Merge pull request #1833 from alphagov/remove-mirror-pingdom-probes

Remove Pingdom IP rules for mirror buckets
alphagov · Jul 9, 2024 · c2fba56 · c2fba56
2 parents 02143c9 + a65cb21
commit c2fba56
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 65 deletions.
diff --git a/terraform/projects/infra-mirror-bucket/README.md b/terraform/projects/infra-mirror-bucket/README.md
@@ -45,7 +45,6 @@ No modules.
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.s3_mirror_read_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.s3_mirror_replica_read_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [external_external.pingdom](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
 | [fastly_ip_ranges.fastly](https://registry.terraform.io/providers/fastly/fastly/latest/docs/data-sources/ip_ranges) | data source |
 | [template_file.s3_govuk_mirror_read_policy_template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 | [template_file.s3_govuk_mirror_replication_policy_template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |

diff --git a/terraform/projects/infra-mirror-bucket/mirror-read-policy.tf b/terraform/projects/infra-mirror-bucket/mirror-read-policy.tf
@@ -17,10 +17,6 @@ locals {
 
 data "fastly_ip_ranges" "fastly" {}
 
-data "external" "pingdom" {
-  program = ["/bin/bash", "${path.module}/pingdom_probe_ips.sh"]
-}
-
 data "aws_iam_policy_document" "s3_mirror_read_policy_doc" {
   statement {
     sid     = "S3FastlyReadBucket"
@@ -43,27 +39,6 @@ data "aws_iam_policy_document" "s3_mirror_read_policy_doc" {
     }
   }
 
-  statement {
-    sid     = "S3PingdomReadBucket"
-    actions = ["s3:GetObject"]
-
-    resources = [
-      "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}",
-      "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}/*",
-    ]
-
-    condition {
-      test     = "IpAddress"
-      variable = "aws:SourceIp"
-      values   = split(",", data.external.pingdom.result.pingdom_probe_ips)
-    }
-
-    principals {
-      type        = "AWS"
-      identifiers = ["*"]
-    }
-  }
-
   statement {
     sid     = "S3OfficeReadBucket"
     actions = ["s3:GetObject"]
@@ -149,27 +124,6 @@ data "aws_iam_policy_document" "s3_mirror_replica_read_policy_doc" {
     }
   }
 
-  statement {
-    sid     = "S3PingdomReadBucket"
-    actions = ["s3:GetObject"]
-
-    resources = [
-      "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}",
-      "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}/*",
-    ]
-
-    condition {
-      test     = "IpAddress"
-      variable = "aws:SourceIp"
-      values   = split(",", data.external.pingdom.result.pingdom_probe_ips)
-    }
-
-    principals {
-      type        = "AWS"
-      identifiers = ["*"]
-    }
-  }
-
   statement {
     sid     = "S3OfficeReadBucket"
     actions = ["s3:GetObject"]

diff --git a/terraform/projects/infra-mirror-bucket/pingdom_probe_ips.sh b/terraform/projects/infra-mirror-bucket/pingdom_probe_ips.sh