From 38404feb523302ab1c2b9e44fe9664cc7418f688 Mon Sep 17 00:00:00 2001
From: rishav-karanjit <rishavkj@amazon.com>
Date: Mon, 22 Sep 2025 14:25:58 -0700
Subject: [PATCH 1/7] auto commit

---
 cdk/bin/cdk.ts       |  7 +++++++
 cdk/lib/cdk-stack.ts | 18 +++++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 cdk/bin/cdk.ts

diff --git a/cdk/bin/cdk.ts b/cdk/bin/cdk.ts
new file mode 100644
index 00000000..08214db5
--- /dev/null
+++ b/cdk/bin/cdk.ts
@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { S3ECPythonGithub } from '../lib/cdk-stack';
+
+const app = new cdk.App();
+new S3ECPythonGithub(app, 'S3ECPythonGithub');
diff --git a/cdk/lib/cdk-stack.ts b/cdk/lib/cdk-stack.ts
index cdb7c489..43f72bff 100644
--- a/cdk/lib/cdk-stack.ts
+++ b/cdk/lib/cdk-stack.ts
@@ -106,16 +106,29 @@ export class S3ECPythonGithub extends cdk.Stack {
               resources: [
                 S3ECGithubTestS3Bucket.bucketArn + "/*", // object-level permissions need this extra path
                 S3ECTestServerGithubBucket.bucketArn + "/*", // Add permissions for the new test-server bucket
+                "arn:aws:s3:::aws-net-sdk-*/*" // permission for object inside S3EC .net bucket
               ],
             }),
             new PolicyStatement({
               effect: Effect.ALLOW,
               actions: [
                 "s3:ListBucket",
+                "s3:GetBucketAcl"
               ],
               resources: [
                 S3ECGithubTestS3Bucket.bucketArn,
                 S3ECTestServerGithubBucket.bucketArn, // Add permissions for the new test-server bucket
+                "arn:aws:s3:::aws-net-sdk-*", // permission for S3EC .net bucket
+              ],
+            }),
+            new PolicyStatement({
+              effect: Effect.ALLOW,
+              actions: [
+                "s3:CreateBucket",
+                "s3:DeleteBucket"
+              ],
+              resources: [
+                "arn:aws:s3:::aws-net-sdk-*"
               ],
             }),
           ]
@@ -155,7 +168,10 @@ export class S3ECPythonGithub extends cdk.Stack {
           "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
         },
         "StringLike": {
-          "token.actions.githubusercontent.com:sub": "repo:aws/amazon-s3-encryption-client-python:*"
+          "token.actions.githubusercontent.com:sub": [
+            "repo:aws/amazon-s3-encryption-client-python:*",
+            "repo:aws/private-amazon-s3-encryption-client-dotnet-staging:*"
+          ]
         }
       },
       "sts:AssumeRoleWithWebIdentity"

From 143721c142a3009c703904b7af848ef2b3f585b4 Mon Sep 17 00:00:00 2001
From: rishav-karanjit <rishavkj@amazon.com>
Date: Tue, 23 Sep 2025 11:31:37 -0700
Subject: [PATCH 2/7] auto commit

---
 cdk/lib/cdk-stack.ts | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/cdk/lib/cdk-stack.ts b/cdk/lib/cdk-stack.ts
index 43f72bff..1ccc05a0 100644
--- a/cdk/lib/cdk-stack.ts
+++ b/cdk/lib/cdk-stack.ts
@@ -74,7 +74,7 @@ export class S3ECPythonGithub extends cdk.Stack {
       this,
       "S3ECGithubTestS3Bucket",
       {
-        bucketName: "s3ec-python-github-test-bucket",
+        bucketName: "s3ec-python-github-test-bucket-" + this.account, // revert this
         blockPublicAccess: new BlockPublicAccess(AccessConfiguration)
       }
     )
@@ -84,7 +84,7 @@ export class S3ECPythonGithub extends cdk.Stack {
       this,
       "S3ECTestServerGithubBucket",
       {
-        bucketName: "s3ec-test-server-github-bucket",
+        bucketName: "s3ec-test-server-github-bucket-" + this.account, // revert this
         blockPublicAccess: new BlockPublicAccess(AccessConfiguration)
       }
     )
@@ -102,6 +102,7 @@ export class S3ECPythonGithub extends cdk.Stack {
                 "s3:PutObject",
                 "s3:GetObject",
                 "s3:DeleteObject",
+                "s3:DeleteObjectVersion"
               ],
               resources: [
                 S3ECGithubTestS3Bucket.bucketArn + "/*", // object-level permissions need this extra path
@@ -112,7 +113,10 @@ export class S3ECPythonGithub extends cdk.Stack {
             new PolicyStatement({
               effect: Effect.ALLOW,
               actions: [
+                "s3:CreateBucket",
+                "s3:DeleteBucket",
                 "s3:ListBucket",
+                "s3:ListBucketVersions",
                 "s3:GetBucketAcl"
               ],
               resources: [
@@ -121,16 +125,6 @@ export class S3ECPythonGithub extends cdk.Stack {
                 "arn:aws:s3:::aws-net-sdk-*", // permission for S3EC .net bucket
               ],
             }),
-            new PolicyStatement({
-              effect: Effect.ALLOW,
-              actions: [
-                "s3:CreateBucket",
-                "s3:DeleteBucket"
-              ],
-              resources: [
-                "arn:aws:s3:::aws-net-sdk-*"
-              ],
-            }),
           ]
         }),
       }

