Remove developer role as not used on intg

nationalarchives · Oct 12, 2023 · b22aaa2 · b22aaa2
1 parent a87fb08
commit b22aaa2
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 9 deletions.
diff --git a/da-terraform-modules b/da-terraform-modules
diff --git a/root_export_bucket_access.tf b/root_export_bucket_access.tf
@@ -1,9 +1,7 @@
 # AWS SSO groups that require access to encrypted s3 export buckets need updating with relevant decrypt permissions for KMS s3 Key
 
 locals {
-  aws_sso_export_bucket_access_roles = local.environment == "intg" ? [
-    data.aws_ssm_parameter.aws_sso_admin_role.value, data.aws_ssm_parameter.aws_sso_developer_role.value, data.aws_ssm_parameter.aws_sso_export_role.value] : [
-  data.aws_ssm_parameter.aws_sso_admin_role.value, data.aws_ssm_parameter.aws_sso_export_role.value]
+  aws_sso_export_bucket_access_roles = [data.aws_ssm_parameter.aws_sso_admin_role.value, data.aws_ssm_parameter.aws_sso_export_role.value]
 }
 
 data "aws_ssm_parameter" "aws_sso_admin_role" {
@@ -14,10 +12,6 @@ data "aws_ssm_parameter" "aws_sso_export_role" {
   name = "/${local.environment}/export_role"
 }
 
-data "aws_ssm_parameter" "aws_sso_developer_role" {
-  name = "/${local.environment}/developer_role"
-}
-
 module "aws_sso_export_roles_ssm_parameters" {
   source = "./da-terraform-modules/ssm_parameter"
   parameters = [

diff --git a/tdr-configurations b/tdr-configurations
+20 −5		s3/main.tf
+20 −0		s3/templates/default_bucket_policy.json.tpl
+5 −0		s3/variables.tf