Skip to content

Commit

Permalink
PYIC-6068: Remove reads/writes from/to tactical (#2742)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Wynndow
Wynndow authored Dec 11, 2024
2 parents 3585b68 + ed7d0ad commit 30411c1
Show file tree
Hide file tree
Showing 19 changed files with 588 additions and 1,364 deletions.
21 changes: 4 additions & 17 deletions deploy/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -827,7 +827,6 @@ Resources:
ENVIRONMENT: !Sub "${Environment}"
POWERTOOLS_SERVICE_NAME: !Sub initialise-ipv-session-${Environment}
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
VpcConfig:
Expand Down Expand Up @@ -1243,7 +1242,6 @@ Resources:
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
VpcConfig:
SubnetIds:
Expand All @@ -1262,15 +1260,17 @@ Resources:
- DynamoDBReadPolicy:
TableName: !Ref CRIResponseTable
- DynamoDBReadPolicy:
TableName: !Ref UserIssuedCredentialsV2Table
- DynamoDBReadPolicy:
TableName: !Ref SessionCredentialsTable
- DynamoDBWritePolicy:
TableName: !Ref SessionCredentialsTable
- SSMParameterReadPolicy:
ParameterName: !Sub ${Environment}/core/*
- AWSSecretsManagerGetSecretValuePolicy:
SecretArn: !Sub arn:aws:secretsmanager:eu-west-2:*:secret:/${Environment}/core/self/ciConfig-*
- AWSSecretsManagerGetSecretValuePolicy:
SecretArn: !Sub arn:aws:secretsmanager:eu-west-2:*:secret:/${Environment}/core/cimitApi/apiKey-*
- AWSSecretsManagerGetSecretValuePolicy:
SecretArn: !Sub arn:aws:secretsmanager:eu-west-2:*:secret:/${Environment}/core/evcs/apiKey-*
- Statement:
- Sid: EnforceStayinSpecificVpc
Effect: Allow
Expand Down Expand Up @@ -1743,7 +1743,6 @@ Resources:
ENVIRONMENT: !Sub "${Environment}"
POWERTOOLS_SERVICE_NAME: !Sub evaluate-gpg45-scores-${Environment}
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
Expand Down Expand Up @@ -1925,7 +1924,6 @@ Resources:
ENVIRONMENT: !Sub "${Environment}"
POWERTOOLS_SERVICE_NAME: !Sub check-existing-identity-${Environment}
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
Expand Down Expand Up @@ -1961,8 +1959,6 @@ Resources:
KeyId: !Ref DynamoDBKmsKey
- DynamoDBCrudPolicy:
TableName: !Ref SessionsTable
- DynamoDBCrudPolicy:
TableName: !Ref UserIssuedCredentialsV2Table
- DynamoDBCrudPolicy:
TableName: !Ref CRIResponseTable
- DynamoDBReadPolicy:
Expand Down Expand Up @@ -2018,7 +2014,6 @@ Resources:
Environment:
# checkov:skip=CKV_AWS_173: These environment variables do not require encryption.
Variables:
USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
ENVIRONMENT: !Sub "${Environment}"
POWERTOOLS_SERVICE_NAME: !Sub process-async-cri-credential-${Environment}
Expand All @@ -2045,8 +2040,6 @@ Resources:
- Fn::ImportValue: !Sub ${VpcStackName}-VpcId
- KMSDecryptPolicy:
KeyId: !Ref DynamoDBKmsKey
- DynamoDBWritePolicy:
TableName: !Ref UserIssuedCredentialsV2Table
- DynamoDBReadPolicy:
TableName: !Ref CRIResponseTable
- DynamoDBWritePolicy:
Expand Down Expand Up @@ -2377,7 +2370,6 @@ Resources:
ENVIRONMENT: !Sub "${Environment}"
POWERTOOLS_SERVICE_NAME: !Sub store-identity-${Environment}
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
Expand Down Expand Up @@ -2416,8 +2408,6 @@ Resources:
SecretArn: !Sub arn:aws:secretsmanager:eu-west-2:*:secret:/${Environment}/core/evcs/apiKey-*
- SQSSendMessagePolicy:
QueueName: !ImportValue AuditEventQueueName
- DynamoDBCrudPolicy:
TableName: !Ref UserIssuedCredentialsV2Table
- DynamoDBReadPolicy:
TableName: !Ref SessionCredentialsTable
- DynamoDBReadPolicy:
Expand Down Expand Up @@ -2462,7 +2452,6 @@ Resources:
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
VpcConfig:
SubnetIds:
Expand Down Expand Up @@ -2505,8 +2494,6 @@ Resources:
TableName: !Ref SessionsTable
- DynamoDBReadPolicy:
TableName: !Ref ClientOAuthSessionsTable
- DynamoDBCrudPolicy:
TableName: !Ref UserIssuedCredentialsV2Table
- DynamoDBCrudPolicy:
TableName: !Ref CRIResponseTable
AutoPublishAlias: live
Expand Down
Loading

0 comments on commit 30411c1

Please sign in to comment.