✨ Migrate resources from data-engineering-infra and grant permissions to SSO data engineering role

[SoumayaMauthoorMOJ]

Describe the feature request.

Migrate resources from data-engineering-infra to data-platform IAC and add relevant permissions to SSO data engineering role

Bucket and bucket policies

For all buckets apart from mojap-nomis-gdpr:

Glue database policy

For all databases and specified role_names, apart from restricted_admin:

Describe the context.

See following tickets for more context:

• https://github.com/moj-analytical-services/data-engineering-infra/issues/133
• https://github.com/moj-analytical-services/data-engineering-infra/issues/134

Value / Purpose

No response

User Types

No response

[julialawrence]

@SoumayaMauthoorMOJ the following buckets don't exist in the data-production account:

• mojap-athena-query-dump-preprod
• mojap-athena-query-dump-dev
• alpha-data-engineer-logs-preprod
• alpha-data-engineer-logs-dev

Please advise how you'd like to proceed.

[SoumayaMauthoorMOJ]

@julialawrence If they don't already exist don't create them :-)

[julialawrence]

The glue policy has been imported and the data eng role added. This needs to continue into next sprint.

[jacobwoffenden]

Moving to blocked while @julialawrence is on annual leave.