Skip to content
This repository has been archived by the owner on Jan 16, 2025. It is now read-only.

Commit

Permalink
fix: remove duplicate vpc execution permissions (#3304)
Browse files Browse the repository at this point in the history 
* fix(runners): remove duplicate VPC permissions

* fix(syncer): remove duplicate permissions

* docs: auto update terraform docs

* fix(pool): remove duplicate permissions

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
@wzyboy @github-actions
wzyboy and github-actions[bot] authored Jun 7, 2023
1 parent 96ca1cd commit 0bebeef
Show file tree
Hide file tree
Showing 8 changed files with 0 additions and 63 deletions.
1 change: 0 additions & 1 deletion modules/runner-binaries-syncer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ No modules.
| [aws_iam_role.syncer_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy.lambda_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.lambda_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.lambda_syncer_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.syncer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.syncer_lambda_xray](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy_attachment.syncer_vpc_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
Expand Down
14 changes: 0 additions & 14 deletions modules/runner-binaries-syncer/policies/lambda-vpc.json
View file

This file was deleted.

8 changes: 0 additions & 8 deletions modules/runner-binaries-syncer/runner-binaries-syncer.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,14 +108,6 @@ resource "aws_iam_role_policy" "lambda_logging" {
})
}

resource "aws_iam_role_policy" "lambda_syncer_vpc" {
count = length(var.lambda_subnet_ids) > 0 && length(var.lambda_security_group_ids) > 0 ? 1 : 0
name = "${var.prefix}-lambda-syncer-vpc"
role = aws_iam_role.syncer_lambda.id

policy = file("${path.module}/policies/lambda-vpc.json")
}

resource "aws_iam_role_policy" "syncer" {
name = "${var.prefix}-lambda-syncer-s3-policy"
role = aws_iam_role.syncer_lambda.id
Expand Down
2 changes: 0 additions & 2 deletions modules/runners/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,6 @@ yarn run dist
| [aws_iam_role_policy.describe_tags](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.dist_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.lambda_scale_down_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.lambda_scale_up_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.runner_session_manager_aws_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.scale_down](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.scale_down_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
Expand Down
14 changes: 0 additions & 14 deletions modules/runners/policies/lambda-vpc.json
View file

This file was deleted.

8 changes: 0 additions & 8 deletions modules/runners/pool/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,14 +94,6 @@ resource "aws_iam_role_policy" "pool_logging" {
})
}

resource "aws_iam_role_policy" "lambda_pool_vpc" {
count = length(var.config.lambda.subnet_ids) > 0 && length(var.config.lambda.security_group_ids) > 0 ? 1 : 0
name = "${var.config.prefix}-lambda-pool-vpc"
role = aws_iam_role.pool.id

policy = file("${path.module}/../policies/lambda-vpc.json")
}

resource "aws_iam_role_policy_attachment" "pool_vpc_execution_role" {
count = length(var.config.lambda.subnet_ids) > 0 ? 1 : 0
role = aws_iam_role.pool.name
Expand Down
8 changes: 0 additions & 8 deletions modules/runners/scale-down.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,14 +104,6 @@ resource "aws_iam_role_policy" "scale_down_logging" {
})
}

resource "aws_iam_role_policy" "lambda_scale_down_vpc" {
count = length(var.lambda_subnet_ids) > 0 && length(var.lambda_security_group_ids) > 0 ? 1 : 0
name = "${var.prefix}-lambda-scale-down-vpc"
role = aws_iam_role.scale_down.id

policy = file("${path.module}/policies/lambda-vpc.json")
}

resource "aws_iam_role_policy_attachment" "scale_down_vpc_execution_role" {
count = length(var.lambda_subnet_ids) > 0 ? 1 : 0
role = aws_iam_role.scale_down.name
Expand Down
8 changes: 0 additions & 8 deletions modules/runners/scale-up.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,14 +118,6 @@ resource "aws_iam_role_policy" "service_linked_role" {
policy = templatefile("${path.module}/policies/service-linked-role-create-policy.json", { aws_partition = var.aws_partition })
}

resource "aws_iam_role_policy" "lambda_scale_up_vpc" {
count = length(var.lambda_subnet_ids) > 0 && length(var.lambda_security_group_ids) > 0 ? 1 : 0
name = "${var.prefix}-lambda-scale-up-vpc"
role = aws_iam_role.scale_up.id

policy = file("${path.module}/policies/lambda-vpc.json")
}

resource "aws_iam_role_policy_attachment" "scale_up_vpc_execution_role" {
count = length(var.lambda_subnet_ids) > 0 ? 1 : 0
role = aws_iam_role.scale_up.name
Expand Down

0 comments on commit 0bebeef

Please sign in to comment.