Revert changes that granted the department read permission on the user upload database

Tian-2017 · Tian-2017 · commit 1cb17deef8bf · 2025-12-03T17:47:33.000Z
diff --git a/terraform/core/05-departments.tf b/terraform/core/05-departments.tf
@@ -155,7 +155,7 @@ module "department_data_and_insight" {
   user_uploads_bucket             = module.user_uploads
   cloudtrail_bucket               = module.cloudtrail_storage
   additional_glue_database_access = {
-    read_only  = ["data_and_insight_user_uploads_db"]
+    read_only  = []
     read_write = ["arcus_archive", "metastore"]
   }
   additional_s3_access = [
@@ -277,10 +277,6 @@ module "department_unrestricted" {
   mwaa_etl_scripts_bucket_arn     = aws_s3_bucket.mwaa_etl_scripts_bucket.arn
   mwaa_key_arn                    = aws_kms_key.mwaa_key.arn
   user_uploads_bucket             = module.user_uploads
-  additional_glue_database_access = {
-    read_only  = ["unrestricted_user_uploads_db"]
-    read_write = []
-  }
 }
 
 module "department_sandbox" {
@@ -432,10 +428,6 @@ module "department_environmental_services" {
   mwaa_etl_scripts_bucket_arn     = aws_s3_bucket.mwaa_etl_scripts_bucket.arn
   mwaa_key_arn                    = aws_kms_key.mwaa_key.arn
   user_uploads_bucket             = module.user_uploads
-  additional_glue_database_access = {
-    read_only  = ["env_services_user_uploads_db"]
-    read_write = []
-  }
 }
 
 module "department_housing" {
@@ -492,7 +484,7 @@ module "department_housing" {
     }
   ]
   additional_glue_database_access = {
-    read_only  = ["housing_user_uploads_db"]
+    read_only  = []
     read_write = ["housing_service_requests_ieg4", "housing_nec_migration", "housing_nec_migration_outputs"]
   }
 }
@@ -668,7 +660,7 @@ module "department_children_family_services" {
   mwaa_key_arn                    = aws_kms_key.mwaa_key.arn
   user_uploads_bucket             = module.user_uploads
   additional_glue_database_access = {
-    read_only  = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live", "child_fam_services_user_uploads_db"]
+    read_only  = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live"]
     read_write = []
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,7 @@ module "department_data_and_insight" {`
`155`	`155`	`user_uploads_bucket = module.user_uploads`
`156`	`156`	`cloudtrail_bucket = module.cloudtrail_storage`
`157`	`157`	`additional_glue_database_access = {`
`158`		`- read_only = ["data_and_insight_user_uploads_db"]`
	`158`	`+ read_only = []`
`159`	`159`	`read_write = ["arcus_archive", "metastore"]`
`160`	`160`	`}`
`161`	`161`	`additional_s3_access = [`
`@@ -277,10 +277,6 @@ module "department_unrestricted" {`
`277`	`277`	`mwaa_etl_scripts_bucket_arn = aws_s3_bucket.mwaa_etl_scripts_bucket.arn`
`278`	`278`	`mwaa_key_arn = aws_kms_key.mwaa_key.arn`
`279`	`279`	`user_uploads_bucket = module.user_uploads`
`280`		`- additional_glue_database_access = {`
`281`		`- read_only = ["unrestricted_user_uploads_db"]`
`282`		`- read_write = []`
`283`		`- }`
`284`	`280`	`}`
`285`	`281`
`286`	`282`	`module "department_sandbox" {`
`@@ -432,10 +428,6 @@ module "department_environmental_services" {`
`432`	`428`	`mwaa_etl_scripts_bucket_arn = aws_s3_bucket.mwaa_etl_scripts_bucket.arn`
`433`	`429`	`mwaa_key_arn = aws_kms_key.mwaa_key.arn`
`434`	`430`	`user_uploads_bucket = module.user_uploads`
`435`		`- additional_glue_database_access = {`
`436`		`- read_only = ["env_services_user_uploads_db"]`
`437`		`- read_write = []`
`438`		`- }`
`439`	`431`	`}`
`440`	`432`
`441`	`433`	`module "department_housing" {`
`@@ -492,7 +484,7 @@ module "department_housing" {`
`492`	`484`	`}`
`493`	`485`	`]`
`494`	`486`	`additional_glue_database_access = {`
`495`		`- read_only = ["housing_user_uploads_db"]`
	`487`	`+ read_only = []`
`496`	`488`	`read_write = ["housing_service_requests_ieg4", "housing_nec_migration", "housing_nec_migration_outputs"]`
`497`	`489`	`}`
`498`	`490`	`}`
`@@ -668,7 +660,7 @@ module "department_children_family_services" {`
`668`	`660`	`mwaa_key_arn = aws_kms_key.mwaa_key.arn`
`669`	`661`	`user_uploads_bucket = module.user_uploads`
`670`	`662`	`additional_glue_database_access = {`
`671`		`- read_only = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live", "child_fam_services_user_uploads_db"]`
	`663`	`+ read_only = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live"]`
`672`	`664`	`read_write = []`
`673`	`665`	`}`
`674`	`666`	`}`