fix: opt in region test to correct account

Signed-off-by: Kevin Shan <[email protected]>

Author: Siqi-Shan

scripts/e2e-test-regions.json

@@ -0,0 +1,22 @@
+[
+  { "name": "ap-east-1", "optIn": true },
+  { "name": "ap-northeast-1", "optIn": false },
+  { "name": "ap-northeast-2", "optIn": false },
+  { "name": "ap-northeast-3", "optIn": false },
+  { "name": "ap-south-1", "optIn": false },
+  { "name": "ap-southeast-1", "optIn": false },
+  { "name": "ap-southeast-2", "optIn": false },
+  { "name": "ca-central-1", "optIn": false },
+  { "name": "eu-central-1", "optIn": false },
+  { "name": "eu-north-1", "optIn": false },
+  { "name": "eu-south-1", "optIn": true },
+  { "name": "eu-west-1", "optIn": false },
+  { "name": "eu-west-2", "optIn": false },
+  { "name": "eu-west-3", "optIn": false },
+  { "name": "me-south-1", "optIn": true },
+  { "name": "sa-east-1", "optIn": false },
+  { "name": "us-east-1", "optIn": false },
+  { "name": "us-east-2", "optIn": false },
+  { "name": "us-west-1", "optIn": false },
+  { "name": "us-west-2", "optIn": false }
+]

shared-scripts.sh

@@ -339,10 +339,26 @@ function _unassumeTestAccountCredentials {
 function useChildAccountCredentials {
     if [ -z "$USE_PARENT_ACCOUNT" ]; then
         export AWS_PAGER=""
+        export AWS_MAX_ATTEMPTS=5
+        export AWS_STS_REGIONAL_ENDPOINTS=regional
         parent_acct=$(aws sts get-caller-identity | jq -cr '.Account')
         child_accts=$(aws organizations list-accounts | jq -c "[.Accounts[].Id | select(. != \"$parent_acct\")]")
         org_size=$(echo $child_accts | jq 'length')
-        pick_acct=$(echo $child_accts | jq -cr ".[$RANDOM % $org_size]")
+        opt_in_regions=$(jq -r '.[] | select(.optIn == true) | .name' $CODEBUILD_SRC_DIR/scripts/e2e-test-regions.json)
+        if echo "$opt_in_regions" | grep -qw "$CLI_REGION"; then
+            child_accts=$(echo $child_accts | jq -cr '.[]')
+            for child_acct in $child_accts; do
+                # Get enabled opt-in regions for the child account
+                enabled_regions=$(aws account list-regions --account-id $child_acct --region-opt-status-contains ENABLED)
+                # Check if given opt-in region is enabled for the child account
+                if echo "$enabled_regions" | jq -e ".Regions[].RegionName == \"$CLI_REGION\""; then
+                    pick_acct=$child_acct
+                    break
+                fi
+            done
+        else
+            pick_acct=$(echo $child_accts | jq -cr ".[$RANDOM % $org_size]")
+        fi
         session_id=$((1 + $RANDOM % 10000))
         if [[ -z "$pick_acct" || -z "$session_id" ]]; then
           echo "Unable to find a child account. Falling back to parent AWS account"