Skip to content

Commit b90b97c

Browse files
jacklearyjackleary
committed
NRL-1188 update glue iam policy
1 parent 85e6fa3 commit b90b97c

File tree

1 file changed

+0
-25
lines changed
  • terraform/account-wide-infrastructure/modules/glue

1 file changed

+0
-25
lines changed

terraform/account-wide-infrastructure/modules/glue/iam.tf

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -29,17 +29,6 @@ resource "aws_iam_role_policy" "glue_service_role_policy" {
2929
"s3:ListBucket",
3030
"s3:ListAllMyBuckets",
3131
"s3:GetBucketAcl",
32-
"ec2:DescribeVpcEndpoints",
33-
"ec2:DescribeRouteTables",
34-
"ec2:CreateNetworkInterface",
35-
"ec2:DeleteNetworkInterface",
36-
"ec2:DescribeNetworkInterfaces",
37-
"ec2:DescribeSecurityGroups",
38-
"ec2:DescribeSubnets",
39-
"ec2:DescribeVpcAttribute",
40-
"iam:ListRolePolicies",
41-
"iam:GetRole",
42-
"iam:GetRolePolicy",
4332
"cloudwatch:PutMetricData"
4433
],
4534
"Resource" : ["*"]
@@ -73,20 +62,6 @@ resource "aws_iam_role_policy" "glue_service_role_policy" {
7362
"logs:PutLogEvents"
7463
],
7564
"Resource" : ["arn:aws:logs:*:*:*:/aws-glue/*"]
76-
},
77-
{
78-
"Effect" : "Allow",
79-
"Action" : ["ec2:CreateTags", "ec2:DeleteTags"],
80-
"Condition" : {
81-
"ForAllValues:StringEquals" : {
82-
"aws:TagKeys" : ["aws-glue-service-resource"]
83-
}
84-
},
85-
"Resource" : [
86-
"arn:aws:ec2:*:*:network-interface/*",
87-
"arn:aws:ec2:*:*:security-group/*",
88-
"arn:aws:ec2:*:*:instance/*"
89-
]
9065
}
9166
]
9267
})

0 commit comments

Comments
 (0)