Merge pull request aws#4757 from laileni-aws/feature/proactivesub

codewhisperer: telemetry(requestHeaders property) and error handling for uploadArtifactS3Url

Author: awsanakkala

packages/core/src/codewhisperer/client/user-service-2.json

@@ -603,7 +603,10 @@
             "members": {
                 "uploadId": { "shape": "UploadId" },
                 "uploadUrl": { "shape": "PreSignedUrl" },
-                "kmsKeyArn": { "shape": "ResourceArn" }
+                "kmsKeyArn": { "shape": "ResourceArn" },
+                "requestHeaders": {
+                    "shape": "RequestHeaders"
+                }
             }
         },
         "CursorState": {
@@ -1142,6 +1145,27 @@
             "min": 0,
             "pattern": "arn:([-.a-z0-9]{1,63}:){2}([-.a-z0-9]{0,63}:){2}([a-zA-Z0-9-_:/]){1,1023}"
         },
+        "RequestHeaderKey": {
+            "type": "string",
+            "max": 64,
+            "min": 1
+        },
+        "RequestHeaderValue": {
+            "type": "string",
+            "max": 256,
+            "min": 1
+        },
+        "RequestHeaders": {
+            "type": "map",
+            "key": {
+                "shape": "RequestHeaderKey"
+            },
+            "value": {
+                "shape": "RequestHeaderValue"
+            },
+            "max": 16,
+            "min": 1
+        },
         "ResourceNotFoundException": {
             "type": "structure",
             "required": ["message"],

packages/core/src/codewhisperer/service/securityScanHandler.ts

@@ -225,9 +225,18 @@ export async function uploadArtifactToS3(fileName: string, resp: CreateUploadUrl
         headersObj['x-amz-server-side-encryption-aws-kms-key-id'] = resp.kmsKeyArn
     }
 
-    const response = await request.fetch('PUT', resp.uploadUrl, {
-        body: readFileSync(fileName),
-        headers: headersObj,
-    }).response
-    getLogger().debug(`StatusCode: ${response.status}, Text: ${response.statusText}`)
+    try {
+        const response = await request.fetch('PUT', resp.uploadUrl, {
+            body: readFileSync(fileName),
+            headers: resp?.requestHeaders ?? headersObj,
+        }).response
+        getLogger().debug(`StatusCode: ${response.status}, Text: ${response.statusText}`)
+    } catch (error) {
+        getLogger().error(
+            `Amazon Q is unable to upload workspace artifacts to Amazon S3 for security scans. For more information, see the Amazon Q documentation or contact your network or organization administrator.`
+        )
+        throw new Error(
+            `Amazon Q is unable to upload workspace artifacts to Amazon S3 for security scans. For more information, see the [Amazon Q documentation](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html) or contact your network or organization administrator.`
+        )
+    }
 }