fix: CloudFormation timeout if $AWS_ENDPOINT_URL_S3 is set during cdk deploy

[rix0rrr]

The CLI asks the SDK for the URL to an S3 bucket, in order to pass it to CloudFormation. CloudFormation will then attempt to contact S3 on that URL in order to download the template.

A feature of the the SDK is to respect the $AWS_ENDPOINT_URL_S3 environment variable, which can be used to override the S3 endpoint that the SDK will hit; you might use this if you have private VPC endpoints for a number of AWS services.

The problem arises that $AWS_ENDPOINT_URL_S3 also affects the URL that the CDK CLI passes to CloudFormation. This will most likely be an endpoint that is not routable for CloudFormation like https://vpce-xxx.s3.us-east-1.vpce.amazonaws.com, and CloudFormation will time out waiting for the template download.

To get around this, we will temporarily unset $AWS_ENDPOINT_URL_S3 for the duration of calling the SDK to provide us with a URL.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.59%. Comparing base (96fda68) to head (4484101).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #933      +/-   ##
==========================================
- Coverage   84.10%   83.59%   -0.51%     
==========================================
  Files          71       71              
  Lines       10437    10437              
  Branches     1336     1323      -13     
==========================================
- Hits         8778     8725      -53     
- Misses       1621     1674      +53     
  Partials       38       38              

Flag	Coverage Δ
suite.unit	83.59% <ø> (-0.51%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mrgrain]

(blocking): I'm leaning against the proliferation of introducing undocumented env vars doing things. I'm guessing this was added to preempt new issues? Let me reason this through:

• Currently when AWS_ENDPOINT_URL_S3 is set it will break deployment
• This PR fixes that
• If someone deliberately used AWS_ENDPOINT_URL_S3 to do something unknown that we do not know about, they will be broken now.
• How do they find the new env var? I say they won't and they will open an issue anyway.

I vote we only address this if someone has this problem.

[mrgrain]

Discussed offline. This might help use cases like OpenStack and LocalStack.