fix: Various TRE bugfixes

addons/addon-base-raas-ui/packages/base-raas-ui/src/models/forms/AddUpdateAwsAccountForm.js

@@ -36,13 +36,14 @@ const addUpdateBaseAwsAccountFormFields = {
 const addUpdateAwsAccountAppStreamFormFields = {
   appStreamFleetDesiredInstances: {
     label: 'AppStream Fleet Desired Instance',
-    placeholder: 'Number of users that can concurrently access a workspace through AppStream',
+    placeholder:
+      'Maximum number of concurrently running AppStream sessions. Each researcher uses one AppStream session when viewing a workspace',
     rules: 'required|integer',
   },
   appStreamDisconnectTimeoutSeconds: {
     label: 'AppStreamDisconnectTimeoutSeconds',
-    placeholder: 'The amount of time that a streaming session remains active after users disconnect',
-    rules: 'required|integer',
+    placeholder: 'The amount of time that a streaming session remains active after users disconnect.  (Minimum of 60)',
+    rules: ['required', 'integer', 'min:60'],
   },
   appStreamIdleDisconnectTimeoutSeconds: {
     label: 'AppStreamIdleDisconnectTimeoutSeconds',

addons/addon-base-raas-ui/packages/base-raas-ui/src/models/forms/CreateAwsAccountForm.js

@@ -46,13 +46,14 @@ const createBaseAwsAccountFormFields = {
 const createAwsAccountAppStreamFormFields = {
   appStreamFleetDesiredInstances: {
     label: 'AppStream Fleet Desired Instance',
-    placeholder: 'Number of users that can concurrently access a workspace through AppStream',
+    placeholder:
+      'Maximum number of concurrently running AppStream sessions. Each researcher uses one AppStream session when viewing a workspace',
     rules: 'required|integer',
   },
   appStreamDisconnectTimeoutSeconds: {
     label: 'AppStreamDisconnectTimeoutSeconds',
-    placeholder: 'The amount of time that a streaming session remains active after users disconnect',
-    rules: 'required|integer',
+    placeholder: 'The amount of time that a streaming session remains active after users disconnect.  (Minimum of 60)',
+    rules: ['required', 'integer', 'min:60'],
   },
   appStreamIdleDisconnectTimeoutSeconds: {
     label: 'AppStreamIdleDisconnectTimeoutSeconds',

addons/addon-base-raas-ui/packages/base-raas-ui/src/parts/environments-sc/parts/ScEnvironmentHttpConnections.js

@@ -246,6 +246,10 @@ class ScEnvironmentHttpConnections extends React.Component {
             <List.Item>Click the &quot;Generate URL&quot; button to create the destination URL</List.Item>
             <List.Item>Copy the URL and hit &quot;Connect&quot;. </List.Item>
             <List.Item>Paste the URL in the new AppStream FireFox tab</List.Item>
+            <List.Item>
+              In your browser, please allow popups for this domain so we can open the AppStream page in a new tab for
+              you
+            </List.Item>
           </List>
         </Segment>
       )

addons/addon-base-raas-ui/packages/base-raas-ui/src/parts/environments-sc/parts/ScEnvironmentRdpConnectionRow.js

@@ -26,6 +26,8 @@ class ScEnvironmentRdpConnectionRow extends React.Component {
       this.windowsRdpInfo = undefined;
       // A flag to indicate if we are in the process of getting the windows rdp info
       this.processingGetInfo = false;
+      // A flag to indicate if we're getting the connection url
+      this.processingGetConnection = false;
       // Should the password be shown
       this.showPassword = false;
       this.processingId = undefined;
@@ -83,6 +85,9 @@ class ScEnvironmentRdpConnectionRow extends React.Component {
   handleConnect = id =>
     action(async () => {
       try {
+        runInAction(() => {
+          this.processingGetConnection = true;
+        });
         const store = this.getConnectionStore();
         const urlObj = await store.createConnectionUrl(id);
         const appStreamUrl = urlObj.url;
@@ -93,6 +98,7 @@ class ScEnvironmentRdpConnectionRow extends React.Component {
           throw Error('AppStream URL was not returned by the API');
         }
         runInAction(() => {
+          this.processingGetConnection = false;
           this.processingId = id;
         });
       } catch (error) {
@@ -219,6 +225,12 @@ class ScEnvironmentRdpConnectionRow extends React.Component {
                 Connect to Your Windows Instance
               </List.Item>
             </List>
+            {this.isAppStreamEnabled && (
+              <div className="mt3">
+                In your browser, please allow popups for this domain so we can open the AppStream page in a new tab for
+                you
+              </div>
+            )}
           </Table.Cell>
         </Table.Row>
 
@@ -231,7 +243,7 @@ class ScEnvironmentRdpConnectionRow extends React.Component {
                 onClick={this.handleConnect(connectionId)}
                 floated="right"
                 disabled={this.processingId}
-                loading={this.processingId}
+                loading={this.processingGetConnection}
               >
                 Connect
               </Button>
@@ -284,6 +296,7 @@ decorate(ScEnvironmentRdpConnectionRow, {
   processingId: observable,
   windowsRdpInfo: observable,
   processingGetInfo: observable,
+  processingGetConnection: observable,
   showPassword: observable,
   handleGetInfo: action,
   toggleShowPassword: action,

addons/addon-base-raas-ui/packages/base-raas-ui/src/parts/environments-sc/parts/ScEnvironmentSshConnections.js

@@ -129,6 +129,9 @@ class ScEnvironmentSshConnections extends React.Component {
             Connecting from Windows via Putty
           </List.Item>
         </List>
+        <div className="mt3">
+          In your browser, please allow popups for this domain so we can open the AppStream page in a new tab for you
+        </div>
       </Segment>
     );
   }

addons/addon-base-raas/packages/base-raas-services/lib/environment/service-catalog/environment-config-vars-service.js

@@ -307,9 +307,7 @@ class EnvironmentConfigVarsService extends Service {
       adminKeyPairName,
     };
 
-    if (enableEgressStore && enableEgressStore.toUpperCase() === 'TRUE') {
-      result.egressStoreIamPolicyDocument = JSON.stringify(egressStoreIamPolicyDocument);
-    }
+    result.egressStoreIamPolicyDocument = JSON.stringify(egressStoreIamPolicyDocument);
 
     return result;
   }

addons/addon-base-raas/packages/base-raas-services/lib/schema/create-egress-store.json

@@ -100,7 +100,6 @@
     "rev",
     "inWorkflow",
     "status",
-    "cidr",
     "createdAt",
     "updatedBy",
     "createdBy",

addons/addon-environment-sc-api/packages/environment-type-mgmt-services/lib/environment-type/env-type-config-service.js

@@ -24,6 +24,7 @@ const updateEnvTypeConfigSchema = createEnvTypeConfigSchema;
 const settingKeys = {
   envTypeConfigsBucketName: 'envTypeConfigsBucketName',
   envTypeConfigsPrefix: 'envTypeConfigsPrefix',
+  isAppStreamEnabled: 'isAppStreamEnabled',
 };
 
 /**
@@ -136,14 +137,14 @@ class EnvTypeConfigService extends Service {
 
     // Make sure the specified configuration has params mapping specified for
     // all non-default CFN input params for the given env type
-    await this.assertNoMissingParams(requestContext, envType, config);
+    const updatedConfig = await this.checkAndUpdateParams(envType, config);
 
     // Make sure the config with the same id for the same env type does not exist already
     const existingConfigs = await this.getConfigsFromS3(envTypeId);
-    const existingConfig = _.find(existingConfigs, { id: config.id });
+    const existingConfig = _.find(existingConfigs, { id: updatedConfig.id });
     if (existingConfig) {
       throw this.boom.badRequest(
-        `The environment type configuration with id "${config.id}" for environment type "${envTypeId}" already exists`,
+        `The environment type configuration with id "${updatedConfig.id}" for environment type "${envTypeId}" already exists`,
         true,
       );
     }
@@ -152,7 +153,7 @@ class EnvTypeConfigService extends Service {
     const by = _.get(requestContext, 'principalIdentifier.uid');
     const { bucket, key } = await this.getS3Coordinates(envType.id);
     const now = new Date().toISOString();
-    const configToSave = this.fromRawToS3Object(config, {
+    const configToSave = this.fromRawToS3Object(updatedConfig, {
       createdBy: by,
       updatedBy: by,
       createdAt: now,
@@ -208,11 +209,9 @@ class EnvTypeConfigService extends Service {
     }
 
     // Merge given config with the existing config before updating
-    const configToUpdate = { ...existingConfig, ...config };
+    let configToUpdate = { ...existingConfig, ...config };
 
-    // Make sure the specified configuration has params mapping specified for
-    // all non-default CFN input params for the given env type
-    await this.assertNoMissingParams(requestContext, envType, configToUpdate);
+    configToUpdate = await this.checkAndUpdateParams(envType, configToUpdate);
 
     // Everything is good so far, time to save the given configuration to S3 now
     const by = _.get(requestContext, 'principalIdentifier.uid');
@@ -241,6 +240,33 @@ class EnvTypeConfigService extends Service {
     return savedConfig;
   }
 
+  async checkAndUpdateParams(envType, config) {
+    const isAppStreamEnabled = this.settings.getBoolean(settingKeys.isAppStreamEnabled);
+    const updatedConfig = { ...config };
+    updatedConfig.params.push({
+      key: 'IsAppStreamEnabled',
+      value: isAppStreamEnabled.toString(),
+    });
+    let params = [...updatedConfig.params];
+    if (!isAppStreamEnabled) {
+      params = [
+        ...params,
+        { key: 'EgressStoreIamPolicyDocument', value: '{}' },
+        { key: 'SolutionNamespace', value: '' },
+      ];
+    } else {
+      params.push({
+        key: 'AccessFromCIDRBlock',
+        value: '',
+      });
+    }
+    updatedConfig.params = params;
+    // Make sure the specified configuration has params mapping specified for
+    // all non-default CFN input params for the given env type
+    await this.assertNoMissingParams(envType, updatedConfig);
+    return updatedConfig;
+  }
+
   async delete(requestContext, envTypeId, configId) {
     // ensure that the caller has permissions to delete env type config
     // Perform default condition checks to make sure the user is active and is admin
@@ -338,7 +364,7 @@ class EnvTypeConfigService extends Service {
     }
   }
 
