giving atlantis ample access to deploy

3 years ago · 22d2fc92ea
parent 3b8b5f468b
commit 22d2fc92ea
1 changed files with 1 additions and 26 deletions
--- a/atlantis.tf
+++ b/atlantis.tf
@ -33,35 +33,10 @@ module "atlantis" {

  policies_arn = [
    "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
-    aws_iam_policy.atlantis-allow-s3-write.arn
+    "arn:aws:iam::aws:policy/AdministratorAccess"
  ]
 }

-resource "aws_iam_policy" "atlantis-allow-s3-write" {
-  name = "atlantis-allow-s3-write"
-  policy = jsonencode({
-      Version = "2012-10-17"
-      Statement = [
-        {
-          Action   = ["s3:*"]
-          Effect   = "Allow"
-          Resource = [
-            "arn:aws:s3:::missionsa-atlantis-backend",
-            "arn:aws:s3:::missionsa-atlantis-backend/*",
-          ]
-        },
-        {
-          Action = [
-            "dynamodb:PutItem",
-            "dynamodb:GetItem"
-          ]
-          Effect = "Allow"
-          Resource = ["arn:aws:dynamodb:us-west-2:096194284558:table/missionsa-atlantis-backend"]
-        }
-      ]
-    })
-  }
-
 data "aws_ssm_parameter" "github_user" {
  name = "github_user"
 }