From 9e6a459b662bd54ab4d45b4f48a251ce14647e39 Mon Sep 17 00:00:00 2001 From: William Shelley Date: Thu, 28 Nov 2024 15:38:14 +0000 Subject: [PATCH] fix: assets bucket policy (#485) * fix: updated cdn module * fix: remove original bucket ref * fix: duplicate ref * fix: asset bucket attribute * fix: removed unused ref * fix: asset bucket issue * fix: provider issue * fix: provider issue pt 2 * fix: update lock files * fix: include .gitignore files and remove lock files to resolve issues once and for all * fix: bucket name using local * docs: update Terraform docs * fix: tf-formatting * fix: remove sts assume role from assets bucket * fix: lint - remove unused variable --------- Co-authored-by: laurence.barker@dvsa.gov.uk Co-authored-by: github-actions[bot] --- infra/terraform/accounts/nonprod/main.tf | 2 -- infra/terraform/accounts/prod/main.tf | 2 -- infra/terraform/modules/account/README.md | 1 - infra/terraform/modules/account/main.tf | 4 ---- infra/terraform/modules/account/variables.tf | 6 ------ 5 files changed, 15 deletions(-) diff --git a/infra/terraform/accounts/nonprod/main.tf b/infra/terraform/accounts/nonprod/main.tf index fe6d1d58a5..49fa96b258 100644 --- a/infra/terraform/accounts/nonprod/main.tf +++ b/infra/terraform/accounts/nonprod/main.tf @@ -24,8 +24,6 @@ module "environment-remote-state" { module "account" { source = "../../modules/account" - assets_bucket_policy_role = "OLCS-DEVAPPCI-DEVCI-OLCSCISLAVE" - create_ecr_resources = true create_assets_bucket = true create_github_resources = true diff --git a/infra/terraform/accounts/prod/main.tf b/infra/terraform/accounts/prod/main.tf index d13d2ae09a..a1a91bf79b 100644 --- a/infra/terraform/accounts/prod/main.tf +++ b/infra/terraform/accounts/prod/main.tf @@ -24,8 +24,6 @@ module "environment-remote-state" { module "account" { source = "../../modules/account" - assets_bucket_policy_role = "OLCS-APPCI-CI-OLCSCISLAVE" - create_ecr_resources = true create_assets_bucket = true create_github_resources = true diff --git a/infra/terraform/modules/account/README.md b/infra/terraform/modules/account/README.md index 837c08c914..11805900db 100644 --- a/infra/terraform/modules/account/README.md +++ b/infra/terraform/modules/account/README.md @@ -33,7 +33,6 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [assets\_bucket\_policy\_role](#input\_assets\_bucket\_policy\_role) | Assets bucket policy role | `string` | `""` | no | | [create\_assets\_bucket](#input\_create\_assets\_bucket) | Whether to create the assets bucket. | `bool` | `false` | no | | [create\_ecr\_resources](#input\_create\_ecr\_resources) | Whether to create the ECR resources. | `bool` | `false` | no | | [create\_github\_resources](#input\_create\_github\_resources) | Whether to create the GitHub resources. | `bool` | `false` | no | diff --git a/infra/terraform/modules/account/main.tf b/infra/terraform/modules/account/main.tf index 39104eafec..8dce0f65fb 100644 --- a/infra/terraform/modules/account/main.tf +++ b/infra/terraform/modules/account/main.tf @@ -22,10 +22,6 @@ data "aws_iam_policy_document" "s3_policy" { type = "Service" identifiers = ["cloudfront.amazonaws.com"] } - principals { - type = "AWS" - identifiers = ["arn:aws:sts::${local.account_id}:assumed-role/${var.assets_bucket_policy_role}"] - } } } diff --git a/infra/terraform/modules/account/variables.tf b/infra/terraform/modules/account/variables.tf index 5c8ea575b9..577066a6a1 100644 --- a/infra/terraform/modules/account/variables.tf +++ b/infra/terraform/modules/account/variables.tf @@ -51,9 +51,3 @@ variable "create_assets_bucket" { description = "Whether to create the assets bucket." default = false } - -variable "assets_bucket_policy_role" { - type = string - description = "Assets bucket policy role " - default = "" -}