SE-2281 Decom developers-portal

[bkochendorfer]

Most of this is already deleted. Attached is the destroy plan for the remaining bits. Will clean up then remove this directory.

Terraform will perform the following actions:

  # module.backup_bucket.aws_iam_policy.this will be destroyed
  - resource "aws_iam_policy" "this" {
      - arn         =
        "arn:aws:iam::178589013767:policy/developer-portal-backups-policy-20200616223113684600000001"
-> null
      - description = "EKS rds backup policy for mdn-apps-a" -> null
      - id          =
        "arn:aws:iam::178589013767:policy/developer-portal-backups-policy-20200616223113684600000001"
-> null
      - name        =
        "developer-portal-backups-policy-20200616223113684600000001" ->
null
      - name_prefix = "developer-portal-backups-policy-" -> null
      - path        = "/" -> null
      - policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "s3:ListAllMyBuckets",
                          - "s3:GetBucketLocation",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:s3:::*"
                      - Sid      = "AllowUserToListBuckets"
                    },
                  - {
                      - Action   = "s3:ListBucket"
                      - Effect   = "Allow"
                      - Resource =
                        "arn:aws:s3:::developer-portal-backups-178589013767"
                      - Sid      = ""
                    },
                  - {
                      - Action   = [
                          - "s3:PutObjectAcl",
                          - "s3:PutObject",
                          - "s3:GetObjectAcl",
                          - "s3:GetObject",
                          - "s3:DeleteObject",
                        ]
                      - Effect   = "Allow"
                      - Resource =
                        "arn:aws:s3:::developer-portal-backups-178589013767/*"
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
    }

  # module.backup_bucket.aws_s3_bucket.this will be destroyed
  - resource "aws_s3_bucket" "this" {
      - acl                         = "private" -> null
      - arn                         =
        "arn:aws:s3:::developer-portal-backups-178589013767" -> null
      - bucket                      =
        "developer-portal-backups-178589013767" -> null
      - bucket_domain_name          =
        "developer-portal-backups-178589013767.s3.amazonaws.com" -> null
      - bucket_regional_domain_name =
        "developer-portal-backups-178589013767.s3.us-west-2.amazonaws.com"
-> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z3BJ6K6RIION7M" -> null
      - id                          =
        "developer-portal-backups-178589013767" -> null
      - region                      = "us-west-2" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {
          - "Name"      = "developer-portal-backups-178589013767"
          - "Project"   = "developer-portal"
          - "Terraform" = "true"
        } -> null

      - versioning {
          - enabled    = false -> null
          - mfa_delete = false -> null
        }
    }

  #
module.backup_bucket.module.iam_assumable_role_admin.aws_iam_role.this[0]
will be destroyed
  - resource "aws_iam_role" "this" {
      - arn                   =
        "arn:aws:iam::178589013767:role/developer-portal-backups-role"
-> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRoleWithWebIdentity"
                      - Condition = {
                          - StringEquals = {
                              -
oidc.eks.us-west-2.amazonaws.com/id/2AB004EFA24136FCFB7AD35808585599:sub
= "system:serviceaccount:dev-portal-prod:dev-portal-rds-backups"
                            }
                        }
                      - Effect    = "Allow"
                      - Principal = {
                          - Federated =
                            "arn:aws:iam::178589013767:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/2AB004EFA24136FCFB7AD35808585599"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2020-06-16T22:32:36Z" -> null
      - force_detach_policies = false -> null
      - id                    = "developer-portal-backups-role" -> null
      - max_session_duration  = 3600 -> null
      - name                  = "developer-portal-backups-role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - unique_id             = "AROASTFF4C4DUE6XT2GXJ" -> null
    }

  #
module.backup_bucket.module.iam_assumable_role_admin.aws_iam_role_policy_attachment.custom[0]
will be destroyed
  - resource "aws_iam_role_policy_attachment" "custom" {
      - id         =
        "developer-portal-backups-role-20200616223237702800000001" ->
null
      - policy_arn =
        "arn:aws:iam::178589013767:policy/developer-portal-backups-policy-20200616223113684600000001"
-> null
      - role       = "developer-portal-backups-role" -> null
    }

Plan: 0 to add, 0 to change, 4 to destroy.

------------------------------------------------------------------------

[bkochendorfer]

Looks like it was decommed with the exception of these rules and this bucket. Last time these were used was Last activity 2020-08-20 19:00 CDT (348 days ago) so I think we should be good. Agree though, will wait for @escattone in case I am missing anything.