search

cds-snc / simplify-privacy-statements-V2

starter-app repo based version of privacy app.
https://simplify-privacy-statements.alpha.canada.ca
MIT License
5 stars 1 forks source link

removed efs full access #244

Closed omartehsin1 closed 1 year ago

omartehsin1 commented 1 year ago

Summary | Résumé

Removed EFS full access to see if it is needed

github-actions[bot] commented 1 year ago

Production: app

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success ⚠️   WARNING: resources will be destroyed by this change!

Plan: 0 to add, 1 to change, 2 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place - destroy Terraform will perform the following actions: # module.generated_statement_lambda.aws_iam_policy.policies[0] will be updated in-place ~ resource "aws_iam_policy" "policies" { id = "arn:aws:iam::414662622316:policy/generated_statement_lambda_function-0" name = "generated_statement_lambda_function-0" ~ policy = jsonencode( ~ { ~ Statement = [ ~ { ~ Action = [ - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:GetMetricData", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "elasticfilesystem:CreateFileSystem", - "elasticfilesystem:CreateMountTarget", - "elasticfilesystem:CreateTags", - "elasticfilesystem:CreateAccessPoint", - "elasticfilesystem:CreateReplicationConfiguration", - "elasticfilesystem:DeleteFileSystem", - "elasticfilesystem:DeleteMountTarget", - "elasticfilesystem:DeleteTags", - "elasticfilesystem:DeleteAccessPoint", - "elasticfilesystem:DeleteFileSystemPolicy", - "elasticfilesystem:DeleteReplicationConfiguration", - "elasticfilesystem:DescribeAccountPreferences", - "elasticfilesystem:DescribeBackupPolicy", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeFileSystemPolicy", - "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticfilesystem:DescribeTags", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeReplicationConfigurations", - "elasticfilesystem:ModifyMountTargetSecurityGroups", - "elasticfilesystem:PutAccountPreferences", - "elasticfilesystem:PutBackupPolicy", - "elasticfilesystem:PutLifecycleConfiguration", - "elasticfilesystem:PutFileSystemPolicy", - "elasticfilesystem:UpdateFileSystem", - "elasticfilesystem:TagResource", - "elasticfilesystem:UntagResource", - "elasticfilesystem:ListTagsForResource", - "elasticfilesystem:Backup", - "elasticfilesystem:Restore", - "kms:DescribeKey", - "kms:ListAliases", + "elasticfilesystem:ClientWrite", + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientMount", ] ~ Resource = "*" -> "arn:aws:elasticfilesystem:ca-central-1:414662622316:file-system/fs-02e417f65f0b93510" + Sid = "" # (1 unchanged element hidden) }, - { - Action = "iam:CreateServiceLinkedRole" - Condition = { - StringEquals = { - "iam:AWSServiceName" = [ - "elasticfilesystem.amazonaws.com", ] } } - Effect = "Allow" - Resource = "*" }, ] # (1 unchanged element hidden) } ) tags = { "CostCentre" = "simplify-privacy-statements-production" "Terraform" = "true" } # (4 unchanged attributes hidden) } # module.generated_statement_lambda.aws_iam_policy.policies[1] will be destroyed # (because index [1] is out of range for count) - resource "aws_iam_policy" "policies" { - arn = "arn:aws:iam::414662622316:policy/generated_statement_lambda_function-1" -> null - id = "arn:aws:iam::414662622316:policy/generated_statement_lambda_function-1" -> null - name = "generated_statement_lambda_function-1" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = [ - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:ClientWrite", - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientMount", ] - Effect = "Allow" - Resource = "arn:aws:elasticfilesystem:ca-central-1:414662622316:file-system/fs-02e417f65f0b93510" - Sid = "" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPAWBC6RPRWLZOAD6GVW" -> null - tags = { - "CostCentre" = "simplify-privacy-statements-production" - "Terraform" = "true" } -> null - tags_all = { - "CostCentre" = "simplify-privacy-statements-production" - "Terraform" = "true" } -> null } # module.generated_statement_lambda.aws_iam_role_policy_attachment.attachments[1] will be destroyed # (because index [1] is out of range for count) - resource "aws_iam_role_policy_attachment" "attachments" { - id = "generated_statement_lambda_function-20230321171132156700000001" -> null - policy_arn = "arn:aws:iam::414662622316:policy/generated_statement_lambda_function-1" -> null - role = "generated_statement_lambda_function" -> null } Plan: 0 to add, 1 to change, 2 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh 18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions ```