imagebuilder custom_script.yaml is incompatible with GovCloud regions (work-around provided)

[alfred-stokespace]

Your problem is here https://github.com/aws/aws-parallelcluster/blob/release-3.8/cli/src/pcluster/resources/imagebuilder/custom_script.yaml#L36

      - name: Download
        action: ExecuteBash
        inputs:
          commands:
            - |
              set -v
              if [[ {{ build.ScriptUrlScheme.outputs.stdout }} == "https" ]]; then
                curl --retry 3 -L -o {{ build.TempScript.outputs.stdout }} {{ build.ScriptUrl.outputs.stdout }}
              elif [[ {{ build.ScriptUrlScheme.outputs.stdout }} == "s3" ]]; then
                aws s3 cp {{ build.ScriptUrl.outputs.stdout }} {{ build.TempScript.outputs.stdout }}
              else
                echo "Invalid script url"
                exit {{ build.Fail.outputs.stdout }}
              fi

specifically aws s3 cp {{ build.ScriptUrl.outputs.stdout }} {{ build.TempScript.outputs.stdout }}

The problem: region is assumed and if you are in, say us-gov-west-1, that fails.

Confirmed work around: When you are declaring your imagebuilder yaml you need to game the system.

Build:
    Components:
     - Type: script
        Value: 's3://bucketname/path/to/wonderfull/things/necessary-script.sh --region us-gov-west-1'

Why that works... Since aws s3 cp {{ build.ScriptUrl.outputs.stdout }} {{ build.TempScript.outputs.stdout }} gets interpreted by bash, bash doesn't care that s3://bucketname/path/to/wonderfull/things/necessary-script.sh --region us-gov-west-1 is actually two strings, so aws s3 gets the --region ... option.

This was confirmed to work in us-gov-west-1

[enrico-usai]

Thanks @alfred-stokespace for sharing the finding and the workaround!