removing test resources

ministryofjustice · Dec 22, 2023 · e3029d2 · e3029d2
1 parent 3d77b83
commit e3029d2
Showing 1 changed file with 4 additions and 49 deletions.
diff --git a/test/unit-test/main.tf b/test/unit-test/main.tf
@@ -173,18 +173,11 @@ module "lambda_function_in_vpc" {
   function_name    = "lambda-function-in-vpc-test"
   create_role      = false
   lambda_role      = aws_iam_role.lambda-vpc-role.arn
-  # role_name            = "LambdaFunctionVPCAccess"
-  # policy_json_attached = true
-  # policy_json          = data.aws_iam_policy_document.AWSLambdaVPCAccessExecutionRole.json
 
   vpc_subnet_ids         = [data.aws_subnet.private-2a.id]
   vpc_security_group_ids = [aws_security_group.lambda_security_group_test.id]
 }
 
-data "aws_iam_policy" "lambda_vpc_policy" {
-  arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
-}
-
 data "aws_iam_policy_document" "lambda_assume_role_policy" {
   statement {
     effect  = "Allow"
@@ -198,55 +191,17 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" {
 }
 
 resource "aws_iam_role" "lambda-vpc-role" {
-  name               = "LambdaFunctionVPCAccess"
-  tags               = local.tags
+  name = "LambdaFunctionVPCAccess"
+  tags = local.tags
+
   assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json
 }
 
 resource "aws_iam_role_policy_attachment" "lambda-vpc-attachment" {
   role       = aws_iam_role.lambda-vpc-role.name
-  policy_arn = data.aws_iam_policy.lambda_vpc_policy.arn
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
 }
 
-# data "aws_iam_policy_document" "AWSLambdaVPCAccessExecutionRole" {
-#   statement {
-#     sid    = "AWSLambdaVPCAccessExecutionRole"
-#     effect = "Allow"
-#     actions = [
-#       "ec2:CreateNetworkInterface",
-#       "ec2:DescribeNetworkInterfaces",
-#       "ec2:DeleteNetworkInterface",
-#       "ec2:AssignPrivateIpAddresses",
-#       "ec2:UnassignPrivateIpAddresses",
-#     ]
-#     # resources = [
-#     #   format("arn:aws:ec2:eu-west-2:%s:network-interface/*", data.aws_caller_identity.current.account_id)
-#     # ]
-#     resources = ["*"]
-#   }
-#   statement {
-#     sid    = "AllowLambdaToCreateLogGroup"
-#     effect = "Allow"
-#     actions = [
-#       "logs:CreateLogGroup"
-#     ]
-#     resources = [
-#       format("arn:aws:logs:eu-west-2:%s:aws/lambda/fake2", data.aws_caller_identity.current.account_id)
-#     ]
-#   }
-#   statement {
-#     sid    = "AllowLambdaToWriteLogsToGroup"
-#     effect = "Allow"
-#     actions = [
-#       "logs:CreateLogStream",
-#       "logs:PutLogEvents"
-#     ]
-#     resources = [
-#       format("arn:aws:logs:eu-west-2:%s:*", data.aws_caller_identity.current.account_id)
-#     ]
-#   }
-# }
-
 data "aws_vpc" "platforms-test" {
   id = "vpc-05900bb7e2e82391f"
 }