search

mdn / infra

(Deprecated) MDN Web Docs Infrastructure scripts and configuration
Mozilla Public License 2.0
53 stars 32 forks source link

SE-2256 Decom Worf #497

Closed bkochendorfer closed 3 years ago

bkochendorfer commented 3 years ago

Deleted the Kubernetes namespace now cleaning up the left over AWS components.

Terraform plan after this removal:

Terraform will perform the following actions:                                                                                  

  # module.security.aws_iam_policy.worf will be destroyed                                                                      
  - resource "aws_iam_policy" "worf" {                                                                                         
      - arn         = "arn:aws:iam::178589013767:policy/worf-policy-20200612215230339000000001" -> null
      - description = "EKS worf policy for cluster mdn" -> null
      - id          = "arn:aws:iam::178589013767:policy/worf-policy-20200612215230339000000001" -> null
      - name        = "worf-policy-20200612215230339000000001" -> null                                                         
      - name_prefix = "worf-policy-" -> null                   
      - path        = "/" -> null                                                                                              
      - policy      = jsonencode(
            {                                                  
              - Statement = [                                  
                  - {                                          
                      - Action   = "ec2:DeleteNetworkAclEntry"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ec2:us-west-2:178589013767:network-acl/acl-8a1f4cf2"
                      - Sid      = ""
                    },                                         
                  - {                                          
                      - Action   = [
                          - "ec2:ReplaceNetworkAclEntry",
                          - "ec2:DescribeNetworkAcls",
                          - "ec2:CreateNetworkAclEntry",
                        ]                                      
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },                                         
                ]                                              
              - Version   = "2012-10-17"
            }                                                  
        ) -> null                                              
      - policy_id   = "ANPASTFF4C4D6C7356PKX" -> null
      - tags        = {} -> null
      - tags_all    = {} -> null
    }                                                          

  # module.security.module.iam_assumable_role_admin.aws_iam_role.this[0] will be destroyed
  - resource "aws_iam_role" "this" {
      - arn                   = "arn:aws:iam::178589013767:role/worf" -> null
      - assume_role_policy    = jsonencode(
            {                                                  
              - Statement = [                                  
                  - {                                          
                      - Action    = "sts:AssumeRoleWithWebIdentity"
                      - Condition = {
                          - StringEquals = {
                              - oidc.eks.us-west-2.amazonaws.com/id/17FA68032269B79E4B7618A3074132D9:sub = "system:serviceaccount:worf:worf"
                            }                                  
                        }                                      
                      - Effect    = "Allow"
                      - Principal = {
                          - Federated = "arn:aws:iam::178589013767:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/17FA68032269B79E4B7618A3074132D9"
                        }                                      
                      - Sid       = ""
                    },                                         
                ]                                              
              - Version   = "2012-10-17"
            }                                                  
        ) -> null                                              
      - create_date           = "2020-06-12T21:52:30Z" -> null
      - force_detach_policies = false -> null
      - id                    = "worf" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::178589013767:policy/worf-policy-20200612215230339000000001",
      - role       = "worf" -> null                            
    }                                                                                                                          

Plan: 0 to add, 0 to change, 3 to destroy.                                                                                     

Changes to Outputs:                                                                                                            
  - worf_role_arn = "arn:aws:iam::178589013767:role/worf" -> null