1153)

* fix: autostop sagemaker fix for non TRE/no study mounting (awslabs#1154)

* Minor documentation updates to reconcile differences between AWS website and Repository. Additionally included step for the Cloud9 installation instructions to specify a public subnet for VPC installation. If you do not you cannot use AWS Managed Temporary Credentials and will break the install of Cloud9 without a very verbose error message. (awslabs#1151)

* chore(deps): bump golang.org/x/sys from 0.0.0-20201026173827-119d4633e4d1 to 0.1.0 in /addons/addon-raas-s3-copy/packages/s3-synchronizer (awslabs#1152)

* fix: go mod format (awslabs#1163)

* Add elasticmapreduce:AddTags permission to LaunchConstraint role (awslabs#1164)

* fix: upgrade goland in buildspec (awslabs#1166)

* fix: upgrade code build image for target env deploy project (awslabs#1168)

* revert: revert Go version upgrade (awslabs#1169)

* Update deploy-integ-appstream-egress.yml (awslabs#1172)

* Update deploy-integ-appstream-egress.yml

Added OIDC config for role assumption

* Update deploy-integ.yml

Adding OIDC changes to deploy-integ.yml

* Update deploy-integ-appstream-egress.yml

Delete comments

* Update deploy-integ.yml

replace hardcoded region

* Update README.md

Updating readme

* OIDC permissions (awslabs#1173)

* Add permissions to deploys

* trigger unit tests

---------

Co-authored-by: Marianna Ghirardelli <ghirard@amazon.com>

* chore(deps): bump xml2js and aws-sdk in /scripts/load-test-workspaces (awslabs#1171)

Bumps [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) to 0.5.0 and updates ancestor dependency [aws-sdk](https://github.com/aws/aws-sdk-js). These dependencies need to be updated together.


Updates `xml2js` from 0.4.19 to 0.5.0
- [Release notes](https://github.com/Leonidas-from-XIV/node-xml2js/releases)
- [Commits](Leonidas-from-XIV/node-xml2js@0.4.19...0.5.0)

Updates `aws-sdk` from 2.814.0 to 2.1354.0
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](aws/aws-sdk-js@v2.814.0...v2.1354.0)

---
updated-dependencies:
- dependency-name: xml2js
  dependency-type: indirect
- dependency-name: aws-sdk
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tyler Mikev <112508158+aws-tyler@users.noreply.github.com>

* fix: Make SageMaker IAM policy case insensitive (awslabs#1177)

* chore(release): 5.2.8 (awslabs#1178)

* chore(release): 5.2.8

* mend

---------

Co-authored-by: Fernando Aranda <farandac@amazon.com>

* Atmikev/creds restrictions (awslabs#1181)

* Added SourceVPC boundaries for EC2 Linux, Windows, and EMR

* Exporting S3 VpcEndpoint value from onboarding

* Removing EMR changes

* chore(release): 5.2.9 (awslabs#1182)

* chore(release): 5.2.9

* chore(release): 5.2.9

* [feat] Use S3VPCE to prevent S3 access outside of VPC (awslabs#1183)

* docs: Add Beta

* fix: add OwnershipControls for LoggingBucket (awslabs#1185)

* Revert "[feat] Use S3VPCE to prevent S3 access outside of VPC" (awslabs#1187)

* chore(release): 5.2.10 (awslabs#1188)

* [chore] Add conditionals for TRE permission boundaries (awslabs#1186)

* [chore] Add conditionals for TRE permission boundaries

* Updated cypress integration test configs

* docs: Add Beta

* Add an S3 Endpoint for Non-TRE deployments (awslabs#1189)

* Update templates

* always populate SolutionName

* There is no isAppStream in EMR

* Always autopopulate the value for SolutionName

* Added script to reroute S3 connections through VPC

* chore(release): 5.2.11 (awslabs#1191)

* Deny all non-admins access to user list.

