Skip to content

Commit 9258db5

Browse files
wphyojplwphyojpl
committed
fix: remove unnecessary security permissions + ec2 extra permission
1 parent b2f5315 commit 9258db5

File tree

2 files changed

+0
-97
lines changed

2 files changed

+0
-97
lines changed

tf-module/stac_browser/ec2.tf

Lines changed: 0 additions & 74 deletions
Original file line numberDiff line numberDiff line change
@@ -15,39 +15,6 @@ resource "aws_iam_role" "ds_stac_browser_profile_role" {
1515
})
1616
}
1717

18-
# IAM Policy for accessing S3 and SNS in other accounts
19-
resource "aws_iam_policy" "ds_stac_browser_role_profile_role_policy" {
20-
name = "${var.prefix}-ds_stac_browser_role_profile_role_policy"
21-
description = ""
22-
policy = jsonencode({
23-
Version = "2012-10-17",
24-
Statement = [
25-
{
26-
Effect = "Allow",
27-
Action = [
28-
"ecr:BatchCheckLayerAvailability",
29-
"ecr:GetDownloadUrlForLayer",
30-
"ecr:GetAuthorizationToken",
31-
"ecr:BatchGetImage",
32-
"ecr:InitiateLayerUpload",
33-
"ecr:UploadLayerPart",
34-
"ecr:CompleteLayerUpload",
35-
"ecr:PutImage",
36-
"ec2:TerminateInstances"
37-
],
38-
"Resource": "*"
39-
},
40-
41-
]
42-
})
43-
}
44-
45-
# Attach policy to the role
46-
resource "aws_iam_role_policy_attachment" "ec2_docker_builder_profile_role_policy_attachment" {
47-
role = aws_iam_role.ds_stac_browser_profile_role.name
48-
policy_arn = aws_iam_policy.ds_stac_browser_role_profile_role_policy.arn
49-
}
50-
5118

5219
resource "aws_iam_role_policy_attachment" "ds_stac_browser_profile_role_policy_attachment_ssm" {
5320
role = aws_iam_role.ds_stac_browser_profile_role.name
@@ -73,31 +40,6 @@ resource "aws_security_group" "ds_stac_browser_security_group" {
7340
tags = var.tags
7441
}
7542

76-
77-
resource "aws_vpc_security_group_ingress_rule" "ds_stac_browser_security_group22_128" {
78-
security_group_id = aws_security_group.ds_stac_browser_security_group.id
79-
cidr_ipv4 = "128.149.0.0/16"
80-
from_port = 22
81-
ip_protocol = "tcp"
82-
to_port = 22
83-
}
84-
85-
resource "aws_vpc_security_group_ingress_rule" "ds_stac_browser_security_group_22_137" {
86-
security_group_id = aws_security_group.ds_stac_browser_security_group.id
87-
cidr_ipv4 = "137.79.0.0/16"
88-
from_port = 22
89-
ip_protocol = "tcp"
90-
to_port = 22
91-
}
92-
93-
resource "aws_vpc_security_group_ingress_rule" "ds_stac_browser_security_group_443_128" {
94-
security_group_id = aws_security_group.ds_stac_browser_security_group.id
95-
cidr_ipv4 = "128.149.0.0/16"
96-
from_port = 8005
97-
ip_protocol = "tcp"
98-
to_port = 8005
99-
}
100-
10143
resource "aws_vpc_security_group_ingress_rule" "ds_stac_browser_security_group_443_10" {
10244
security_group_id = aws_security_group.ds_stac_browser_security_group.id
10345
cidr_ipv4 = "10.52.0.0/16"
@@ -106,22 +48,6 @@ resource "aws_vpc_security_group_ingress_rule" "ds_stac_browser_security_group_4
10648
to_port = 8005
10749
}
10850

109-
resource "aws_vpc_security_group_ingress_rule" "ds_stac_browser_security_group_443_10_0" {
110-
security_group_id = aws_security_group.ds_stac_browser_security_group.id
111-
cidr_ipv4 = "10.0.0.0/16"
112-
from_port = 8005
113-
ip_protocol = "tcp"
114-
to_port = 8005
115-
}
116-
117-
resource "aws_vpc_security_group_ingress_rule" "ds_stac_browser_security_group_443_137" {
118-
security_group_id = aws_security_group.ds_stac_browser_security_group.id
119-
cidr_ipv4 = "137.79.0.0/16"
120-
from_port = 8005
121-
ip_protocol = "tcp"
122-
to_port = 8005
123-
}
124-
12551
resource "aws_vpc_security_group_egress_rule" "ds_stac_browser_security_group_outb_ipv4" {
12652
security_group_id = aws_security_group.ds_stac_browser_security_group.id
12753
cidr_ipv4 = "0.0.0.0/0"

tf-module/stac_browser/load_balancer.tf

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,6 @@ resource "aws_security_group" "ds_alb_security_group" {
55
tags = var.tags
66
}
77

8-
resource "aws_vpc_security_group_ingress_rule" "ds_alb_security_group_443_128" {
9-
security_group_id = aws_security_group.ds_alb_security_group.id
10-
cidr_ipv4 = "128.149.0.0/16"
11-
from_port = 8005
12-
ip_protocol = "tcp"
13-
to_port = 8005
14-
}
158
resource "aws_vpc_security_group_ingress_rule" "ds_alb_security_group_443_10" {
169
security_group_id = aws_security_group.ds_alb_security_group.id
1710
cidr_ipv4 = "10.52.0.0/16"
@@ -20,22 +13,6 @@ resource "aws_vpc_security_group_ingress_rule" "ds_alb_security_group_443_10" {
2013
to_port = 8005
2114
}
2215

23-
resource "aws_vpc_security_group_ingress_rule" "ds_alb_security_group_443_10_0" {
24-
security_group_id = aws_security_group.ds_alb_security_group.id
25-
cidr_ipv4 = "10.0.0.0/16"
26-
from_port = 8005
27-
ip_protocol = "tcp"
28-
to_port = 8005
29-
}
30-
31-
resource "aws_vpc_security_group_ingress_rule" "ds_alb_security_group_443_137" {
32-
security_group_id = aws_security_group.ds_alb_security_group.id
33-
cidr_ipv4 = "137.79.0.0/16"
34-
from_port = 8005
35-
ip_protocol = "tcp"
36-
to_port = 8005
37-
}
38-
3916
resource "aws_vpc_security_group_egress_rule" "ds_alb_security_group_outb_ipv4" {
4017
security_group_id = aws_security_group.ds_alb_security_group.id
4118
cidr_ipv4 = "0.0.0.0/0"

0 commit comments

Comments
 (0)