From d7de6f17cee099f21ccb43e4f50d7af70d4cd2d2 Mon Sep 17 00:00:00 2001
From: rishav-karanjit <rishavkj@amazon.com>
Date: Tue, 23 Sep 2025 11:32:49 -0700
Subject: [PATCH 3/7] auto commit

---
 cdk/lib/cdk-stack.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cdk/lib/cdk-stack.ts b/cdk/lib/cdk-stack.ts
index 1ccc05a0..456107da 100644
--- a/cdk/lib/cdk-stack.ts
+++ b/cdk/lib/cdk-stack.ts
@@ -74,7 +74,7 @@ export class S3ECPythonGithub extends cdk.Stack {
       this,
       "S3ECGithubTestS3Bucket",
       {
-        bucketName: "s3ec-python-github-test-bucket-" + this.account, // revert this
+        bucketName: "s3ec-python-github-test-bucket-",
         blockPublicAccess: new BlockPublicAccess(AccessConfiguration)
       }
     )
@@ -84,7 +84,7 @@ export class S3ECPythonGithub extends cdk.Stack {
       this,
       "S3ECTestServerGithubBucket",
       {
-        bucketName: "s3ec-test-server-github-bucket-" + this.account, // revert this
+        bucketName: "s3ec-test-server-github-bucket-",
         blockPublicAccess: new BlockPublicAccess(AccessConfiguration)
       }
     )

From 0346f16e8ea06815c5f76c36cbeaf71f6b73ef30 Mon Sep 17 00:00:00 2001
From: rishav-karanjit <rishavkj@amazon.com>
Date: Tue, 23 Sep 2025 11:33:45 -0700
Subject: [PATCH 4/7] auto commit

---
 cdk/lib/cdk-stack.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cdk/lib/cdk-stack.ts b/cdk/lib/cdk-stack.ts
index 456107da..85ff6eec 100644
--- a/cdk/lib/cdk-stack.ts
+++ b/cdk/lib/cdk-stack.ts
@@ -74,7 +74,7 @@ export class S3ECPythonGithub extends cdk.Stack {
       this,
       "S3ECGithubTestS3Bucket",
       {
-        bucketName: "s3ec-python-github-test-bucket-",
+        bucketName: "s3ec-python-github-test-bucket",
         blockPublicAccess: new BlockPublicAccess(AccessConfiguration)
       }
     )
@@ -84,7 +84,7 @@ export class S3ECPythonGithub extends cdk.Stack {
       this,
       "S3ECTestServerGithubBucket",
       {
-        bucketName: "s3ec-test-server-github-bucket-",
+        bucketName: "s3ec-test-server-github-bucket",
         blockPublicAccess: new BlockPublicAccess(AccessConfiguration)
       }
     )

From c3855941793b3503c9d10f057c0de779e634bea2 Mon Sep 17 00:00:00 2001
From: rishav-karanjit <rishavkj@amazon.com>
Date: Tue, 23 Sep 2025 11:47:06 -0700
Subject: [PATCH 5/7] auto commit

---
 cdk/lib/cdk-stack.ts | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/cdk/lib/cdk-stack.ts b/cdk/lib/cdk-stack.ts
index 85ff6eec..e9f3ebe9 100644
--- a/cdk/lib/cdk-stack.ts
+++ b/cdk/lib/cdk-stack.ts
@@ -102,27 +102,27 @@ export class S3ECPythonGithub extends cdk.Stack {
                 "s3:PutObject",
                 "s3:GetObject",
                 "s3:DeleteObject",
-                "s3:DeleteObjectVersion"
+                "s3:DeleteObjectVersion" // For S3EC-NET
               ],
               resources: [
                 S3ECGithubTestS3Bucket.bucketArn + "/*", // object-level permissions need this extra path
                 S3ECTestServerGithubBucket.bucketArn + "/*", // Add permissions for the new test-server bucket
-                "arn:aws:s3:::aws-net-sdk-*/*" // permission for object inside S3EC .net bucket
+                "arn:aws:s3:::aws-net-sdk-*/*" // permission for object inside S3EC .net bucket. For S3EC-NET
               ],
             }),
             new PolicyStatement({
               effect: Effect.ALLOW,
               actions: [
-                "s3:CreateBucket",
-                "s3:DeleteBucket",
+                "s3:CreateBucket", // For S3EC-NET
+                "s3:DeleteBucket", // For S3EC-NET
                 "s3:ListBucket",
-                "s3:ListBucketVersions",
-                "s3:GetBucketAcl"
+                "s3:ListBucketVersions", // For S3EC-NET
+                "s3:GetBucketAcl" // For S3EC-NET
               ],
               resources: [
                 S3ECGithubTestS3Bucket.bucketArn,
                 S3ECTestServerGithubBucket.bucketArn, // Add permissions for the new test-server bucket
-                "arn:aws:s3:::aws-net-sdk-*", // permission for S3EC .net bucket
+                "arn:aws:s3:::aws-net-sdk-*", // permission for S3EC .net bucket. For S3EC-NET
               ],
             }),
           ]
@@ -164,7 +164,7 @@ export class S3ECPythonGithub extends cdk.Stack {
         "StringLike": {
           "token.actions.githubusercontent.com:sub": [
             "repo:aws/amazon-s3-encryption-client-python:*",
-            "repo:aws/private-amazon-s3-encryption-client-dotnet-staging:*"
+            "repo:aws/private-amazon-s3-encryption-client-dotnet-staging:*" // For S3EC-NET
           ]
         }
       },

From 1c365c9e0759b3ed7187fb914ffe703fdc8a6ef2 Mon Sep 17 00:00:00 2001
From: rishav-karanjit <rishavkj@amazon.com>
Date: Tue, 23 Sep 2025 11:48:54 -0700
Subject: [PATCH 6/7] auto commit

---
 cdk/lib/cdk-stack.ts | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/cdk/lib/cdk-stack.ts b/cdk/lib/cdk-stack.ts
index e9f3ebe9..97b30088 100644
--- a/cdk/lib/cdk-stack.ts
+++ b/cdk/lib/cdk-stack.ts
@@ -102,27 +102,27 @@ export class S3ECPythonGithub extends cdk.Stack {
                 "s3:PutObject",
                 "s3:GetObject",
                 "s3:DeleteObject",
-                "s3:DeleteObjectVersion" // For S3EC-NET
+                "s3:DeleteObjectVersion" // For S3EC-NET repo
               ],
               resources: [
                 S3ECGithubTestS3Bucket.bucketArn + "/*", // object-level permissions need this extra path
                 S3ECTestServerGithubBucket.bucketArn + "/*", // Add permissions for the new test-server bucket
-                "arn:aws:s3:::aws-net-sdk-*/*" // permission for object inside S3EC .net bucket. For S3EC-NET
+                "arn:aws:s3:::aws-net-sdk-*/*" // permission for object inside S3EC .net bucket. For S3EC-NET repo
               ],
             }),
             new PolicyStatement({
               effect: Effect.ALLOW,
               actions: [
-                "s3:CreateBucket", // For S3EC-NET
-                "s3:DeleteBucket", // For S3EC-NET
+                "s3:CreateBucket", // For S3EC-NET repo
+                "s3:DeleteBucket", // For S3EC-NET repo
                 "s3:ListBucket",
-                "s3:ListBucketVersions", // For S3EC-NET
-                "s3:GetBucketAcl" // For S3EC-NET
+                "s3:ListBucketVersions", // For S3EC-NET repo
+                "s3:GetBucketAcl" // For S3EC-NET repo
               ],
               resources: [
                 S3ECGithubTestS3Bucket.bucketArn,
                 S3ECTestServerGithubBucket.bucketArn, // Add permissions for the new test-server bucket
-                "arn:aws:s3:::aws-net-sdk-*", // permission for S3EC .net bucket. For S3EC-NET
+                "arn:aws:s3:::aws-net-sdk-*", // permission for S3EC .net bucket. For S3EC-NET repo
               ],
             }),
           ]
@@ -164,7 +164,7 @@ export class S3ECPythonGithub extends cdk.Stack {
         "StringLike": {
           "token.actions.githubusercontent.com:sub": [
             "repo:aws/amazon-s3-encryption-client-python:*",
-            "repo:aws/private-amazon-s3-encryption-client-dotnet-staging:*" // For S3EC-NET
+            "repo:aws/private-amazon-s3-encryption-client-dotnet-staging:*" // For S3EC-NET repo
           ]
         }
       },

From 0e6cb7c5805289ecbbc3ed687ed28e221e601b14 Mon Sep 17 00:00:00 2001
From: rishav-karanjit <rishavkj@amazon.com>
Date: Tue, 23 Sep 2025 12:56:31 -0700
Subject: [PATCH 7/7] auto commit

---
 test-server/cpp-v2-server/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test-server/cpp-v2-server/Makefile b/test-server/cpp-v2-server/Makefile
index e9156d64..ad5c951e 100644
--- a/test-server/cpp-v2-server/Makefile
+++ b/test-server/cpp-v2-server/Makefile
@@ -8,7 +8,7 @@ PORT := 8085
 build/s3ec-server: 
 	brew install libmicrohttpd nlohmann-json ossp-uuid
 	git clone --recurse-submodules https://github.com/aws/aws-sdk-cpp.git
-	cd  aws-sdk-cpp && git checkout --track remotes/origin/ajewell/ec-for-get-object
+	cd  aws-sdk-cpp
 	mkdir -p build && cd build && cmake ..
 
 start-server: | build/s3ec-server