* Omit the 'external-researcher' user role as it isn't included in the response from api/user-roles

* fix: BYOB role updates for VPCE restrictions (awslabs#1197)

* fix: BYOB role updates for VPCE restrictions

* fix: making projectId required for BYOB (awslabs#1198)

* fix: add missing proj ID for integ tests

* chore: update pipeline test config (awslabs#1199)

* docs: Add Beta

* chore(release): v6.0.0 (awslabs#1200)

* chore(release): 6.0.0

* EMR AL2 upgrade (awslabs#1205)

* feat: remove hail provisioning from EMR and upgrade to AL2

* feat: swap to EMR installed JupyterHub instead of installing our own.

* docs: Add Beta

* chore(deps): bump fast-xml-parser, @aws-sdk/client-appstream, @aws-sdk/client-ec2 and @aws-sdk/client-s3 (awslabs#1207)

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) to 4.2.5 and updates ancestor dependencies [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser), [@aws-sdk/client-appstream](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-appstream), [@aws-sdk/client-ec2](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ec2) and [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3). These dependencies need to be updated together.


Updates `fast-xml-parser` from 4.2.4 to 4.2.5
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.2.4...v4.2.5)

Updates `@aws-sdk/client-appstream` from 3.350.0 to 3.369.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-appstream/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.369.0/clients/client-appstream)

Updates `@aws-sdk/client-ec2` from 3.350.0 to 3.369.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-ec2/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.369.0/clients/client-ec2)

Updates `@aws-sdk/client-s3` from 3.350.0 to 3.369.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.369.0/clients/client-s3)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-type: indirect
- dependency-name: "@aws-sdk/client-appstream"
  dependency-type: direct:production
- dependency-name: "@aws-sdk/client-ec2"
  dependency-type: direct:production
- dependency-name: "@aws-sdk/client-s3"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sanket Dharwadkar <sdharwad@amazon.com>
Co-authored-by: Kevin Park <103979972+kpark277@users.noreply.github.com>

* chore(deps-dev): bump word-wrap in /scripts/load-test-workspaces (awslabs#1210)

* chore(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 in /scripts/app-stream (awslabs#1211)

* test: extend emr e2e test timeout to 20 min (awslabs#1214)

* chore(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 in /main/end-to-end-tests (awslabs#1212)

* feat: add IMDSv2 support on AMI creation (awslabs#1215)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: jane yu <118856243+janeyuaws@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: FernandoAranda <fernandoarandacarrillo@gmail.com>
Co-authored-by: Fernando Aranda <farandac@amazon.com>
Co-authored-by: Sanket Dharwadkar <sdharwad@amazon.com>
Co-authored-by: Marianna Ghirardelli <43092418+maghirardelli@users.noreply.github.com>
Co-authored-by: spensireli <spencerconklin92@gmail.com>
Co-authored-by: Kevin Park <103979972+kpark277@users.noreply.github.com>
Co-authored-by: Tyler Mikev <112508158+aws-tyler@users.noreply.github.com>
Co-authored-by: Marianna Ghirardelli <ghirard@amazon.com>
Co-authored-by: GitHub Action <action@github.com>

.github/workflows/deploy-integ-appstream-egress.yml

@@ -8,6 +8,8 @@ on:
   push:
     branches:
       - develop
+permissions:
+      id-token: write
 jobs:
   pre-deployment-check:
     name: Pre deployment check
@@ -40,11 +42,16 @@ jobs:
         run: ./scripts/install.sh
       - name: Build all packages
         run: ./scripts/build-all-packages.sh
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: OIDCSessionName
+          role-duration-seconds: 10800
+          aws-region: ${{ secrets.AWS_DEV_REGION }}
       - name: Deploy
         env:
           STAGE_NAME: tre
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS}}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }}
           AWS_CERTIFICATE_ARN: ${{ secrets.AWS_CERTIFICATE_ARN_APPSTREAM_EGRESS }}
           AWS_DOMAIN_NAME: ${{ secrets.AWS_DOMAIN_NAME_APPSTREAM_EGRESS }}
           AWS_HOSTED_ZONE_ID: ${{ secrets.AWS_HOSTED_ZONE_ID_APPSTREAM_EGRESS }}
@@ -68,12 +75,17 @@ jobs:
       - name: Install dependencies
         run: pnpm install
         working-directory: main/infrastructure-tests
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: OIDCSessionName
+          role-duration-seconds: 10800
+          aws-region: ${{ secrets.AWS_DEV_REGION }}
       - name: Run infrastructure tests
         run: pnpm run testAppStreamEgressEnabled -- --stage=github
         working-directory: ./main/infrastructure-tests
         env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }}
           INFRA_TESTS_HOSTING_ACCOUNT_ID: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_ID }}
           INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME }}
   integration-test:
@@ -94,15 +106,20 @@ jobs:
       - name: Install dependencies
         run: pnpm install
         working-directory: main/integration-tests
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: OIDCSessionName
+          role-duration-seconds: 10800
+          aws-region: ${{ secrets.AWS_DEV_REGION }}
       - name: Run integration tests
         run: ./scripts/run-integration-tests.sh ${STAGE_NAME} us-east-1 AppStreamEgress
         working-directory: ./
         env:
           DEPLOYMENT_BUCKET: ${{ secrets.DEPLOYMENT_BUCKET_APPSTREAM_EGRESS}}
           STAGE_NAME: tre
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }}
-          aws-region: us-east-1
+          aws-region: ${{ secrets.AWS_DEV_REGION }}
   cypress-test:
     name: Cypress test
     runs-on: ubuntu-20.04

.github/workflows/deploy-integ.yml

@@ -8,6 +8,8 @@ on:
   push:
     branches:
       - develop
+permissions:
+      id-token: write
 jobs:
   pre-deployment-check:
     name: Pre deployment check
@@ -40,18 +42,33 @@ jobs:
         run: ./scripts/install.sh
       - name: Build all packages
         run: ./scripts/build-all-packages.sh
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: OIDCSessionName
+          role-duration-seconds: 10800
+          aws-region: ${{ secrets.AWS_DEV_REGION }}
       - name: Deploy
         env:
           STAGE_NAME: e2etest
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID}}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_CERTIFICATE_ARN: ${{ secrets.AWS_CERTIFICATE_ARN }}
           AWS_DOMAIN_NAME: ${{ secrets.AWS_DOMAIN_NAME }}
           AWS_HOSTED_ZONE_ID: ${{ secrets.AWS_HOSTED_ZONE_ID }}
         run: |
           cp ./main/end-to-end-tests/e2eGitHubConfig.yml ./main/config/settings/${STAGE_NAME}.yml
           ./scripts/read-values-for-github-action.sh
           ./scripts/environment-deploy.sh ${STAGE_NAME}
+      - name: Deploy to standalone RStudio environment
+        env:
+          STAGE_NAME: dev
+          AWS_CERTIFICATE_ARN_RSTUDIO: ${{ secrets.AWS_CERTIFICATE_ARN_RSTUDIO }}
+          AWS_DOMAIN_NAME_RSTUDIO: ${{ secrets.AWS_DOMAIN_NAME_RSTUDIO }}
+          AWS_HOSTED_ZONE_ID_RSTUDIO: ${{ secrets.AWS_HOSTED_ZONE_ID_RSTUDIO }}
+        run: |
+          cp ./main/end-to-end-tests/RStudioGithubConfig.yml ./main/config/settings/${STAGE_NAME}.yml
+          ./scripts/read-values-for-github-action-rstudio.sh 
+          ./scripts/environment-deploy.sh ${STAGE_NAME}
   integration-test:
     name: Integration test
     runs-on: ubuntu-20.04
@@ -70,15 +87,20 @@ jobs:
       - name: Install dependencies
         run: pnpm install
         working-directory: main/integration-tests
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: OIDCSessionName
+          role-duration-seconds: 10800
+          aws-region: ${{ secrets.AWS_DEV_REGION }}
       - name: Run integration tests
         run: ./scripts/run-integration-tests.sh ${STAGE_NAME} us-east-1
         working-directory: ./
         env:
           DEPLOYMENT_BUCKET: ${{ secrets.DEPLOYMENT_BUCKET}}
           STAGE_NAME: e2etest
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
+          aws-region: ${{ secrets.AWS_DEV_REGION }}
   cypress-test:
     name: Cypress test
     runs-on: ubuntu-20.04

