Fix bugs with pipeline templates

templates/master-pipeline.yaml

@@ -111,15 +111,6 @@ Parameters:
             will be preserved. Only applies if the bot is created by
             this stack.
 
-    HideButtonMessageBubble:
-        Type: String
-        Default: false
-        AllowedValues:
-            - true
-            - false
-        Description: >
-            If set to true, hide the message bubble on a response card button press
-
     ShouldEnableLiveChat:
         Type: String
         Default: false
@@ -134,6 +125,7 @@ Parameters:
         Type: String
         Description: >
             Connect Contract Flow Id
+        Default: ""
 
     ConnectInstanceId:
         Type: String
@@ -560,7 +552,6 @@ Resources:
                 WebAppConfCname: !Ref WebAppConfCname
                 WebAppAcmCertificateArn: !Ref WebAppAcmCertificateArn
                 WebAppWafAclArn: !Ref WebAppWafAclArn
-                HideButtonMessageBubble: !Ref HideButtonMessageBubble
                 ShouldEnableLiveChat: !Ref ShouldEnableLiveChat
                 ConnectContactFlowId: !Ref ConnectContactFlowId
                 ConnectInstanceId: !Ref ConnectInstanceId

templates/pipeline.yaml

@@ -343,12 +343,33 @@ Resources:
       Properties:
         VersioningConfiguration:
           Status: Enabled
-        AccessControl: "LogDeliveryWrite"
         BucketEncryption:
           ServerSideEncryptionConfiguration:
             - ServerSideEncryptionByDefault:
                 SSEAlgorithm: AES256
 
+    S3ServerAccessLogsBucketPolicy:
+      Type: "AWS::S3::BucketPolicy"
+      Properties:
+        Bucket:
+          Ref: "S3ServerAccessLogs"
+        PolicyDocument:
+          Statement:
+            - Effect: "Allow"
+              Action:
+                - "s3:PutObject"
+              Resource:
+                - !Sub "arn:aws:s3:::${S3ServerAccessLogs}/*"
+              Principal:
+                Service: "logging.s3.amazonaws.com"
+              Condition:
+                ArnLike:
+                  aws:SourceArn:
+                    - !Sub "arn:aws:s3:::${WebAppBucket}"
+                StringEquals:
+                  aws:SourceAccount:
+                    - !Sub "${AWS::AccountId}"
+
     # Artifact Bucket used by CodePipeline and CodBuild
     ArtifactStore:
         Type: AWS::S3::Bucket
@@ -382,6 +403,15 @@ Resources:
               ServerSideEncryptionConfiguration:
                 - ServerSideEncryptionByDefault:
                     SSEAlgorithm: AES256
+            CorsConfiguration:
+                !If
+                  - NeedsParentOrigin
+                  - !Ref AWS::NoValue
+                  - CorsRules:
+                    - AllowedMethods:
+                        - GET
+                      AllowedOrigins:
+                        - !Ref ParentOrigin
 
     WebAppBucketOriginAccessIdentity:
         Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
@@ -410,6 +440,9 @@ Resources:
         UpdateReplacePolicy: Retain
         DeletionPolicy: Retain
         Properties:
+          OwnershipControls:
+            Rules:
+              - ObjectOwnership: BucketOwnerPreferred
           VersioningConfiguration:
             Status: Enabled
           BucketEncryption:
@@ -467,7 +500,7 @@ Resources:
               S3OriginConfig:
                 OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${WebAppBucketOriginAccessIdentity}"
               Id: webuiorigin
-            Enabled: 'true'
+            Enabled: true
             Comment: cloudfront distribution for lex-web-ui
             DefaultRootObject: index.html
             Logging:
@@ -510,7 +543,6 @@ Resources:
               - UseDefaultCloudfrontUrl
               - CloudFrontDefaultCertificate: true
               - AcmCertificateArn: !Ref WebAppAcmCertificateArn
-                CloudFrontDefaultCertificate: false
                 MinimumProtocolVersion: TLSv1.2_2018
                 SslSupportMethod: sni-only
             WebACLId: