diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index a8b091f4aa5ecbb5223c37ae940532020b22a75c..71ead1bdb01299c11c8b3e027722b7f2ff40e40c 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -27,6 +27,8 @@ environmentVariables:
value: "http://os-entitlements:8080"
- name: REGISTER_BASE_URL
value: http://os-register:8080
+ - name: TMP_VOLUME_PATH
+ value: "/tmp"
# Resource Config
replicaCount: 1
@@ -62,7 +64,7 @@ cors:
securityContext:
runAsUser: 10001
runAsNonRoot: true
- readOnlyRootFilesystem: false
+ readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
diff --git a/provider/notification-aws/build-aws/Dockerfile b/provider/notification-aws/build-aws/Dockerfile
index bacdf23dcc2d3acf06a71d04dbd2ca9830c9efc3..07b035a53cfe282396db1095e69996e612ad9e23 100644
--- a/provider/notification-aws/build-aws/Dockerfile
+++ b/provider/notification-aws/build-aws/Dockerfile
@@ -19,12 +19,9 @@ ARG JAR_FILE=provider/notification-aws/target/*spring-boot.jar
# Harcoding this value since Notification-core requires this variable. AWS does not use it. Might change in future
ENV ENVIRONMENT=DEV
-#Default to using self signed generated TLS cert
-ENV USE_SELF_SIGNED_SSL_CERT true
WORKDIR /
COPY ${JAR_FILE} app.jar
-COPY /provider/notification-aws/build-aws/ssl.sh /ssl.sh
COPY /provider/notification-aws/build-aws/entrypoint.sh /entrypoint.sh
EXPOSE 8080
diff --git a/provider/notification-aws/build-aws/entrypoint.sh b/provider/notification-aws/build-aws/entrypoint.sh
index 9bd3ec69d01fba69f4bece2162e7faba5cc0f0cb..412f71afd92e9c2ed3e50a2863cb5675c8a69b43 100755
--- a/provider/notification-aws/build-aws/entrypoint.sh
+++ b/provider/notification-aws/build-aws/entrypoint.sh
@@ -1,15 +1,4 @@
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then
- export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
- export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
- export SSL_KEY_STORE_DIR=/tmp/certs;
- export SSL_KEY_STORE_NAME=osduonaws.p12;
- export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
- export SSL_KEY_ALIAS=osduonaws;
-
- ./ssl.sh;
-fi
java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
diff --git a/provider/notification-aws/build-aws/ssl.sh b/provider/notification-aws/build-aws/ssl.sh
deleted file mode 100755
index 9ede565684bdd46cb09e56fce721ced55206ca07..0000000000000000000000000000000000000000
--- a/provider/notification-aws/build-aws/ssl.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2021 Amazon Web Services
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/usr/bin/env bash
-
-#Future: Support for using Amazon Cert Manager
-# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
-# then
-
-# aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
-# openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
-# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
-# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
-
-# fi
-
-if [ -n $USE_SELF_SIGNED_SSL_CERT ];
-then
- mkdir -p $SSL_KEY_STORE_DIR
- pushd $SSL_KEY_STORE_DIR
- keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
- popd
-fi