From 60113eafd07c1dd9cc64595cfdc0f0bd8b16dc66 Mon Sep 17 00:00:00 2001
From: Sumukh Ballal <sballal@amazon.com>
Date: Thu, 23 Jan 2025 01:54:04 +0000
Subject: [PATCH] imghelper: set AWS_CA_BUNDLE if cert is available

---
 twoliter/embedded/imghelper | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/twoliter/embedded/imghelper b/twoliter/embedded/imghelper
index 44da01c2..1029bbe3 100755
--- a/twoliter/embedded/imghelper
+++ b/twoliter/embedded/imghelper
@@ -430,6 +430,11 @@ sbsetup_wrapup() {
 }
 
 sbsetup_aws_profile() {
+  # Use the CA bundle override as the AWS CA cert bundle, if present.
+  if [[ -s "/root/certs/ca-bundle.crt" ]]; then
+    cp /root/certs/ca-bundle.crt /etc/pki/tls/cert.pem
+    export AWS_CA_BUNDLE=/etc/pki/tls/cert.pem
+  fi
   # Set AWS environment variables from build secrets, if present.
   local var val
   for var in AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN; do