fix: update docker build version (#38)

Author: schuettc

deployment/infrastructure/bedrock-auth-auth0.yaml

@@ -49,19 +49,10 @@ Parameters:
       - 'false'
     Description: Enable CloudWatch monitoring for Bedrock usage
 
-  EnableSessionTags:
-    Type: String
-    Default: 'true'
-    AllowedValues:
-      - 'true'
-      - 'false'
-    Description: Enable session tags for enhanced security and tracking
-
 Conditions:
   UseDirectIAM: !Equals [!Ref FederationType, direct]
   UseCognitoIdentity: !Equals [!Ref FederationType, cognito]
   MonitoringEnabled: !Equals [!Ref EnableMonitoring, 'true']
-  SessionTagsEnabled: !Equals [!Ref EnableSessionTags, 'true']
 
 Resources:
   # ===============================================
@@ -177,10 +168,7 @@ Resources:
               Federated: !GetAtt Auth0OIDCProvider.Arn
             Action:
               - 'sts:AssumeRoleWithWebIdentity'
-              - !If
-                - SessionTagsEnabled
-                - 'sts:TagSession'
-                - !Ref 'AWS::NoValue'
+              - 'sts:TagSession'
       ManagedPolicyArns:
         - !Ref BedrockAccessPolicy
       Tags:
@@ -272,6 +260,20 @@ Resources:
         authenticated: !GetAtt CognitoAuthenticatedRole.Arn
         unauthenticated: !GetAtt CognitoUnauthenticatedRole.Arn
 
+  # Principal Tag Mapping for Session Tags
+  IdentityPoolPrincipalTag:
+    Type: AWS::Cognito::IdentityPoolPrincipalTag
+    Condition: UseCognitoIdentity
+    DeletionPolicy: Delete
+    Properties:
+      IdentityPoolId: !Ref CognitoIdentityPool
+      IdentityProviderName: !Ref Auth0Domain
+      UseDefaults: false
+      PrincipalTags:
+        UserEmail: email
+        UserId: sub
+        UserName: name
+
   # ===============================================
   # Optional Monitoring Resources
   # ===============================================

deployment/infrastructure/bedrock-auth-azure.yaml

@@ -49,19 +49,10 @@ Parameters:
       - 'false'
     Description: Enable CloudWatch monitoring for Bedrock usage
 
-  EnableSessionTags:
-    Type: String
-    Default: 'true'
-    AllowedValues:
-      - 'true'
-      - 'false'
-    Description: Enable session tags for enhanced security and tracking
-
 Conditions:
   UseDirectIAM: !Equals [!Ref FederationType, direct]
   UseCognitoIdentity: !Equals [!Ref FederationType, cognito]
   MonitoringEnabled: !Equals [!Ref EnableMonitoring, 'true']
-  SessionTagsEnabled: !Equals [!Ref EnableSessionTags, 'true']
 
 Resources:
   # ===============================================
@@ -177,10 +168,7 @@ Resources:
               Federated: !GetAtt AzureOIDCProvider.Arn
             Action:
               - 'sts:AssumeRoleWithWebIdentity'
-              - !If
-                - SessionTagsEnabled
-                - 'sts:TagSession'
-                - !Ref 'AWS::NoValue'
+              - 'sts:TagSession'
       ManagedPolicyArns:
         - !Ref BedrockAccessPolicy
       Tags:
@@ -272,6 +260,20 @@ Resources:
         authenticated: !GetAtt CognitoAuthenticatedRole.Arn
         unauthenticated: !GetAtt CognitoUnauthenticatedRole.Arn
 
+  # Principal Tag Mapping for Session Tags
+  IdentityPoolPrincipalTag:
+    Type: AWS::Cognito::IdentityPoolPrincipalTag
+    Condition: UseCognitoIdentity
+    DeletionPolicy: Delete
+    Properties:
+      IdentityPoolId: !Ref CognitoIdentityPool
+      IdentityProviderName: !Sub 'login.microsoftonline.com/${AzureTenantId}/v2.0'
+      UseDefaults: false
+      PrincipalTags:
+        UserEmail: email
+        UserId: sub
+        UserName: name
+
   # ===============================================
   # Optional Monitoring Resources
   # ===============================================

deployment/infrastructure/bedrock-auth-cognito-pool.yaml

@@ -55,19 +55,10 @@ Parameters:
       - 'false'
     Description: Enable CloudWatch monitoring for Bedrock usage
 
