From 5a4fb001ad3af6f908c845693ba972ce5c249869 Mon Sep 17 00:00:00 2001
From: Sumukh Ballal <sballal@amazon.com>
Date: Thu, 23 Jan 2025 01:54:04 +0000
Subject: [PATCH] imghelper: set AWS_CA_BUNDLE if cert is available

---
 twoliter/embedded/imghelper | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/twoliter/embedded/imghelper b/twoliter/embedded/imghelper
index 44da01c2..396c61bb 100755
--- a/twoliter/embedded/imghelper
+++ b/twoliter/embedded/imghelper
@@ -430,6 +430,10 @@ sbsetup_wrapup() {
 }
 
 sbsetup_aws_profile() {
+  # Use the CA bundle override as the AWS CA cert bundle, if present.
+  if [[ -s "/root/certs/ca-bundle.crt" ]]; then
+    export AWS_CA_BUNDLE=/root/certs/ca-bundle.crt
+  fi
   # Set AWS environment variables from build secrets, if present.
   local var val
   for var in AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN; do