Revert "VED-Add-Lambda-s3 Policy (#894)"

mfjarvis · mfjarvis · commit f828a5af3834 · 2025-12-11T10:41:31.000Z
This reverts commit f15a1c3.
diff --git a/infrastructure/instance/ecs_batch_processor_config.tf b/infrastructure/instance/ecs_batch_processor_config.tf
@@ -158,14 +158,7 @@ resource "aws_iam_policy" "ecs_task_exec_policy" {
           "firehose:PutRecordBatch"
         ],
         "Resource" : "arn:aws:firehose:*:*:deliverystream/${module.splunk.firehose_stream_name}"
-      },
-      {
-        Effect = "Allow",
-        Action = [
-          "s3:PutObject",
-        ],
-        Resource = "${aws_s3_bucket.data_quality_reports_bucket.arn}/*"
-      },
+      }
     ]
   })
 }
diff --git a/infrastructure/instance/endpoints.tf b/infrastructure/instance/endpoints.tf
@@ -4,7 +4,6 @@ locals {
   policy_path = "${path.root}/policies"
 }
 
-# Select the Policy folder
 data "aws_iam_policy_document" "logs_policy_document" {
   source_policy_documents = [templatefile("${local.policy_path}/log.json", {})]
 }
@@ -57,20 +56,6 @@ data "aws_iam_policy_document" "imms_policy_document" {
   ]
 }
 
-data "aws_iam_policy_document" "imms_data_quality_s3_doc" {
-  source_policy_documents = [
-    templatefile("${local.policy_path}/s3_data_quality_access.json", {
-      s3_bucket_arn = aws_s3_bucket.data_quality_reports_bucket.arn
-      kms_key_arn   = data.aws_kms_key.existing_s3_encryption_key.arn
-    })
-  ]
-}
-
-resource "aws_iam_policy" "imms_s3_kms_policy" {
-  name   = "${local.short_prefix}-s3-kms-policy"
-  policy = data.aws_iam_policy_document.imms_data_quality_s3_doc.json
-}
-
 module "imms_event_endpoint_lambdas" {
   source = "./modules/lambda"
   count  = length(local.imms_endpoints)
@@ -85,19 +70,6 @@ module "imms_event_endpoint_lambdas" {
   vpc_security_group_ids = [data.aws_security_group.existing_securitygroup.id]
 }
 
-
-# Attach data quality report S3 bucket and KMS policy only to "create_imms" and "update_imms" endpoints
-resource "aws_iam_role_policy_attachment" "attach_data_quality_s3_to_specific_lambdas" {
-  for_each = {
-    for i, mod in module.imms_event_endpoint_lambdas :
-    local.imms_endpoints[i] => mod
-    if local.imms_endpoints[i] == "create_imms" || local.imms_endpoints[i] == "update_imms"
-  }
-
-  role       = each.value.lambda_role_name
-  policy_arn = aws_iam_policy.imms_s3_kms_policy.arn
-}
-
 locals {
   # Mapping outputs with each called lambda
   imms_lambdas = {
diff --git a/infrastructure/instance/modules/lambda/outputs.tf b/infrastructure/instance/modules/lambda/outputs.tf
@@ -7,6 +7,3 @@ output "lambda_arn" {
 output "invoke_arn" {
   value = module.lambda_function_container_image.lambda_function_invoke_arn
 }
-output "lambda_role_name" {
-  value = aws_iam_role.lambda_role.name
-}
diff --git a/infrastructure/instance/policies/s3_data_quality_access.json b/infrastructure/instance/policies/s3_data_quality_access.json
diff --git a/infrastructure/instance/s3_dq_reports.tf b/infrastructure/instance/s3_dq_reports.tf
@@ -85,15 +85,4 @@ resource "aws_s3_bucket_policy" "data_quality_bucket_policy" {
       },
     ]
   })
-}
-
-resource "aws_s3_bucket_server_side_encryption_configuration" "s3_data_quality_encryption" {
-  bucket = aws_s3_bucket.data_quality_reports_bucket.id
-
-  rule {
-    apply_server_side_encryption_by_default {
-      kms_master_key_id = data.aws_kms_key.existing_s3_encryption_key.arn
-      sse_algorithm     = "aws:kms"
-    }
-  }
 }

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,3 @@ output "lambda_arn" {`
`7`	`7`	`output "invoke_arn" {`
`8`	`8`	`value = module.lambda_function_container_image.lambda_function_invoke_arn`
`9`	`9`	`}`
`10`		`-output "lambda_role_name" {`
`11`		`- value = aws_iam_role.lambda_role.name`
`12`		`-}`