From 6f1dbe34ed68cb1edd9ff0fe47e9acd524fe6f4a Mon Sep 17 00:00:00 2001 From: Matt Dean Date: Wed, 4 Mar 2026 11:11:10 +0000 Subject: [PATCH 1/2] [NRL-1996] Remove perms lambda layer from acc-wide infra deploy --- .github/workflows/deploy-account-wide-infra.yml | 6 ------ .../dev/lambda__seed-sandbox.tf | 1 - .../modules/lambda-layers/layers.tf | 8 -------- .../modules/lambda-layers/outputs.tf | 5 ----- .../test/lambda__seed-sandbox.tf | 1 - 5 files changed, 21 deletions(-) diff --git a/.github/workflows/deploy-account-wide-infra.yml b/.github/workflows/deploy-account-wide-infra.yml index 0ae4f5e1a..252885663 100644 --- a/.github/workflows/deploy-account-wide-infra.yml +++ b/.github/workflows/deploy-account-wide-infra.yml @@ -65,12 +65,6 @@ jobs: role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }} - - name: Add S3 Permissions to Lambda Layer - env: - ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} - run: | - make get-s3-perms ENV=${ACCOUNT_NAME} - - name: Retrieve Server Certificates env: ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} diff --git a/terraform/account-wide-infrastructure/dev/lambda__seed-sandbox.tf b/terraform/account-wide-infrastructure/dev/lambda__seed-sandbox.tf index 3c33d8660..da7a21cc5 100644 --- a/terraform/account-wide-infrastructure/dev/lambda__seed-sandbox.tf +++ b/terraform/account-wide-infrastructure/dev/lambda__seed-sandbox.tf @@ -20,7 +20,6 @@ module "seed_sandbox_lambda" { layers = [ module.shared_lambda_layers.nrlf_layer_arn, module.shared_lambda_layers.third_party_layer_arn, - module.shared_lambda_layers.nrlf_permissions_layer_arn ] table_names = local.seed_table_names diff --git a/terraform/account-wide-infrastructure/modules/lambda-layers/layers.tf b/terraform/account-wide-infrastructure/modules/lambda-layers/layers.tf index dbf78154a..502561612 100644 --- a/terraform/account-wide-infrastructure/modules/lambda-layers/layers.tf +++ b/terraform/account-wide-infrastructure/modules/lambda-layers/layers.tf @@ -23,11 +23,3 @@ resource "aws_lambda_layer_version" "third_party" { compatible_runtimes = ["python3.12"] description = "Third party dependencies layer (account-wide)" } - -resource "aws_lambda_layer_version" "nrlf_permissions" { - layer_name = "${var.name_prefix}--nrlf-permissions-layer" - filename = "${local.dist_dir}/${local.layer_zips.nrlf_permissions}" - source_code_hash = filebase64sha256("${local.dist_dir}/${local.layer_zips.nrlf_permissions}") - compatible_runtimes = ["python3.12"] - description = "NRLF permissions library layer (account-wide)" -} diff --git a/terraform/account-wide-infrastructure/modules/lambda-layers/outputs.tf b/terraform/account-wide-infrastructure/modules/lambda-layers/outputs.tf index e86ad3467..fd6a7e347 100644 --- a/terraform/account-wide-infrastructure/modules/lambda-layers/outputs.tf +++ b/terraform/account-wide-infrastructure/modules/lambda-layers/outputs.tf @@ -7,8 +7,3 @@ output "third_party_layer_arn" { description = "ARN of the third party dependencies Lambda layer" value = aws_lambda_layer_version.third_party.arn } - -output "nrlf_permissions_layer_arn" { - description = "ARN of the NRLF permissions Lambda layer" - value = aws_lambda_layer_version.nrlf_permissions.arn -} diff --git a/terraform/account-wide-infrastructure/test/lambda__seed-sandbox.tf b/terraform/account-wide-infrastructure/test/lambda__seed-sandbox.tf index 2647f6854..80fb466bc 100644 --- a/terraform/account-wide-infrastructure/test/lambda__seed-sandbox.tf +++ b/terraform/account-wide-infrastructure/test/lambda__seed-sandbox.tf @@ -21,7 +21,6 @@ module "seed_sandbox_lambda" { layers = [ module.shared_lambda_layers.nrlf_layer_arn, module.shared_lambda_layers.third_party_layer_arn, - module.shared_lambda_layers.nrlf_permissions_layer_arn ] table_names = local.seed_table_names From 37fff6059690ea4611ef9483cafc84b77b9166df Mon Sep 17 00:00:00 2001 From: Matt Dean Date: Wed, 4 Mar 2026 11:29:02 +0000 Subject: [PATCH 2/2] [NRL-1996] Remove perms files from s3 cp in acc-wide workflow --- .github/workflows/deploy-account-wide-infra.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy-account-wide-infra.yml b/.github/workflows/deploy-account-wide-infra.yml index 252885663..31c10e9d6 100644 --- a/.github/workflows/deploy-account-wide-infra.yml +++ b/.github/workflows/deploy-account-wide-infra.yml @@ -101,7 +101,6 @@ jobs: aws s3 cp dist/nrlf.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf.zip aws s3 cp dist/dependency_layer.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/dependency_layer.zip - aws s3 cp dist/nrlf_permissions.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf_permissions.zip aws s3 cp dist/seed_sandbox.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/seed_sandbox.zip terraform-apply: @@ -145,7 +144,6 @@ jobs: mkdir -p dist aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf.zip dist/nrlf.zip aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/dependency_layer.zip dist/dependency_layer.zip - aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf_permissions.zip dist/nrlf_permissions.zip aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/seed_sandbox.zip dist/seed_sandbox.zip - name: Retrieve Server Certificates