ci: remove unused role

the CodeBuild used this but we don't need it because we're using an ECS task now.
byu-oit · Apr 11, 2024 · f30ff58 · f30ff58
1 parent 070f4f3
commit f30ff58
Showing 1 changed file with 0 additions and 42 deletions.
diff --git a/iac/modules/app/main.tf b/iac/modules/app/main.tf
@@ -2,29 +2,6 @@ module "acs" {
   source = "github.com/byu-oit/terraform-aws-acs-info?ref=v3.5.0"
 }
 
-# CdnBuilderRole
-resource "aws_iam_role" "CdnBuilderRole" {
-  name = "CdnBuilderRole"
-  assume_role_policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "Service" : "codebuild.amazonaws.com"
-        },
-        "Action" : "sts:AssumeRole"
-      }
-    ]
-  })
-  path                 = "/${var.cdn_name}/"
-  permissions_boundary = module.acs.role_permissions_boundary.arn
-  managed_policy_arns = [
-    "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess",
-    "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
-  ]
-}
-
 resource "aws_iam_policy" "AllowCdnParameterStoreAccess" {
   name        = "AllowCdnParameterStoreAccess"
   description = "Allows access to CDN parameter store"
@@ -90,25 +67,6 @@ resource "aws_iam_policy" "AllowAssemblerImageAccess" {
   })
 }
 
-resource "aws_iam_role_policy_attachment" "AllowCdnParameterStoreAccessAttachment" {
-  depends_on = [aws_iam_policy.AllowCdnParameterStoreAccess, aws_iam_role.CdnBuilderRole]
-  role       = aws_iam_role.CdnBuilderRole.name
-  policy_arn = aws_iam_policy.AllowCdnParameterStoreAccess.arn
-}
-
-resource "aws_iam_role_policy_attachment" "AllowCloudFrontInvalidationAttachment" {
-  depends_on = [aws_iam_policy.AllowCloudFrontInvalidation, aws_iam_role.CdnBuilderRole]
-  role       = aws_iam_role.CdnBuilderRole.name
-  policy_arn = aws_iam_policy.AllowCloudFrontInvalidation.arn
-}
-
-resource "aws_iam_role_policy_attachment" "AllowAssemblerImageAccessAttachment" {
-  depends_on = [aws_iam_policy.AllowAssemblerImageAccess, aws_iam_role.CdnBuilderRole]
-  role       = aws_iam_role.CdnBuilderRole.name
-  policy_arn = aws_iam_policy.AllowAssemblerImageAccess.arn
-}
-
-
 # EdgeLambdaExecutionRole
 resource "aws_iam_role" "EdgeLambdaExecutionRole" {
   name                 = "EdgeLambdaExecutionRole"