remove unused policy

Author: anthony-nhs

packages/cdk/nagSuppressions.ts

@@ -80,18 +80,6 @@ export const nagSuppressions = (stack: Stack) => {
     ]
   )
 
-  // Suppress wildcard permissions for CreateIndex policy
-  safeAddNagSuppression(
-    stack,
-    "/EpsAssistMeStack/RuntimePolicies/CreateIndexPolicy/Resource",
-    [
-      {
-        id: "AwsSolutions-IAM5",
-        reason: "Lambda needs access to all OpenSearch collections and indexes to create and manage indexes."
-      }
-    ]
-  )
-
   // Suppress wildcard permissions for SlackBot policy
   safeAddNagSuppression(
     stack,

packages/cdk/resources/Functions.ts

@@ -19,7 +19,6 @@ export interface FunctionsProps {
   readonly commitId: string
   readonly logRetentionInDays: number
   readonly logLevel: string
-  readonly createIndexManagedPolicy: ManagedPolicy
   readonly slackBotManagedPolicy: ManagedPolicy
   readonly slackBotTokenParameter: StringParameter
   readonly syncKnowledgeBaseManagedPolicy: ManagedPolicy

packages/cdk/resources/RuntimePolicies.ts

@@ -20,39 +20,12 @@ export interface RuntimePoliciesProps {
 }
 
 export class RuntimePolicies extends Construct {
-  public readonly createIndexPolicy: ManagedPolicy
   public readonly slackBotPolicy: ManagedPolicy
   public readonly syncKnowledgeBasePolicy: ManagedPolicy
 
   constructor(scope: Construct, id: string, props: RuntimePoliciesProps) {
     super(scope, id)
 
-    // Create managed policy for CreateIndex Lambda function
-    const createIndexPolicy = new PolicyStatement({
-      actions: [
-        "aoss:APIAccessAll",
-        "aoss:DescribeIndex",
-        "aoss:ReadDocument",
-        "aoss:CreateIndex",
-        "aoss:DeleteIndex",
-        "aoss:UpdateIndex",
-        "aoss:WriteDocument",
-        "aoss:CreateCollectionItems",
-        "aoss:DeleteCollectionItems",
-        "aoss:UpdateCollectionItems",
-        "aoss:DescribeCollectionItems"
-      ],
-      resources: [
-        `arn:aws:aoss:${props.region}:${props.account}:collection/*`,
-        `arn:aws:aoss:${props.region}:${props.account}:index/*`
-      ]
-    })
-
-    this.createIndexPolicy = new ManagedPolicy(this, "CreateIndexPolicy", {
-      description: "Policy for Lambda to create OpenSearch index",
-      statements: [createIndexPolicy]
-    })
-
     // Create managed policy for SlackBot Lambda function
     const slackBotPolicy = new PolicyStatement({
       actions: ["bedrock:InvokeModel"],

packages/cdk/stacks/EpsAssistMeStack.ts

@@ -122,7 +122,6 @@ export class EpsAssistMeStack extends Stack {
       commitId: props.commitId,
       logRetentionInDays,
       logLevel,
-      createIndexManagedPolicy: runtimePolicies.createIndexPolicy,
       slackBotManagedPolicy: runtimePolicies.slackBotPolicy,
       syncKnowledgeBaseManagedPolicy: runtimePolicies.syncKnowledgeBasePolicy,
       slackBotTokenParameter: secrets.slackBotTokenParameter,