remove ProdCodeDeployRole

templates/code_pipeline.yml

@@ -50,101 +50,6 @@ Resources:
             !Ref RepositoryDescription]]
         RepositoryName: !Ref ProjectName
 
-####################
-#Role assumed by cloudformation
-#in stage 2 of the CodePipeline to
-#create/update the templates/prod_resource_import.yml stack
-####################
-  ProdCodeDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Statement:
-        - Action: ['sts:AssumeRole']
-          Effect: Allow
-          Principal:
-            Service: [cloudformation.amazonaws.com]
-        Version: '2012-10-17'
-      ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/AmazonS3FullAccess
-        - arn:aws:iam::aws:policy/CloudFrontFullAccess
-      Path: /
-      #Ability to create record sets in Route53
-      Policies:
-          - PolicyName: DeployRoute53
-            PolicyDocument:
-              Version: "2012-10-17"
-              Statement:
-                - Sid: RecordSetsOneHostedZone
-                  Effect: Allow
-                  Action:
-                    - route53:GetHostedZone
-                    - route53:ListResourceRecordSets
-                    - route53:ListHostedZones
-                    - route53:GetChange
-                  Resource:
-                    - "*"
-
-                - Sid: RequestAcmCertificate
-                  Effect: Allow
-                  Action:
-                    - acm:RequestCertificate
-                    - acm:DeleteCertificate
-                    - acm:DescribeCertificate
-                  Resource:
-                    - "*"
-                #Change Record Sets but limit
-                #to one hosted zone
-                - Sid: WriteRecordSetsOneHostedZone
-                  Effect: Allow
-                  Action:
-                    - route53:ChangeResourceRecordSets
-                #Name of the hosted zone to allow Record
-                #sets to be changed on
-                  Resource:
-                    - "arn:aws:route53:::hostedzone/Z3K3UR6983C2YB"
-        #policy needed for serverless transform
-          - PolicyName: BackendDeployPolicy
-            PolicyDocument:
-              Version: "2012-10-17"
-              Statement:
-                - Sid: RecordSetsOneHostedZone
-                  Effect: Allow
-                  Action:
-                    - cloudformation:CreateChangeSet
-                    #- cloudformation:ExecuteChangeSet
-                  Resource:
-                    - "*"
-                #secretsmanager creation privleges
-                - Sid: !Join ['', [!Ref ProjectName,'SecretsMangerDeploy']]
-                  Effect: Allow
-                  Action:
-                    - secretsmanager:CreateSecret # pragma: allowlist secret
-                    - secretsmanager:DeleteSecret # pragma: allowlist secret
-                    - secretsmanager:TagResource # pragma: allowlist secret
-                    - secretsmanager:UpdateSecret # pragma: allowlist secret
-                  Resource:
-                    - "*"
-                #create vpc privleges
-                - Sid: !Join ['', [!Ref ProjectName,'VpcDeploy']]
-                  Effect: Allow
-                  Action:
-                    - ec2:CreateVpc
-                    - ec2:CreateSubnet
-                    - ec2:DeleteSubnet
-                    - ec2:DeleteVpc
-                    - ec2:DescribeVpcs
-                    - ec2:ModifyVpcAttribute
-                    - ec2:createTags
-                    - ec2:DescribeAvailabilityZones
-                    - ec2:DescribeAccountAttributes
-                    - ec2:DescribeSubnets
-                    - ec2:CreateRouteTable
-                    - ec2:DeleteRouteTable
-                    - ec2:DescribeRouteTables
-                  Resource:
-                    - "*"
-
   CFNRole:
     Type: AWS::IAM::Role
     Properties: