Add v2.3.0

fernandohonig · Feb 27, 2020 · 060410f · 060410f
1 parent 040b1b2
commit 060410f
Show file tree

Hide file tree

Showing 127 changed files with 12,973 additions and 714 deletions.
diff --git a/unzip/add-on/aws-ad-with-rdgw-ad-connector.template b/unzip/add-on/aws-ad-with-rdgw-ad-connector.template
@@ -204,7 +204,7 @@ Mappings:
     SourceBucketName:
       Name: solutions-reference
     SourceKeyName:
-      Name: aws-landing-zone/v2.2.0/add-on/aws-ad-with-rdgw-ad-connector.zip
+      Name: aws-landing-zone/v2.3.0/add-on/aws-ad-with-rdgw-ad-connector.zip
     DestinationKeyName:
       Name: aws-landing-zone-configuration.zip
   LambdaFunction:
@@ -220,7 +220,7 @@ Resources:
           log_level: !FindInMap [LambdaFunction, Logging, Level]
       Code:
         S3Bucket: !Sub solutions-${AWS::Region}
-        S3Key: aws-landing-zone/v2.2.0/aws-landing-zone-add-on-config-deployer.zip
+        S3Key: aws-landing-zone/v2.3.0/aws-landing-zone-add-on-config-deployer.zip
       Description: AWS Landing Zone Add-On Deployment Lambda
       Handler: add_on_config_deployer.lambda_handler
       MemorySize: '512'

diff --git a/...with-rdgw-ad-connector/templates/core_accounts/aws-landing-zone-aws-ad-connector.template b/...with-rdgw-ad-connector/templates/core_accounts/aws-landing-zone-aws-ad-connector.template
@@ -181,7 +181,7 @@ Resources:
           sm_arn_handshake_sm: !Ref HandshakeStateMachine
       Code:
         S3Bucket: !Sub solutions-${AWS::Region}
-        S3Key: aws-landing-zone/v2.2.0/aws-landing-zone-avm-cr.zip
+        S3Key: aws-landing-zone/v2.3.0/aws-landing-zone-avm-cr.zip
       Description: AWS Lambda-backed Custom Resources for AVM
       FunctionName: LandingZoneADConnector
       Handler: lambda_custom_resource.lambda_handler
@@ -201,7 +201,7 @@ Resources:
           log_level: 'info'
       Code:
         S3Bucket: !Sub solutions-${AWS::Region}
-        S3Key: aws-landing-zone/v2.2.0/aws-landing-zone-state-machine.zip
+        S3Key: aws-landing-zone/v2.3.0/aws-landing-zone-state-machine.zip
       Description: AWS Landing Zone State Machine Handler
       FunctionName: LandingZoneStateMachineLambdaADConnector
       Handler: state_machine_router.lambda_handler
@@ -623,7 +623,7 @@ Resources:
           wait_time: 15
       Code:
         S3Bucket: !Sub solutions-${AWS::Region}
-        S3Key: aws-landing-zone/v2.2.0/aws-landing-zone-handshake-state-machine.zip
+        S3Key: aws-landing-zone/v2.3.0/aws-landing-zone-handshake-state-machine.zip
       Description: AWS Lambda-backed Custom Resources for Handshake Mechanism
       FunctionName: LandingZoneHandshakeSMLambdaADConnector
       Handler: handshake_sm_router.lambda_handler

diff --git a/...d-on/aws-ad-with-rdgw-ad-connector/templates/core_accounts/aws-landing-zone-rdgw.template b/...d-on/aws-ad-with-rdgw-ad-connector/templates/core_accounts/aws-landing-zone-rdgw.template
@@ -198,7 +198,7 @@
         "S3KeyPrefix": {
             "AllowedPattern": "^[0-9a-zA-Z-/.]*$",
             "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).",
-            "Default": "aws-landing-zone/v2.2.0/scripts/",
+            "Default": "aws-landing-zone/v2.3.0/scripts/",
             "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).",
             "Type": "String"
         },

diff --git a/unzip/add-on/aws-centralized-logging-soution.template b/unzip/add-on/aws-centralized-logging-soution.template
@@ -125,7 +125,7 @@ Mappings:
     SourceBucketName:
       Name: solutions-reference
     SourceKeyName:
-      Name: aws-landing-zone/v2.2.0/add-on/aws-centralized-logging-solution.zip
+      Name: aws-landing-zone/v2.3.0/add-on/aws-centralized-logging-solution.zip
     DestinationKeyName:
       Name: aws-landing-zone-configuration.zip
   LambdaFunction:
@@ -141,7 +141,7 @@ Resources:
           log_level: !FindInMap [LambdaFunction, Logging, Level]
       Code:
         S3Bucket: !Sub solutions-${AWS::Region}
-        S3Key: aws-landing-zone/v2.2.0/aws-landing-zone-add-on-config-deployer.zip
+        S3Key: aws-landing-zone/v2.3.0/aws-landing-zone-add-on-config-deployer.zip
       Description: AWS Landing Zone Add-On Deployment Lambda
       Handler: add_on_config_deployer.lambda_handler
       MemorySize: '512'

diff --git a/unzip/aws-landing-zone-add-on-config-deployer/add_on_config_deployer.py b/unzip/aws-landing-zone-add-on-config-deployer/add_on_config_deployer.py
@@ -27,7 +27,7 @@
 import errno
 
 # initialise logger
-log_level = os.environ.get('log_level')
+log_level = 'info' if os.environ.get('log_level') is None else os.environ.get('log_level')
 logger = Logger(loglevel=log_level)
 init_failed = False
 
@@ -103,7 +103,7 @@ def make_dir(directory):
         os.makedirs(directory)
 
 
-def config_deployer(event, RequestType = 'Create'):
+def config_deployer(event, previous_event, RequestType = 'Create'):
     try:
         s3 = S3(logger)
         base_path = '/tmp/lz'
@@ -169,6 +169,20 @@ def config_deployer(event, RequestType = 'Create'):
                 make_dir(lzconfig_add_on_path)
                 shutil.copyfile(output_path + "/" + add_on_zip_file_name, lzconfig_add_on_path + "/" + add_on_zip_file_name)
 
+                # if previous_event exists - delete the old zip file from the landing zone config zip
+                if previous_event is not None:
+                    # old event variables - for update path
+                    previous_source_key_name = previous_event.get('bucket_config', {}).get('source_s3_key')
+                    previous_add_on_zip_file_name = previous_source_key_name.split("/")[
+                        -1] if "/" in previous_source_key_name else previous_source_key_name
+                    logger.info("Found old resource properties in the CFN event. Printing old resource properties.")
+                    logger.info(previous_event)
+                    my_file = Path(lzconfig_add_on_path + "/" + previous_add_on_zip_file_name)
+                    logger.info("Searching for {} in the ALZ config zip contents".format(my_file))
+                    if my_file.is_file():
+                        logger.info("Found the old add-on zip file in the ALZ config zip, deleting the file")
+                        os.remove(lzconfig_add_on_path + "/" + previous_add_on_zip_file_name)
+
                 zip_function(destination_key_name, lzconfig_extract_path, output_path)
                 # Upload the file in the customer S3 bucket
                 local_file = output_path + "/" + destination_key_name
@@ -238,7 +252,7 @@ def create(event, context):
     logger.info("physical_resource_id: {}".format(physical_resource_id))
 
     if event.get('ResourceType') == 'Custom::AddOnConfigDeployer':
-        response = config_deployer(event.get('ResourceProperties'), 'Create')
+        response = config_deployer(event.get('ResourceProperties'), event.get('OldResourceProperties'), 'Create')
         return physical_resource_id, response
     else:
         logger.error('No valid ResourceType found!')
@@ -251,7 +265,7 @@ def update(event, context):
     physical_resource_id = event.get('PhysicalResourceId')
 
     if event.get('ResourceType') == 'Custom::AddOnConfigDeployer':
-        response = config_deployer(event.get('ResourceProperties'), 'Create')
+        response = config_deployer(event.get('ResourceProperties'), event.get('OldResourceProperties'), 'Create')
         return physical_resource_id, response
     else:
         logger.error('No valid ResourceType found!')
@@ -263,7 +277,7 @@ def delete(event, context):
     """
     physical_resource_id = event.get('PhysicalResourceId')
     if event.get('ResourceType') == 'Custom::AddOnConfigDeployer':
-        response = config_deployer(event.get('ResourceProperties'),'Delete')
+        response = config_deployer(event.get('ResourceProperties'), event.get('OldResourceProperties'), 'Delete')
         return physical_resource_id, response
     else:
         logger.error('No valid ResourceType found!')

diff --git a/unzip/aws-landing-zone-add-on-config-deployer/certifi/__init__.py b/unzip/aws-landing-zone-add-on-config-deployer/certifi/__init__.py
@@ -1,3 +1,3 @@
 from .core import where
 
-__version__ = "2019.06.16"
+__version__ = "2019.09.11"
diff --git a/unzip/aws-landing-zone-add-on-config-deployer/certifi/cacert.pem b/unzip/aws-landing-zone-add-on-config-deployer/certifi/cacert.pem
@@ -771,36 +771,6 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
 +OkuE6N36B9K
 -----END CERTIFICATE-----
 
-# Issuer: CN=Class 2 Primary CA O=Certplus
-# Subject: CN=Class 2 Primary CA O=Certplus
-# Label: "Certplus Class 2 Primary CA"
-# Serial: 177770208045934040241468760488327595043
-# MD5 Fingerprint: 88:2c:8c:52:b8:a2:3c:f3:f7:bb:03:ea:ae:ac:42:0b
-# SHA1 Fingerprint: 74:20:74:41:72:9c:dd:92:ec:79:31:d8:23:10:8d:c2:81:92:e2:bb
-# SHA256 Fingerprint: 0f:99:3c:8a:ef:97:ba:af:56:87:14:0e:d5:9a:d1:82:1b:b4:af:ac:f0:aa:9a:58:b5:d5:7a:33:8a:3a:fb:cb
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
-PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
-cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
-MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
-IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ
-ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR
-VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL
-kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd
-EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas
-H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0
-HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud
-DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4
-QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu
-Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/
-AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
-yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
-FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
-ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
-kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
-l7+ijrRU
------END CERTIFICATE-----
-
 # Issuer: CN=DST Root CA X3 O=Digital Signature Trust Co.
 # Subject: CN=DST Root CA X3 O=Digital Signature Trust Co.
 # Label: "DST Root CA X3"
@@ -1219,36 +1189,6 @@ t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
 WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
 -----END CERTIFICATE-----
 
-# Issuer: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center
-# Subject: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center
-# Label: "Deutsche Telekom Root CA 2"
-# Serial: 38
-# MD5 Fingerprint: 74:01:4a:91:b1:08:c4:58:ce:47:cd:f0:dd:11:53:08
-# SHA1 Fingerprint: 85:a4:08:c0:9c:19:3e:5d:51:58:7d:cd:d6:13:30:fd:8c:de:37:bf
-# SHA256 Fingerprint: b6:19:1a:50:d0:c3:97:7f:7d:a9:9b:cd:aa:c8:6a:22:7d:ae:b9:67:9e:c7:0b:a3:b0:c9:d9:22:71:c1:70:d3
------BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
-MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
-IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
-IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
-RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
-U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
-IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
-ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
-QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
-rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
-NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
-QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
-txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
-BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
-AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
-tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
-IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
-6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
-xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
-Cm26OWMohpLzGITY+9HPBVZkVw==
------END CERTIFICATE-----
-
 # Issuer: CN=Cybertrust Global Root O=Cybertrust, Inc
 # Subject: CN=Cybertrust Global Root O=Cybertrust, Inc
 # Label: "Cybertrust Global Root"

diff --git a/unzip/aws-landing-zone-add-on-config-deployer/lib/cloudformation.py b/unzip/aws-landing-zone-add-on-config-deployer/lib/cloudformation.py
@@ -327,3 +327,55 @@ def describe_stacks(self, stack_name):
                        'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}
             self.logger.exception(message)
             raise
+
+
+    @try_except_retry()
+    def get_stack_summary(self, stack_name):
+        try:
+            response = self.cfn_client.get_template_summary(StackName=stack_name)
+            return response
+        except Exception as e:
+            message = {'FILE': __file__.split('/')[-1], 'CLASS': self.__class__.__name__,
+                       'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}
+            self.logger.exception(message)
+            raise
+
+
+    @try_except_retry()
+    def get_template_summary(self, template_url):
+        try:
+            response = self.cfn_client.get_template_summary(TemplateURL=template_url)
+            return response
+        except Exception as e:
+            message = {'FILE': __file__.split('/')[-1], 'CLASS': self.__class__.__name__,
+                       'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}
+            self.logger.exception(message)
+            raise
+
+    @try_except_retry()
+    def update_stack(self, stack_name, template_url, capabilities):
+        try:
+            response = self.cfn_client.update_stack(StackName=stack_name,
+                                                    TemplateURL=template_url,
+                                                    Capabilities=capabilities)
+            return response
+        except Exception as e:
+            message = {'FILE': __file__.split('/')[-1], 'CLASS': self.__class__.__name__,
+                       'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}
+            self.logger.exception(message)
+            raise
+
+    def update_stack(self, stack_name, parameters, template_url, capabilities):
+        try:
+            response = cfn_client.update_stack(
+                StackName=stack_name,
+                TemplateURL=template_url,
+                Parameters=parameters,
+                Capabilities=capabilities
+            )
+            return response
+        except Exception as e:
+            message = {'FILE': __file__.split('/')[-1], 'CLASS': self.__class__.__name__,
+                       'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}
+            self.logger.exception(message)
+            raise
diff --git a/unzip/aws-landing-zone-add-on-config-deployer/lib/crhelper.py b/unzip/aws-landing-zone-add-on-config-deployer/lib/crhelper.py
@@ -12,7 +12,7 @@
 ######################################################################################################################
 
 import threading
-from botocore.vendored import requests
+import requests
 import json
 
 

diff --git a/unzip/aws-landing-zone-add-on-config-deployer/lib/service_catalog.py b/unzip/aws-landing-zone-add-on-config-deployer/lib/service_catalog.py
@@ -439,7 +439,8 @@ def search_provisioned_products(self, product_id, next_token='0'):
                         search_query
                     ]
                 },
-                PageToken=next_token
+                PageToken=next_token,
+                SortBy="createdTime"
             )
             return response
         except Exception as e:

diff --git a/unzip/aws-landing-zone-add-on-config-deployer/lib/sns.py b/unzip/aws-landing-zone-add-on-config-deployer/lib/sns.py
@@ -0,0 +1,85 @@
+######################################################################################################################
+#  Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.                                           #
+#                                                                                                                    #
+#  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance        #
+#  with the License. A copy of the License is located at                                                             #
+#                                                                                                                    #
+#      http://www.apache.org/licenses/LICENSE-2.0                                                                                    #
+#                                                                                                                    #
+#  or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES #
+#  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions    #
+#  and limitations under the License.                                                                                #
+######################################################################################################################
+#!/bin/python
+import boto3
+import inspect
+import json
+from decimal import Decimal
+
+
+class DecimalEncoder(json.JSONEncoder):
+    def default(self, o):
+        if isinstance(o, Decimal):
+            if o % 1 > 0:
+                return float(o)
+            else:
+                return int(o)
+        return super(DecimalEncoder, self).default(o)
+
+
+class SNS(object):
+    def __init__(self, logger, **kwargs):
+        self.logger = logger
+        if kwargs is not None:
+            if kwargs.get('credentials') is None:
+                logger.debug("Setting up CFN BOTO3 Client with default credentials")
+                self.sns_client = boto3.client('sns')
+            else:
+                logger.debug("Setting up CFN BOTO3 Client with ASSUMED ROLE credentials")
+                cred = kwargs.get('credentials')
+                region = kwargs.get('region', None)
+
+                if region:
+                    self.sns_client = boto3.client('sns', region_name=region,
+                                                   aws_access_key_id=cred.get('AccessKeyId'),
+                                                   aws_secret_access_key=cred.get('SecretAccessKey'),
+                                                   aws_session_token=cred.get('SessionToken')
+                                                   )
+                else:
+                    self.sns_client = boto3.client('sns',
+                                                   aws_access_key_id=cred.get('AccessKeyId'),
+                                                   aws_secret_access_key=cred.get('SecretAccessKey'),
+                                                   aws_session_token=cred.get('SessionToken')
+                                                   )
+
+
+    def publish(self, topic_arn, message, subject, message_structure):
+        try:
+            response = self.sns_client.publish(
+                TopicArn=topic_arn,
+                Message=json.dumps(message, indent=4, cls=DecimalEncoder, sort_keys=True),
+                Subject=subject,
+                MessageStructure=message_structure,
+            )
+            return response
+        except Exception as e:
+            message = {'FILE': __file__.split('/')[-1], 'CLASS': self.__class__.__name__,
+                       'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}
+            self.logger.exception(message)
+            raise
+
+
+    def publish(self, topic_arn, message, subject):
+        try:
+            response = self.sns_client.publish(
+                TopicArn=topic_arn,
+                Message=message,
+                Subject=subject
+            )
+            return response
+
+        except Exception as e:
+            message = {'FILE': __file__.split('/')[-1], 'CLASS': self.__class__.__name__,
+                       'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}
+            self.logger.exception(message)
+            raise
diff --git a/unzip/aws-landing-zone-add-on-config-deployer/lib/sts.py b/unzip/aws-landing-zone-add-on-config-deployer/lib/sts.py
@@ -52,7 +52,10 @@ def assume_role_new_account(self, role_arn, session_name, duration=900):
         except ClientError as e:
             self.logger.exception(e.response['Error']['Code'])
             if e.response['Error']['Code'] == 'AccessDenied':
-                return {'Error': 'AccessDenied'}
+                return {'Error': 'AWS STS AssumeRole Failure: Access Denied.'}
+            elif e.response['Error']['Code'] == 'RegionDisabledException':
+                return {'Error': 'An error occurred (RegionDisabledException) when calling the AssumeRole operation: '
+                                 'STS is not activated in this region for this account.'}
             else:
                 message = {'FILE': __file__.split('/')[-1], 'CLASS': self.__class__.__name__,
                            'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e)}

diff --git a/...loyer/markupsafe/_speedups.cpython-34m.so → ..._speedups.cpython-37m-x86_64-linux-gnu.so b/...loyer/markupsafe/_speedups.cpython-34m.so → ..._speedups.cpython-37m-x86_64-linux-gnu.so
diff --git a/unzip/aws-landing-zone-add-on-config-deployer/simplejson/_speedups.cpython-34m.so b/unzip/aws-landing-zone-add-on-config-deployer/simplejson/_speedups.cpython-34m.so
diff --git a/...-landing-zone-add-on-config-deployer/simplejson/_speedups.cpython-37m-x86_64-linux-gnu.so b/...-landing-zone-add-on-config-deployer/simplejson/_speedups.cpython-37m-x86_64-linux-gnu.so
diff --git a/unzip/aws-landing-zone-addon-publisher/lib/__init__.py b/unzip/aws-landing-zone-addon-publisher/lib/__init__.py