Revert "Add new amendments SNS topic"

This reverts commit 3c85424.

Author: stevebux

infrastructure/terraform/modules/eventsub/README.md

@@ -40,7 +40,6 @@
 
 | Name | Description |
 |------|-------------|
-| <a name="output_amendments_topic"></a> [amendments\_topic](#output\_amendments\_topic) | Amendments SNS Topic ARN and Name |
 | <a name="output_s3_bucket_event_cache"></a> [s3\_bucket\_event\_cache](#output\_s3\_bucket\_event\_cache) | S3 Bucket ARN and Name for event cache |
 | <a name="output_sns_topic"></a> [sns\_topic](#output\_sns\_topic) | SNS Topic ARN and Name |
 <!-- vale on -->

infrastructure/terraform/modules/eventsub/cloudwatch_metric_alarm_sns_delivery_failures.tf

@@ -14,20 +14,3 @@ resource "aws_cloudwatch_metric_alarm" "sns_delivery_failures" {
     TopicName = aws_sns_topic.main.name
   }
 }
-
-resource "aws_cloudwatch_metric_alarm" "amendments_delivery_failures" {
-  alarm_name          = "${local.csi}-amendments-sns-delivery-failures"
-  alarm_description   = "RELIABILITY: Alarm for amendments SNS topic delivery failures"
-  comparison_operator = "GreaterThanThreshold"
-  evaluation_periods  = 1
-  metric_name         = "NumberOfNotificationsFailed"
-  namespace           = "AWS/SNS"
-  period              = 300
-  statistic           = "Sum"
-  threshold           = 0
-  treat_missing_data  = "notBreaching"
-
-  dimensions = {
-    TopicName = aws_sns_topic.amendments_topic.name
-  }
-}

infrastructure/terraform/modules/eventsub/outputs.tf

@@ -6,14 +6,6 @@ output "sns_topic" {
   }
 }
 
-output "amendments_topic" {
-  description = "Amendments SNS Topic ARN and Name"
-  value = {
-    arn  = aws_sns_topic.amendments_topic.arn
-    name = aws_sns_topic.amendments_topic.name
-  }
-}
-
 output "s3_bucket_event_cache" {
   description = "S3 Bucket ARN and Name for event cache"
   value = var.enable_event_cache ? {

infrastructure/terraform/modules/eventsub/sns_topic.tf

@@ -22,28 +22,3 @@ resource "aws_sns_topic" "main" {
   sqs_success_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
   sqs_success_feedback_sample_rate = var.enable_sns_delivery_logging == true ? var.sns_success_logging_sample_percent : null
 }
-
-resource "aws_sns_topic" "amendments_topic" {
-  name              = "${local.csi}-amendments"
-  kms_master_key_id = var.kms_key_arn
-
-  application_failure_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  application_success_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  application_success_feedback_sample_rate = var.enable_sns_delivery_logging == true ? var.sns_success_logging_sample_percent : null
-
-  firehose_failure_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  firehose_success_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  firehose_success_feedback_sample_rate = var.enable_sns_delivery_logging == true ? var.sns_success_logging_sample_percent : null
-
-  http_failure_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  http_success_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  http_success_feedback_sample_rate = var.enable_sns_delivery_logging == true ? var.sns_success_logging_sample_percent : null
-
-  lambda_failure_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  lambda_success_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  lambda_success_feedback_sample_rate = var.enable_sns_delivery_logging == true ? var.sns_success_logging_sample_percent : null
-
-  sqs_failure_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  sqs_success_feedback_role_arn    = var.enable_sns_delivery_logging == true ? aws_iam_role.sns_delivery_logging_role[0].arn : null
-  sqs_success_feedback_sample_rate = var.enable_sns_delivery_logging == true ? var.sns_success_logging_sample_percent : null
-}

infrastructure/terraform/modules/eventsub/sns_topic_policy.tf

@@ -4,12 +4,6 @@ resource "aws_sns_topic_policy" "main" {
   policy = data.aws_iam_policy_document.sns_topic_policy.json
 }
 
-resource "aws_sns_topic_policy" "amendments_topic" {
-  arn = aws_sns_topic.amendments_topic.arn
-
-  policy = data.aws_iam_policy_document.amendments_topic_policy.json
-}
-
 data "aws_iam_policy_document" "sns_topic_policy" {
   policy_id = "__default_policy_ID"
 
@@ -67,61 +61,3 @@ data "aws_iam_policy_document" "sns_topic_policy" {
     ]
   }
 }
-
-data "aws_iam_policy_document" "amendments_topic_policy" {
-  policy_id = "__default_policy_ID"
-
-  statement {
-    sid    = "AllowAllSNSActionsFromAccount"
-    effect = "Allow"
-
-    principals {
-      type        = "AWS"
-      identifiers = ["*"]
-    }
-
-    actions = [
-      "SNS:Subscribe",
-      "SNS:SetTopicAttributes",
-      "SNS:RemovePermission",
-      "SNS:Receive",
-      "SNS:Publish",
-      "SNS:ListSubscriptionsByTopic",
-      "SNS:GetTopicAttributes",
-      "SNS:DeleteTopic",
-      "SNS:AddPermission",
-    ]
-
-    resources = [
-      aws_sns_topic.eventsub_topic.arn,
-    ]
-
-    condition {
-      test     = "StringEquals"
-      variable = "AWS:SourceOwner"
-
-      values = [
-        var.aws_account_id,
-      ]
-    }
-  }
-
-  statement {
-    sid    = "AllowAllSNSActionsFromSharedAccount"
-    effect = "Allow"
-    actions = [
-      "SNS:Publish",
-    ]
-
-    principals {
-      type = "AWS"
-      identifiers = [
-        "arn:aws:iam::${var.shared_infra_account_id}:root"
-      ]
-    }
-
-    resources = [
-      aws_sns_topic.amendments_topic.arn,
-    ]
-  }
-}

infrastructure/terraform/modules/eventsub/sns_topic_subscription_firehose.tf

@@ -1,4 +1,4 @@
-resource "aws_sns_topic_subscription" "firehose_eventsub" {
+resource "aws_sns_topic_subscription" "firehose" {
   count = var.enable_event_cache ? 1 : 0
 
   topic_arn             = aws_sns_topic.main.arn
@@ -7,13 +7,3 @@ resource "aws_sns_topic_subscription" "firehose_eventsub" {
   endpoint              = aws_kinesis_firehose_delivery_stream.main[0].arn
   raw_message_delivery  = var.enable_firehose_raw_message_delivery
 }
-
-resource "aws_sns_topic_subscription" "firehose_amendments" {
-  count = var.enable_event_cache ? 1 : 0
-
-  topic_arn             = aws_sns_topic.amendments_topic.arn
-  protocol              = "firehose"
-  subscription_role_arn = aws_iam_role.sns_role.arn
-  endpoint              = aws_kinesis_firehose_delivery_stream.main[0].arn
-  raw_message_delivery  = var.enable_firehose_raw_message_delivery
-}