-  EnableSessionTags:
-    Type: String
-    Default: 'true'
-    AllowedValues:
-      - 'true'
-      - 'false'
-    Description: Enable session tags for enhanced security and tracking
-
 Conditions:
   UseDirectIAM: !Equals [!Ref FederationType, direct]
   UseCognitoIdentity: !Equals [!Ref FederationType, cognito]
   MonitoringEnabled: !Equals [!Ref EnableMonitoring, 'true']
-  SessionTagsEnabled: !Equals [!Ref EnableSessionTags, 'true']
 
 Resources:
   # ===============================================
@@ -183,10 +174,7 @@ Resources:
               Federated: !GetAtt CognitoUserPoolOIDCProvider.Arn
             Action:
               - 'sts:AssumeRoleWithWebIdentity'
-              - !If
-                - SessionTagsEnabled
-                - 'sts:TagSession'
-                - !Ref 'AWS::NoValue'
+              - 'sts:TagSession'
       ManagedPolicyArns:
         - !Ref BedrockAccessPolicy
       Tags:
@@ -226,6 +214,7 @@ Resources:
               Federated: cognito-identity.amazonaws.com
             Action:
               - 'sts:AssumeRoleWithWebIdentity'
+              - 'sts:TagSession'
             Condition:
               StringEquals:
                 'cognito-identity.amazonaws.com:aud': !Ref CognitoIdentityPool
@@ -280,6 +269,19 @@ Resources:
         authenticated: !GetAtt CognitoAuthenticatedRole.Arn
         unauthenticated: !GetAtt CognitoUnauthenticatedRole.Arn
 
+  # Principal Tag Mapping for Session Tags
+  IdentityPoolPrincipalTag:
+    Type: AWS::Cognito::IdentityPoolPrincipalTag
+    Condition: UseCognitoIdentity
+    DeletionPolicy: Delete
+    Properties:
+      IdentityPoolId: !Ref CognitoIdentityPool
+      IdentityProviderName: !Sub 'cognito-idp.${AWS::Region}.amazonaws.com/${CognitoUserPoolId}'
+      UseDefaults: false
+      PrincipalTags:
+        UserEmail: email
+        UserId: sub
+
   # ===============================================
   # Optional Monitoring Resources
   # ===============================================

deployment/infrastructure/bedrock-auth-okta.yaml

@@ -49,19 +49,10 @@ Parameters:
       - 'false'
     Description: Enable CloudWatch monitoring for Bedrock usage
 
-  EnableSessionTags:
-    Type: String
-    Default: 'true'
-    AllowedValues:
-      - 'true'
-      - 'false'
-    Description: Enable session tags for enhanced security and tracking
-
 Conditions:
   UseDirectIAM: !Equals [!Ref FederationType, direct]
   UseCognitoIdentity: !Equals [!Ref FederationType, cognito]
   MonitoringEnabled: !Equals [!Ref EnableMonitoring, 'true']
-  SessionTagsEnabled: !Equals [!Ref EnableSessionTags, 'true']
 
 Resources:
   # ===============================================
@@ -176,10 +167,7 @@ Resources:
               Federated: !GetAtt OktaOIDCProvider.Arn
             Action:
               - 'sts:AssumeRoleWithWebIdentity'
-              - !If
-                - SessionTagsEnabled
-                - 'sts:TagSession'
-                - !Ref 'AWS::NoValue'
+              - 'sts:TagSession'
       ManagedPolicyArns:
         - !Ref BedrockAccessPolicy
       Tags:
@@ -271,6 +259,20 @@ Resources:
         authenticated: !GetAtt CognitoAuthenticatedRole.Arn
         unauthenticated: !GetAtt CognitoUnauthenticatedRole.Arn
 
+  # Principal Tag Mapping for Session Tags
+  IdentityPoolPrincipalTag:
+    Type: AWS::Cognito::IdentityPoolPrincipalTag
+    Condition: UseCognitoIdentity
+    DeletionPolicy: Delete
+    Properties:
+      IdentityPoolId: !Ref CognitoIdentityPool
+      IdentityProviderName: !Ref OktaDomain
+      UseDefaults: false
+      PrincipalTags:
+        UserEmail: email
+        UserId: sub
+        UserName: name
+
   # ===============================================
   # Optional Monitoring Resources
   # ===============================================