Revert "VED-Add-Lambda-s3 Policy (#894)"

This reverts commit f15a1c3.

Author: mfjarvis

infrastructure/instance/ecs_batch_processor_config.tf

@@ -158,14 +158,7 @@ resource "aws_iam_policy" "ecs_task_exec_policy" {
           "firehose:PutRecordBatch"
         ],
         "Resource" : "arn:aws:firehose:*:*:deliverystream/${module.splunk.firehose_stream_name}"
-      },
-      {
-        Effect = "Allow",
-        Action = [
-          "s3:PutObject",
-        ],
-        Resource = "${aws_s3_bucket.data_quality_reports_bucket.arn}/*"
-      },
+      }
     ]
   })
 }

infrastructure/instance/endpoints.tf

@@ -4,7 +4,6 @@ locals {
   policy_path = "${path.root}/policies"
 }
 
-# Select the Policy folder
 data "aws_iam_policy_document" "logs_policy_document" {
   source_policy_documents = [templatefile("${local.policy_path}/log.json", {})]
 }
@@ -57,20 +56,6 @@ data "aws_iam_policy_document" "imms_policy_document" {
   ]
 }
 
-data "aws_iam_policy_document" "imms_data_quality_s3_doc" {
-  source_policy_documents = [
-    templatefile("${local.policy_path}/s3_data_quality_access.json", {
-      s3_bucket_arn = aws_s3_bucket.data_quality_reports_bucket.arn
-      kms_key_arn   = data.aws_kms_key.existing_s3_encryption_key.arn
-    })
-  ]
-}
-
-resource "aws_iam_policy" "imms_s3_kms_policy" {
-  name   = "${local.short_prefix}-s3-kms-policy"
-  policy = data.aws_iam_policy_document.imms_data_quality_s3_doc.json
-}
-
 module "imms_event_endpoint_lambdas" {
   source = "./modules/lambda"
   count  = length(local.imms_endpoints)
@@ -85,19 +70,6 @@ module "imms_event_endpoint_lambdas" {
   vpc_security_group_ids = [data.aws_security_group.existing_securitygroup.id]
 }
 
-
-# Attach data quality report S3 bucket and KMS policy only to "create_imms" and "update_imms" endpoints
-resource "aws_iam_role_policy_attachment" "attach_data_quality_s3_to_specific_lambdas" {
-  for_each = {
-    for i, mod in module.imms_event_endpoint_lambdas :
-    local.imms_endpoints[i] => mod
-    if local.imms_endpoints[i] == "create_imms" || local.imms_endpoints[i] == "update_imms"
-  }
-
-  role       = each.value.lambda_role_name
-  policy_arn = aws_iam_policy.imms_s3_kms_policy.arn
-}
-
 locals {
   # Mapping outputs with each called lambda
   imms_lambdas = {

infrastructure/instance/modules/lambda/outputs.tf

@@ -7,6 +7,3 @@ output "lambda_arn" {
 output "invoke_arn" {
   value = module.lambda_function_container_image.lambda_function_invoke_arn
 }
-output "lambda_role_name" {
-  value = aws_iam_role.lambda_role.name
-}

infrastructure/instance/policies/s3_data_quality_access.json

@@ -85,15 +85,4 @@ resource "aws_s3_bucket_policy" "data_quality_bucket_policy" {
       },
     ]
   })
-}
-
-resource "aws_s3_bucket_server_side_encryption_configuration" "s3_data_quality_encryption" {
-  bucket = aws_s3_bucket.data_quality_reports_bucket.id
-
-  rule {
-    apply_server_side_encryption_by_default {
-      kms_master_key_id = data.aws_kms_key.existing_s3_encryption_key.arn
-      sse_algorithm     = "aws:kms"
-    }
-  }
 }