-  async assertNoMissingParams(requestContext, envType, config) {
+  async assertNoMissingParams(envType, config) {
     // Make sure the specified configuration is complete and provides mapping
     // for all non-default CFN input parameters
     const cfnInputParams = envType.params || [];

addons/addon-environment-sc-ui/packages/environment-type-mgmt-ui/src/models/forms/CfnParamsForm.js

@@ -34,8 +34,22 @@ import { createForm } from '@aws-ee/base-ui/dist/helpers/form';
  */
 function getCfnParamsForm(cfnParams, existingParamValues) {
   const isAppStreamEnabled = process.env.REACT_APP_IS_APP_STREAM_ENABLED === 'true';
+  const filteredCfnParams = cfnParams.filter(cfnParam => {
+    const { ParameterKey } = cfnParam;
+    // We don't need to provide `IsAppStreamEnabled` as a config option to user because we can pull this value from settings on the backend
+    const keysToFilterOut = ['IsAppStreamEnabled'];
+    if (isAppStreamEnabled) {
+      keysToFilterOut.push('AccessFromCIDRBlock');
+    } else {
+      keysToFilterOut.push('EgressStoreIamPolicyDocument');
+      keysToFilterOut.push('SolutionNamespace');
+    }
+    // Include keys that are not in keysToFilterOut array
+    return !keysToFilterOut.includes(ParameterKey);
+  });
+
   const fields = {};
-  _.forEach(cfnParams, ({ ParameterKey, Description, DefaultValue }) => {
+  filteredCfnParams.forEach(({ ParameterKey, Description, DefaultValue }) => {
     const existingValue = _.get(_.find(existingParamValues, { key: ParameterKey }), 'value') || DefaultValue;
     if (!isAppStreamEnabled || (isAppStreamEnabled && !(ParameterKey === 'AccessFromCIDRBlock'))) {
       fields[ParameterKey] = {

addons/addon-environment-sc-ui/packages/environment-type-mgmt-ui/src/parts/environment-types/env-type-config/env-type-config-steps/InputParamsStep.js

@@ -40,6 +40,7 @@ class InputParamsStep extends BaseEnvTypeConfigStep {
         // Create and save the cfn params form outside of the component (in session store)
         // to make sure the form values are not wiped out on unmount
         // without this if the user clicks next and then previous all entered values will be wiped
+
         cfnParamsForm = getCfnParamsForm(cfnParams, existingParamValues);
         sessionStore.set(key, cfnParamsForm);
       }

main/config/settings/example.yml

@@ -94,4 +94,7 @@
 # If you toggle the egress store from 'true' to 'false' and redeploy the whole solution, the backend stack deployment shold error out with following message:
 # Error validating existing stack policy: Unknown logical id 'LogicalResourceId/EgressStore*' in statement {} - stack policies can only be applied to logical ids referenced in the template
 # Stack policies are applied here: addons/addon-stack-policy/packages/stack-policy/lib/steps/update-cfn-stack-policy.js
-# enableEgressStore: 'false'
+#enableEgressStore: 'false'
+
+# Determine whether workspace should be accessible only through AppStream
+#isAppStreamEnabled: false

scripts/app-stream/SETUP.md

@@ -29,7 +29,7 @@ Note: Please set up your [AWS Profile](https://docs.aws.amazon.com/cli/latest/us
 cd ~\Documents
 
 # Pull the Image Builder script from Github
-Invoke-WebRequest -Uri https://raw.githubusercontent.com/awslabs/service-workbench-on-aws/mainline/scripts/app-stream/buildImage.ps1 -OutFile buildImage.ps1
+Invoke-WebRequest -Uri https://raw.githubusercontent.com/awslabs/service-workbench-on-aws/feat-secure-workspace-egress/scripts/app-stream/buildImage.ps1 -OutFile buildImage.ps1
 
 # Execute Image builder script
 .\buildImage.ps1

scripts/app-stream/buildImage.ps1

@@ -3,7 +3,7 @@ Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManage
 
 choco install -y putty.install
 
-Invoke-WebRequest -Uri https://raw.githubusercontent.com/awslabs/service-workbench-on-aws/mainline/scripts/app-stream/ec2linux.ps1 -OutFile 'C:\Users\Public\Documents\EC2Linux.ps1'
+Invoke-WebRequest -Uri https://raw.githubusercontent.com/awslabs/service-workbench-on-aws/feat-secure-workspace-egress/scripts/app-stream/ec2linux.ps1 -OutFile 'C:\Users\Public\Documents\EC2Linux.ps1'
 
 # Prepare remote desktop script with arguments
 Set-Content C:\Users\public\Documents\MicrosoftRemoteDesktop.ps1 "mstsc /f /v:`"`$env:APPSTREAM_SESSION_CONTEXT`":3389"