From ead8b08328983702735cc5e638ba12e59b77c06e Mon Sep 17 00:00:00 2001
From: Gus Luxton <gus@gravitational.com>
Date: Wed, 10 Feb 2021 20:39:15 -0400
Subject: [PATCH] Upgrade pip to fix installation issues in AMI (#5514) (#5529)

---
 assets/aws/files/bin/teleport-get-cert   | 2 +-
 assets/aws/files/bin/teleport-renew-cert | 2 +-
 assets/aws/files/install.sh              | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/assets/aws/files/bin/teleport-get-cert b/assets/aws/files/bin/teleport-get-cert
index 33bf4ffda5d30..d69b302f539d5 100755
--- a/assets/aws/files/bin/teleport-get-cert
+++ b/assets/aws/files/bin/teleport-get-cert
@@ -24,7 +24,7 @@ then
 fi
 
 echo "No certs/keys found in ${TELEPORT_S3_BUCKET}. Going to request certificate for ${TELEPORT_DOMAIN_NAME}."
-certbot certonly -n --agree-tos --email ${TELEPORT_DOMAIN_ADMIN_EMAIL} --dns-route53 -d ${TELEPORT_DOMAIN_NAME}
+/usr/local/bin/certbot certonly -n --agree-tos --email ${TELEPORT_DOMAIN_ADMIN_EMAIL} --dns-route53 -d ${TELEPORT_DOMAIN_NAME}
 echo "Got certificate for ${TELEPORT_DOMAIN_NAME}. Syncing to S3."
 
 aws s3 sync /etc/letsencrypt/ s3://${TELEPORT_S3_BUCKET} --sse=AES256
diff --git a/assets/aws/files/bin/teleport-renew-cert b/assets/aws/files/bin/teleport-renew-cert
index 1f58c55d364e8..9ec035cc2e30d 100755
--- a/assets/aws/files/bin/teleport-renew-cert
+++ b/assets/aws/files/bin/teleport-renew-cert
@@ -16,4 +16,4 @@ fi
 
 # This is called periodically, if renewal is successful
 # certs are uploaded to the S3 Bucket
-certbot renew --deploy-hook=/usr/local/bin/teleport-upload-cert
+/usr/local/bin/certbot renew --deploy-hook=/usr/local/bin/teleport-upload-cert
diff --git a/assets/aws/files/install.sh b/assets/aws/files/install.sh
index 82bdb7bd70bb9..ebd201b3b43fb 100644
--- a/assets/aws/files/install.sh
+++ b/assets/aws/files/install.sh
@@ -33,6 +33,10 @@ rm -f /tmp/influxdb.rpm
 # Certbot is a tool to request letsencrypt certificates,
 # remove it if you don't need letsencrypt.
 sudo yum -y install python3 python3-pip
+# pip needs to be upgraded to work around issues with the 'cryptography' package
+pip3 install --upgrade pip
+# add new pip3 install location to PATH temporarily
+export PATH=/usr/local/bin:$PATH
 pip3 install -I awscli requests
 pip3 install certbot certbot-dns-route53