Fix Version Latest Lambda Code

[khill2018]

Description of the change

Fixes CP-41833. Customer stacks deployed with Version=latest were running with frozen Lambda code because CloudFormation compares CodeUri as a string and latest/services/discovery.zip never changed across releases. Template changes that referenced new Lambda response attributes (e.g. BillingReportFormat from CP-40732) then failed customer update-stack with Vendor response doesn't contain <attr> attribute and rolled back.

What changed

Makefile (copy-to-s3) — All text files (CFN templates, SAM app templates, IAM policy JSON) are now piped through sed 's|${Version}|v1.0.<N>|g' before upload, where <N> is the current build's git rev count; zip files are copied unchanged. The deploy target uploads to both the versioned path (v1.0.<N>/) and latest/. Both copies have the semver baked into ${Version} references — versioned was already path-locked to that semver, so its resolved CodeUri is identical; the load-bearing change is that latest/ now points at versioned S3 paths for inner templates and Lambda zips, so the resolved CodeUri Key differs each release and CFN refreshes the Lambda.

services/discovery/template.yaml and services/connected_account{,_dev}.yaml — Version properties on the Custom::Discovery and Custom::NotifyCloudZero resources changed from hardcoded literals ('20230523' and '1') to !Sub ${Version}, which sed then resolves at build time. All three files retain their Version CFN parameter with default latest, so the source templates remain valid for direct stack deploys as well.

[khill2018]

@greptile

[greptile-apps]

Greptile Summary

This PR fixes stale Lambda code for customer stacks deployed with Version=latest by baking the build semver into all ${Version} references in YAML/JSON templates before upload, so the resolved CodeUri.Key changes each release and CloudFormation is forced to refresh the Lambda.

• Makefile (copy-to-s3): Templates are now piped through sed 's|${Version}|v1.0.<N>|g' before uploading to both the versioned path and latest/; zip files are copied unchanged. This is the load-bearing fix — the latest/ copy now contains versioned S3 paths instead of latest/..., so CFN sees a new key on every release.
• services/discovery/template.yaml, connected_account.yaml, connected_account_dev.yaml: Custom resource Version properties changed from hardcoded literals ('20230523', '1') to !Sub ${Version}, which sed resolves at upload time to give CFN a per-release change trigger.

Confidence Score: 5/5

Safe to merge. The sed rewrite is correctly scoped to the literal ${Version} token (single-quoted in shell, so no unintended variable expansion), zip artifacts are untouched, and the latest/ copy correctly points at versioned S3 paths after the rewrite.

The core mechanism — single-quoted sed pattern inside the Makefile recipe — correctly passes the literal string ${Version} to sed without shell expansion. Versioned uploads happen before the latest/ copy, so the referenced S3 objects always exist by the time the latest/ templates land. IAM policy JSON files won't be unintentionally modified since they don't contain ${Version}. No logic changes affect runtime Lambda behaviour or CFN parameter contracts.

No files require special attention.

Important Files Changed

Filename	Overview
Makefile	Rewrites copy-to-s3 to pipe YAML/JSON through sed at upload time, baking the build semver into all ${Version} references before the object lands in S3; zip files are copied unchanged.
services/discovery/template.yaml	Changes DiscoveryResource.Version from hardcoded '20230523' to !Sub ${Version}, which sed rewrites to the build semver at upload time, making it an effective CFN update trigger.
services/connected_account.yaml	Changes NotifyCloudZero.Version from hardcoded '1' to !Sub ${Version} so sed can substitute the semver at build time, consistent with the update-trigger pattern.
services/connected_account_dev.yaml	Same change as connected_account.yaml applied to the dev variant.
docs/releases/1.0.97.md	New release note documenting the Lambda code refresh fix and advising affected customers to re-run update-stack.

_{Reviews (5): Last reviewed commit: "some minor make updates" | Re-trigger Greptile}

[qiuz-cz]

Looked over with @khill2018 LGTM