.gitignore

@@ -4,7 +4,6 @@
 **/node_modules
 **/npm-debug.log
 **/pnpm-debug.log
-**/.docusaurus
 
 .pnpm-store/*
 
@@ -38,3 +37,6 @@ docs/build
 
 # rStudio specific
 source/ServiceWorkbenchOnAWS/main/solution/machine-images/config/infra/files/rstudio/*
+
+# temp packer log files
+main/solution/machine-images/*_build.log

CHANGELOG.md

@@ -3,7 +3,69 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
 ## Beta
-[This release is in beta. Click here to see changes since 5.2.7.](https://github.com/awslabs/service-workbench-on-aws/compare/v5.2.7...mainline)
+[This release is in beta. Click here to see changes since 6.0.0.](https://github.com/awslabs/service-workbench-on-aws/compare/v6.0.0...mainline)
+
+## [6.0.0](https://github.com/awslabs/service-workbench-on-aws/compare/v5.2.11...v6.0.0) (2023-06-12)
+
+Going forward, a BYOB study will now have to be assigned to a SWB project ID. This is to enforce access to the BYOB study's S3 prefix only from its project's linked VPC endpoint.
+
+### For upgrade installations
+
+**Before upgrade:**
+
+* Terminate all environments that are accessing BYOB studies. This is optional but recommended by the service team.
+* Make sure your hosting accounts are in the `Up-to-Date` status. You can check by visiting the `Accounts` tab on SWB UI and clicking on the `AWS Accounts` tab. If they’re not, please re-onboard the accounts that need updating.
+
+**After upgrade:**
+
+* Once the new version of SWB has been installed, navigate to the `Data Sources` tab in SWB UI. 
+* On each of the Data Source bucket that has been registered, click on the “CloudFormation” tab, click the `Update Stack` button, while being logged into the Data Source account console. This will navigate you to the CloudFormation stack for that bucket. Continue with the stack update.
+
+**Note:**
+To continue using existing BYOB studies that were not assigned to a SWB project ID please add a key `projectId` to that study’s entry in the `<stage>-<regionShortName>-<solutionName>-Studies` DynamoDB table in the SWB main account with its value equal to the SWB project ID you would like to associate it with. Please work with your AWS partner if you need help.
+
+### Bug Fixes
+
+* BYOB role updates for VPCE restrictions ([#1197](https://github.com/awslabs/service-workbench-on-aws/issues/1197)) ([cb876ca](https://github.com/awslabs/service-workbench-on-aws/commit/cb876caeae3c1c05c27c58c14cd03528e2525b8f))
+* making projectId required for BYOB ([#1198](https://github.com/awslabs/service-workbench-on-aws/issues/1198)) ([0d66648](https://github.com/awslabs/service-workbench-on-aws/commit/0d6664843685a16601cae228b3a0c9d2d08f4813))
+
+### [5.2.11](https://github.com/awslabs/service-workbench-on-aws/compare/v5.2.10...v5.2.11) (2023-05-05)
+
+### Bug Fixes
+
+* add S3 VPC Endpoints to restrict bucket access ([#1189](https://github.com/awslabs/service-workbench-on-aws/pull/1189)) ([60c3439](https://github.com/awslabs/service-workbench-on-aws/commit/60c34392e791fdadcfdbeb5a45e6b80a57eb31fe))
+
+### [5.2.10](https://github.com/awslabs/service-workbench-on-aws/compare/v5.2.9...v5.2.10) (2023-04-28)
+
+### Bug Fixes
+
+* add OwnershipControls for LoggingBucket ([#1185](https://github.com/awslabs/service-workbench-on-aws/issues/1185)) ([c75600c](https://github.com/awslabs/service-workbench-on-aws/commit/c75600cdd74846d6f43b74f888e88b7ab2739536))
+
+### [5.2.9](https://github.com/awslabs/service-workbench-on-aws/compare/v5.2.8...v5.2.9) (2023-04-25)
