CCM-8585: tf cleanup

Author: alexnuttall

infrastructure/terraform/components/app/module_backend_api.tf

@@ -9,7 +9,6 @@ module "backend_api" {
   region                = var.region
   group                 = var.group
   csi                   = local.csi
-  csi_global            = local.csi_global
   log_retention_in_days = var.log_retention_in_days
 
   shared_kms_key_arn = module.kms.key_arn

infrastructure/terraform/components/sandbox/locals_tfscaffold.tf

@@ -10,20 +10,6 @@ locals {
     "",
   )
 
-  # CSI for use in resources with a global namespace, i.e. S3 Buckets
-  csi_global = replace(
-    format(
-      "%s-%s-%s-%s-%s",
-      var.project,
-      var.aws_account_id,
-      var.region,
-      var.environment,
-      var.component,
-    ),
-    "_",
-    "",
-  )
-
   default_tags = merge(
     var.default_tags,
     {

infrastructure/terraform/components/sandbox/module_backend_api.tf

@@ -7,7 +7,6 @@ module "backend_api" {
   region                = var.region
   group                 = var.group
   csi                   = local.csi
-  csi_global            = local.csi_global
   log_retention_in_days = var.log_retention_in_days
 
   shared_kms_key_arn = module.kms.key_arn

infrastructure/terraform/components/sandbox/module_kms.tf

@@ -10,37 +10,5 @@ module "kms" {
   name                 = "main"
   deletion_window      = var.kms_deletion_window
   alias                = "alias/${local.csi}"
-  key_policy_documents = [data.aws_iam_policy_document.kms.json]
   iam_delegation       = true
 }
-
-data "aws_iam_policy_document" "kms" {
-  # '*' resource scope is permitted in access policies as as the resource is itself
-  # https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-services.html
-
-  statement {
-    sid    = "AllowCloudWatchEncrypt"
-    effect = "Allow"
-
-    principals {
-      type = "Service"
-
-      identifiers = [
-        "logs.${var.region}.amazonaws.com",
-        "sns.amazonaws.com",
-      ]
-    }
-
-    actions = [
-      "kms:Encrypt*",
-      "kms:Decrypt*",
-      "kms:ReEncrypt*",
-      "kms:GenerateDataKey*",
-      "kms:Describe*"
-    ]
-
-    resources = [
-      "*",
-    ]
-  }
-}

infrastructure/terraform/modules/backend-api/README.md

@@ -13,7 +13,6 @@ No requirements.
 | <a name="input_cognito_config"></a> [cognito\_config](#input\_cognito\_config) | Cognito config | <pre>object({<br/>    USER_POOL_ID : string,<br/>    USER_POOL_CLIENT_ID : string<br/>  })</pre> | n/a | yes |
 | <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"api"` | no |
 | <a name="input_csi"></a> [csi](#input\_csi) | CSI from the parent component | `string` | n/a | yes |
-| <a name="input_csi_global"></a> [csi\_global](#input\_csi\_global) | Global CSI from the parent component | `string` | n/a | yes |
 | <a name="input_enable_backup"></a> [enable\_backup](#input\_enable\_backup) | Enable Backups for the DynamoDB table? | `bool` | `true` | no |
 | <a name="input_enable_letters"></a> [enable\_letters](#input\_enable\_letters) | Enable letters feature flag | `bool` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |

infrastructure/terraform/modules/backend-api/locals.tf

@@ -1,26 +1,25 @@
 locals {
-  csi = "${var.csi}-${var.component}"
-  csi_global = "${var.csi_global}-${var.component}"
+  csi        = "${var.csi}-${var.component}"
 
   lambdas_source_code_dir = abspath("${path.module}/../../../../lambdas")
 
   openapi_spec = templatefile("${path.module}/spec.tmpl.json", {
-    AWS_REGION              = var.region
-    APIG_EXECUTION_ROLE_ARN = aws_iam_role.api_gateway_execution_role.arn
-    AUTHORIZER_LAMBDA_ARN   = module.authorizer_lambda.function_arn
-    CREATE_LAMBDA_ARN       = module.create_template_lambda.function_arn
+    AWS_REGION               = var.region
+    APIG_EXECUTION_ROLE_ARN  = aws_iam_role.api_gateway_execution_role.arn
+    AUTHORIZER_LAMBDA_ARN    = module.authorizer_lambda.function_arn
+    CREATE_LAMBDA_ARN        = module.create_template_lambda.function_arn
     CREATE_LETTER_LAMBDA_ARN = module.create_letter_template_lambda.function_arn
-    UPDATE_LAMBDA_ARN       = module.update_template_lambda.function_arn
-    GET_LAMBDA_ARN          = module.get_template_lambda.function_arn
-    LIST_LAMBDA_ARN         = module.list_template_lambda.function_arn
+    UPDATE_LAMBDA_ARN        = module.update_template_lambda.function_arn
+    GET_LAMBDA_ARN           = module.get_template_lambda.function_arn
+    LIST_LAMBDA_ARN          = module.list_template_lambda.function_arn
   })
 
   backend_lambda_entrypoints = {
-    create_template  = "src/templates/create.ts"
+    create_template        = "src/templates/create.ts"
     create_letter_template = "src/templates/create-letter.ts"
-    get_template     = "src/templates/get.ts"
-    update_template  = "src/templates/update.ts"
-    list_template    = "src/templates/list.ts"
-    template_client  = "src/index.ts"
+    get_template           = "src/templates/get.ts"
+    update_template        = "src/templates/update.ts"
+    list_template          = "src/templates/list.ts"
+    template_client        = "src/index.ts"
   }
 }

infrastructure/terraform/modules/backend-api/variables.tf

@@ -47,11 +47,6 @@ variable "csi" {
   description = "CSI from the parent component"
 }
 
-variable "csi_global" {
-  type        = string
-  description = "Global CSI from the parent component"
-}
-
 variable "log_retention_in_days" {
   type        = number
   description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"