From ea3d01ab2a2fd3e86f6c002861d55b1ca4889f46 Mon Sep 17 00:00:00 2001
From: Dave Arnold <dave@roknsound.com>
Date: Thu, 13 Feb 2025 08:54:50 -0800
Subject: [PATCH] cleaning up repo

---
 locals.tf       | 35 +++-----------------
 main.tf         | 87 ++-----------------------------------------------
 vpc_endpoint.tf | 10 ------
 3 files changed, 6 insertions(+), 126 deletions(-)

diff --git a/locals.tf b/locals.tf
index cbbd440..c735814 100644
--- a/locals.tf
+++ b/locals.tf
@@ -3,32 +3,12 @@ data "aws_security_group" "it_linux_base" {
 }
 
 locals {
-  domains_list = [
-    ".census.gov",
-    "169.254.169.254",
-    "148.129.*",
-    "10.*",
-    "172.18.*",
-    "172.22.*",
-    "172.23.*",
-    "172.24.*",
-    "172.25.*",
-    ".eks.amazonaws.com",
-    ".s3.amazonaws.com",
-    ".amazonaws.com",
-    ".gcr.io",
-    ".pkg.dev",
-    "${local._vpc_config.region}.compute.internal",
-    ".${local._vpc_config.region}.compute.internal",
-    "downloads.morpheusdata.com"
-  ]
   proxy_env_vars = {
-    HTTP_PROXY  = "http://proxy.tco.census.gov:3128"
-    NO_PROXY    = join(",", local.domains_list)
-    HTTPS_PROXY = "http://proxy.tco.census.gov:3128"
+    HTTP_PROXY  = "http://proxy.example.com:80"
+    HTTPS_PROXY = "http://proxy.example.com:80"
+    NO_PROXY    = "localhost,127.0.0.1,.example.com"
   }
-  source_repo = "linux-image-pipeline"
-  environment = "dev"
+
   _vpc_config = {
     vpc_id = "vpc-00576a396ec570b94"
     region = "us-gov-west-1"
@@ -36,7 +16,6 @@ locals {
       data.aws_security_group.it_linux_base.id
     ]
     subnets = [
-      # "subnet-0b1992a84536c581b"
       "subnet-062189d742937204e"
     ]
   }
@@ -50,10 +29,4 @@ locals {
       ])
     }
   )
-  state_config = {
-    bucket         = aws_s3_bucket.state_bucket.bucket
-    key            = "terraform.tfstate"
-    region         = local.vpc_config.region
-    dynamodb_table = "tf_remote_state"
-  }
 }
diff --git a/main.tf b/main.tf
index e9b8c36..96bf1d3 100644
--- a/main.tf
+++ b/main.tf
@@ -1,52 +1,5 @@
 resource "random_uuid" "random" {}
 
-resource "aws_s3_bucket" "state_bucket" {
-  bucket = "inf-test-${random_uuid.random.result}"
-}
-
-resource "aws_s3_bucket" "assets_bucket" {
-  bucket = "image-pipeline-assets"
-}
-
-#  module.amazon_linux.iam_arn
-resource "aws_s3_bucket_policy" "assets_bucket_policy" {
-  bucket = aws_s3_bucket.assets_bucket.id
-  policy = data.aws_iam_policy_document.assets_bucket_policy_document.json
-}
-
-data "aws_iam_policy_document" "assets_bucket_policy_document" {
-  statement {
-    principals {
-      type = "AWS"
-      identifiers = [
-        module.amazon_linux.iam_arn,
-        # module.rhel.iam_arn,
-        # module.docker.iam_arn,
-        # module.windows.iam_arn,
-        # module.github-runner.iam_arn
-        module.morpheus.iam_arn
-      ]
-    }
-
-    actions = [
-      "s3:Get*",
-      "s3:List*",
-      "s3:ReplicateObject",
-      "s3:PutObject",
-      "s3:RestoreObject",
-      "s3:PutObjectVersionTagging",
-      "s3:PutObjectTagging",
-      "s3:PutObjectAcl"
-    ]
-
-    resources = [
-      aws_s3_bucket.assets_bucket.arn,
-      "${aws_s3_bucket.assets_bucket.arn}/*",
-    ]
-  }
-}
-
-
 data "aws_iam_policy_document" "build_user_policy_document" {
   statement {
     actions = [
@@ -61,46 +14,10 @@ data "aws_iam_policy_document" "build_user_policy_document" {
     ]
 
     resources = [
-      aws_s3_bucket.assets_bucket.arn,
-      "${aws_s3_bucket.assets_bucket.arn}/*",
+      module.external_dependencies.assets_bucket_arn,
+      "${module.external_dependencies.assets_bucket_arn}/*",
     ]
   }
 }
 
 
-resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
-  for_each = tomap({
-    state_bucket  = aws_s3_bucket.state_bucket.bucket
-    assets_bucket = aws_s3_bucket.assets_bucket.bucket
-  })
-  bucket = each.value
-  rule {
-    apply_server_side_encryption_by_default {
-      sse_algorithm = "aws:kms"
-    }
-  }
-}
-
-
-resource "aws_security_group" "allow_amznlinux_cdn" {
-  name        = "allow_amznlinux_cdn"
-  description = "Allow TLS inbound traffic and all outbound traffic"
-  vpc_id      = local._vpc_config.vpc_id
-  tags = {
-    Name = "allow_amznlinux_cdn"
-  }
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
-  security_group_id = aws_security_group.allow_amznlinux_cdn.id
-  cidr_ipv4         = "0.0.0.0/0"
-  ip_protocol       = "-1"
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" {
-  security_group_id            = aws_security_group.allow_amznlinux_cdn.id
-  ip_protocol                  = "-1"
-  referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id
-}
-
-
diff --git a/vpc_endpoint.tf b/vpc_endpoint.tf
index adf4ce6..8633c1f 100644
--- a/vpc_endpoint.tf
+++ b/vpc_endpoint.tf
@@ -6,14 +6,4 @@ locals {
     "git-codecommit",
     "s3"
   ])
-}
-
-resource "aws_vpc_endpoint" "endpoint" {
-  for_each          = local.endpoints
-  vpc_id            = local.vpc_config.vpc_id
-  service_name      = "com.amazonaws.${local.vpc_config.region}.${each.value}"
-  vpc_endpoint_type = "Interface"
-
-  security_group_ids = local.vpc_config.security_group_ids
-  subnet_ids         = local.vpc_config.subnets
 }
\ No newline at end of file