+* add `Ec2InstanceSourceVPC` and `ec2InstanceSourcePrivateIPv4` conditional checks to IAM roles for Linux and Windows EC2 templates ([#1181](https://github.com/awslabs/service-workbench-on-aws/pull/1181)) ([9295efb](https://github.com/awslabs/service-workbench-on-aws/commit/9295efb43f46e5da7201a3dc4d36000c4eccf34d))
+
+### [5.2.8](https://github.com/awslabs/service-workbench-on-aws/compare/v5.2.7...v5.2.8) (2023-04-18)
+
+
+### Features
+
+* `PropagateTagsToVolumeOnCreation: true` ([#1124](https://github.com/awslabs/service-workbench-on-aws/issues/1124)) ([65417fb](https://github.com/awslabs/service-workbench-on-aws/commit/65417fbe26a77b67638b90d181b9fc700022e140)), closes [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2](https://github.com/awslabs//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html/issues/cfn-ec2)
+* EC2 workspace root volume size can be configured ([#1123](https://github.com/awslabs/service-workbench-on-aws/issues/1123)) ([62b8ea8](https://github.com/awslabs/service-workbench-on-aws/commit/62b8ea8f0ae98269249edb8d30ccbe892a9cc190))
+
+
+### Bug Fixes
+
+* autostop sagemaker fix for non TRE/no study mounting ([#1154](https://github.com/awslabs/service-workbench-on-aws/issues/1154)) ([cfa455b](https://github.com/awslabs/service-workbench-on-aws/commit/cfa455be321fd7c1dea5a08000c9815e5efa3c14))
+* go mod format ([#1163](https://github.com/awslabs/service-workbench-on-aws/issues/1163)) ([358788d](https://github.com/awslabs/service-workbench-on-aws/commit/358788d2e48d76aa2c16b72675bbaf5d5081037b))
+* Make SageMaker IAM policy case insensitive ([#1177](https://github.com/awslabs/service-workbench-on-aws/issues/1177)) ([fd6f1b8](https://github.com/awslabs/service-workbench-on-aws/commit/fd6f1b892e8bd5f8f062d8c3d017976720679e8e))
+* remove unneeded lock file ([#1100](https://github.com/awslabs/service-workbench-on-aws/issues/1100)) ([3c030b7](https://github.com/awslabs/service-workbench-on-aws/commit/3c030b7de19dc4db8f043f95b0fced44b4bef46f))
+* revert previous changes for Sagemaker fix ([#1114](https://github.com/awslabs/service-workbench-on-aws/issues/1114)) ([63315cd](https://github.com/awslabs/service-workbench-on-aws/commit/63315cde14b9e36882ba6c942658817b8f33615d))
+* s3 CLI command fix ([#1149](https://github.com/awslabs/service-workbench-on-aws/issues/1149)) ([3a70970](https://github.com/awslabs/service-workbench-on-aws/commit/3a709700d2749b1da98de85817841f1935d8ed63))
+* sagemaker autostop ([#1153](https://github.com/awslabs/service-workbench-on-aws/issues/1153)) ([31b6cd8](https://github.com/awslabs/service-workbench-on-aws/commit/31b6cd8b8db39ddd0732b4945615f93afa08100f))
+* update bootstrap script for sagemaker ([#1110](https://github.com/awslabs/service-workbench-on-aws/issues/1110)) ([0c1571d](https://github.com/awslabs/service-workbench-on-aws/commit/0c1571d361e2b4091805d4df587ec41a8aab7fd6))
+* update env type name for sagemaker tre ([#1101](https://github.com/awslabs/service-workbench-on-aws/issues/1101)) ([49f46df](https://github.com/awslabs/service-workbench-on-aws/commit/49f46df7598f1f19e9d950db6a952797186d5fbe))
+* upgrade code build image for target env deploy project ([#1168](https://github.com/awslabs/service-workbench-on-aws/issues/1168)) ([d4120ff](https://github.com/awslabs/service-workbench-on-aws/commit/d4120ff3a307d5a7e7d9b13af670c8d238e9c833))
+* upgrade golang in buildspec ([#1166](https://github.com/awslabs/service-workbench-on-aws/issues/1166)) ([68abc3c](https://github.com/awslabs/service-workbench-on-aws/commit/68abc3c22161d98721c2f90ffb8fae35c0308198))
 
 ### [5.2.7](https://github.com/awslabs/service-workbench-on-aws/compare/v5.2.6...v5.2.7) (2022-12-30)
 
@@ -79,7 +141,7 @@ All notable changes to this project will be documented in this file. See [standa
   - **Restricted data upload capabilities for Researcher Profile**: Users with a researcher role will not have the ability to create a study or upload files to any study, allowing organization to have more control over the study creation and data ingestion.
     - `disableStudyUploadByResearcher` configuration setting has been added, disabled by default. This can be overriden in your `main/config/settings/<stage>.yml` file.
 
-  For more information about these flags, please take a look at our [User Guide](https://awslabs.github.io/service-workbench-on-aws-cn/user_guide/account_structure/) document.
+  For more information about these flags, please take a look at our [User Guide](./docs/Service_Workbench_User_Guide.pdf) document.
 
 ### Bug Fixes
 
@@ -283,7 +345,7 @@ The Service Workbench member account onboarding process is changed to be more in
 
 This change applies to all updated installations, and can be applied to those installations that have already onboarded member accounts.
 
-To learn more about the new process, refer to the updated [instructions](https://awslabs.github.io/service-workbench-on-aws-cn/deployment/post_deployment/) in the Service Workbench Post Deployment guide.
+To learn more about the new process, refer to the updated [instructions](./docs/Service_Workbench_Post_Deployment_Guide.pdf) in the Service Workbench Post Deployment guide.
 
 **Important Notes:**
 
@@ -306,7 +368,7 @@ This feature is disabled by default upon install. To enable this feature, change
 - If you have an existing installation without the feature flag enabled, and want to activate this feature flag, terminate all workspaces prior to activating the flag.
 - AppStream service use does incur additional cost and we recommend you review the cost impact prior to configuring your AppStream fleet: https://aws.amazon.com/appstream2/pricing/
 - Because the Service Workbench workspaces do not have internet connectivity, [VPC endpoints](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints.html) are introduced for all AWS services that the workspaces use (such as S3, EC2, and AppStream).
-- Significant updates to the post deployment configuration instructions when this feature is enabled are outlined [here](https://awslabs.github.io/service-workbench-on-aws-cn/deployment/post_deployment/)
+- Significant updates to the post deployment configuration instructions when this feature is enabled are outlined [here](./docs/Service_Workbench_Post_Deployment_Guide.pdf)
 
 #### 3. Enabling secure egress
 

README.md

@@ -56,20 +56,26 @@ The solution also includes a Continuous Integration/Continuous Delivery feature:
 
 ## Accessing Service Workbench Documentation
 
-Service Workbench documentation can be accessed in the PDF format or by using the Docusaurus website.
+Service Workbench documentation can be accessed in the PDF format or by visiting the AWS Solution Implementation Guide.
 
-### Documentation PDFs
+### Implementation Guide
+For information on installing Service Workbench on AWS, please visit the [AWS Solutions Implementation Guide](https://docs.aws.amazon.com/solutions/latest/service-workbench-on-aws/solution-overview.html).
 
-You can view the online documentation if you do not have Service Workbench locally installed on your machine. Click the following links to access the documentation:
+- [Service Workbench Solution Overview](https://docs.aws.amazon.com/solutions/latest/service-workbench-on-aws/solution-overview.html)
+- [Service Workbench  Architecture Overview](https://docs.aws.amazon.com/solutions/latest/service-workbench-on-aws/architecture-overview.html)
+- [Service Workbench Plan Your Deployment](https://docs.aws.amazon.com/solutions/latest/service-workbench-on-aws/plan-your-deployment.html)
+- [Service Workbench Deploy The Solution](https://docs.aws.amazon.com/solutions/latest/service-workbench-on-aws/deploy-the-solution.html)
+- [Service Workbench Update The Solution](https://docs.aws.amazon.com/solutions/latest/service-workbench-on-aws/update-the-solution.html)
+- [Service Workbench Uninstall The Solution](https://docs.aws.amazon.com/solutions/latest/service-workbench-on-aws/uninstall-the-solution.html)
 
-- [Service Workbench Installation Guide](https://awslabs.github.io/service-workbench-on-aws-cn/installation_guide/overview)
-- [Service Workbench Configuration Guide](https://awslabs.github.io/service-workbench-on-aws-cn/configuration_guide/overview)
-- [Service Workbench Post Deployment Guide](https://awslabs.github.io/service-workbench-on-aws-cn/deployment/post_deployment/)
-- [Service Workbench User's Guide](https://awslabs.github.io/service-workbench-on-aws-cn/user_guide/account_structure)
+### Documentation PDFs
 
-### Accessing Documentation using Docusaurus
+You can view the online documentation if you do not have Service Workbench locally installed on your machine. Click the following links to access the documentation:
 
-You first need to download the Service Workbench [source code](https://github.com/awslabs/service-workbench-on-aws/tags) on your local machine before accessing the documentation using Docusaurus. After downloading the source, you need to install Docusaurus so that you can launch the help site. For steps on how to install Docusaurus locally, read the [Documentation Readme](/docs/README.md).
+- [Service Workbench Implementation Guide](./docs/service-workbench-on-aws-implementation-guide.pdf), formerly known as the Installation Guide
+- [Service Workbench Configuration Guide](./docs/Service_Workbench_Configuration_Guide.pdf)
+- [Service Workbench Post Deployment Guide](./docs/Service_Workbench_Post_Deployment_Guide.pdf)
+- [Service Workbench User's Guide](./docs/Service_Workbench_User_Guide.pdf)
 
 ## Software requirements
 

addons/addon-base-raas-ui/packages/base-raas-ui/src/models/forms/RegisterStudyForm.js

@@ -112,6 +112,7 @@ function getRegisterStudyForm() {
     'studies[].folder': 'required|min:1|max:1000',
     'studies[].kmsArn': 'string|max:90',
     'studies[].category': 'required',
+    'studies[].projectId': 'required',
     'studies[].adminUsers': 'required',
   };
 

addons/addon-base-raas-ui/packages/base-raas-ui/src/parts/data-sources/register/StartStep.js

@@ -136,6 +136,13 @@ class StartStep extends React.Component {
           <List.Item>Accessing buckets via fips endpoints is not supported</List.Item>
           <List.Item>Buckets with requester pays are not supported</List.Item>
         </List>
+        <div className="mt1">
+          <b>Disclaimer:</b> The CloudFormation template generated on the next screen <b>does not</b> create or modify a
+          bucket policy for the bucket you are sharing. Only an IAM role granting cross-account access is created. To
+          control the networks your S3 bucket is accessible from, you <b>must</b> set a bucket policy to limit traffic
+          to specific IP address ranges or Virtual Private Cloud (VPC) endpoints. For more information, see
+          https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip.
+        </div>
       </>
     );
   }