chore: remove Localisation-Staging and IdentityIdp-Staging

[patheard]

Summary

Remove two accounts that are being closed.

Related

• https://github.com/cds-snc/site-reliability-engineering/issues/1152
• https://github.com/cds-snc/site-reliability-engineering/issues/1153

[github-actions[bot]]

Central account

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 0 to add, 4 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|---------------------------------------------| | update | `aws_iam_policy.log_archive_read` | | | `aws_kms_key.log_archive_encrypt` | | | `aws_s3_bucket_policy.log_archive_bucket` | | | `module.gh_oidc_roles.aws_iam_role.this[0]` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place <= read (data resources) Terraform will perform the following actions: # data.aws_iam_policy_document.log_archive_read will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "log_archive_read" { ~ id = "3221625606" -> (known after apply) ~ json = jsonencode( { - Statement = [ - { - Action = [ - "s3:ListBucket", - "s3:GetObject", ] - Effect = "Allow" - Resource = [ - "arn:aws:s3:::cbs-log-archive-871282759583/*", - "arn:aws:s3:::cbs-log-archive-871282759583", ] }, - { - Action = "kms:Decrypt" - Effect = "Allow" - Resource = "arn:aws:kms:ca-central-1:871282759583:key/c4591f87-9445-4840-acb6-a5569e703c93" }, ] - Version = "2012-10-17" } ) -> (known after apply) - version = "2012-10-17" -> null ~ statement { - not_actions = [] -> null - not_resources = [] -> null # (3 unchanged attributes hidden) } ~ statement { - not_actions = [] -> null - not_resources = [] -> null # (3 unchanged attributes hidden) } } # aws_iam_policy.log_archive_read will be updated in-place ~ resource "aws_iam_policy" "log_archive_read" { id = "arn:aws:iam::871282759583:policy/CbsASEAReaderRole" name = "CbsASEAReaderRole" ~ policy = jsonencode( { - Statement = [ - { - Action = [ - "s3:ListBucket", - "s3:GetObject", ] - Effect = "Allow" - Resource = [ - "arn:aws:s3:::cbs-log-archive-871282759583/*", - "arn:aws:s3:::cbs-log-archive-871282759583", ] - Sid = "" }, - { - Action = "kms:Decrypt" - Effect = "Allow" - Resource = "arn:aws:kms:ca-central-1:871282759583:key/c4591f87-9445-4840-acb6-a5569e703c93" - Sid = "" }, ] - Version = "2012-10-17" } ) -> (known after apply) tags = {} # (4 unchanged attributes hidden) } # aws_kms_key.log_archive_encrypt will be updated in-place ~ resource "aws_kms_key" "log_archive_encrypt" { id = "c4591f87-9445-4840-acb6-a5569e703c93" ~ policy = (sensitive) tags = {} # (12 unchanged attributes hidden) } # aws_s3_bucket_policy.log_archive_bucket will be updated in-place ~ resource "aws_s3_bucket_policy" "log_archive_bucket" { id = "cbs-log-archive-871282759583" ~ policy = jsonencode( ~ { ~ Statement = [ ~ { ~ Principal = { ~ AWS = [ # (1 unchanged element hidden) "arn:aws:iam::866996500832:role/CbsSatelliteReplicateToLogArchive", - "arn:aws:iam::817721384391:role/CbsSatelliteReplicateToLogArchive", "arn:aws:iam::806545929748:role/CbsSatelliteReplicateToLogArchive", # (16 unchanged elements hidden) "arn:aws:iam::127893201980:role/CbsSatelliteReplicateToLogArchive", - "arn:aws:iam::073494947131:role/CbsSatelliteReplicateToLogArchive", "arn:aws:iam::066023111852:role/CbsSatelliteReplicateToLogArchive", ] } # (3 unchanged elements hidden) }, ~ { ~ Principal = { ~ AWS = [ # (1 unchanged element hidden) "arn:aws:iam::866996500832:role/CbsSatelliteReplicateToLogArchive", - "arn:aws:iam::817721384391:role/CbsSatelliteReplicateToLogArchive", "arn:aws:iam::806545929748:role/CbsSatelliteReplicateToLogArchive", # (16 unchanged elements hidden) "arn:aws:iam::127893201980:role/CbsSatelliteReplicateToLogArchive", - "arn:aws:iam::073494947131:role/CbsSatelliteReplicateToLogArchive", "arn:aws:iam::066023111852:role/CbsSatelliteReplicateToLogArchive", ] } # (3 unchanged elements hidden) }, ] # (1 unchanged element hidden) } ) # (1 unchanged attribute hidden) } # module.gh_oidc_roles.aws_iam_role.this[0] will be updated in-place ~ resource "aws_iam_role" "this" { ~ assume_role_policy = jsonencode( ~ { ~ Statement = [ { Action = "sts:AssumeRoleWithWebIdentity" Condition = { StringLike = { token.actions.githubusercontent.com:sub = "repo:cds-snc/cloud-based-sensor:*" } } Effect = "Allow" Principal = { Federated = "arn:aws:iam::871282759583:oidc-provider/token.actions.githubusercontent.com" } }, ~ { ~ Principal = { ~ AWS = [ # (1 unchanged element hidden) "arn:aws:iam::866996500832:role/ConfigTerraformAdminExecutionRole", - "arn:aws:iam::817721384391:role/ConfigTerraformAdminExecutionRole", "arn:aws:iam::806545929748:role/ConfigTerraformAdminExecutionRole", # (15 unchanged elements hidden) "arn:aws:iam::127893201980:role/ConfigTerraformAdminExecutionRole", - "arn:aws:iam::073494947131:role/ConfigTerraformAdminExecutionRole", "arn:aws:iam::066023111852:role/ConfigTerraformAdminExecutionRole", ] } # (2 unchanged elements hidden) }, ] # (1 unchanged element hidden) } ) id = "ConfigTerraformAdministratorRole" name = "ConfigTerraformAdministratorRole" tags = { "CostCentre" = "cbs-871282759583" "Terraform" = "true" } # (8 unchanged attributes hidden) # (1 unchanged block hidden) } Plan: 0 to add, 4 to change, 0 to destroy. Warning: Argument is deprecated with module.log_archive_access_bucket.aws_s3_bucket.this, on .terraform/modules/log_archive_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 7 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.log_archive_read"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.log_archive_read"] WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.log_archive_encrypt"] WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.log_archive"] 23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions ```