removed aws secret and key env vars from cloudformation services

Author: briancaffey

cloudformation/infrastructure/ecs-cluster.yaml

@@ -172,7 +172,19 @@ Resources:
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
         - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
+        - arn:aws:iam::aws:policy/S
       Policies:
+        - PolicyName: s3-access
+          PolicyDocument: |
+            {
+              "Statement": [
+                {
+                  "Effect": "Allow",
+                  "Action": "s3:*",
+                  "Resource": "*"
+                }
+              ]
+            }
         - PolicyName: ecs-service
           PolicyDocument: |
             {

cloudformation/master.yaml

@@ -68,27 +68,17 @@ Parameters:
     Type: String
     NoEcho: true
 
-  AWSAccessKeyId:
-    Description: "AWS ACCESS KEY ID"
-    Type: String
-    NoEcho: true
-
-  AWSSecretAccessKey:
-    Description: "AWS SECRET ACCESS KEY"
-    Type: String
-    NoEcho: true
-
   DjangoSecretKey:
     Description: The Secret Key for backend, celery and beat containers
     Type: String
     NoEcho: true
 
 Conditions:
   RunServices: !Equals [ 1, 0 ]
-  UseRDS: !Equals [ 1, 0 ]
-  UseALB: !Equals [ 1, 0 ]
-  UseECS: !Equals [ 1, 0 ]
-  UseElastiCache: !Equals [ 1, 0 ]
+  UseRDS: !Equals [ 1, 1 ]
+  UseALB: !Equals [ 1, 1 ]
+  UseECS: !Equals [ 1, 1 ]
+  UseElastiCache: !Equals [ 1, 1 ]
 
 Resources:
 
@@ -177,8 +167,6 @@ Resources:
       Parameters:
         GitSHA: !Ref GitSHA
         DjangoSecretKey: !Ref DjangoSecretKey
-        AWSAccessKeyId: !Ref AWSAccessKeyId
-        AWSSecretAccessKey: !Ref AWSSecretAccessKey
         AppUrl: !Ref AppUrl
         VPC: !GetAtt VPC.Outputs.VPC
         ECSCluster: !GetAtt ECS.Outputs.ECSCluster
@@ -198,8 +186,6 @@ Resources:
       Parameters:
         GitSHA: !Ref GitSHA
         DjangoSecretKey: !Ref DjangoSecretKey
-        AWSAccessKeyId: !Ref AWSAccessKeyId
-        AWSSecretAccessKey: !Ref AWSSecretAccessKey
         AppUrl: !Ref AppUrl
         VPC: !GetAtt VPC.Outputs.VPC
         ECSCluster: !GetAtt ECS.Outputs.ECSCluster
@@ -219,8 +205,6 @@ Resources:
       Parameters:
         GitSHA: !Ref GitSHA
         DjangoSecretKey: !Ref DjangoSecretKey
-        AWSAccessKeyId: !Ref AWSAccessKeyId
-        AWSSecretAccessKey: !Ref AWSSecretAccessKey
         AppUrl: !Ref AppUrl
         VPC: !GetAtt VPC.Outputs.VPC
         ECSCluster: !GetAtt ECS.Outputs.ECSCluster
@@ -238,8 +222,6 @@ Resources:
       Parameters:
         GitSHA: !Ref GitSHA
         DjangoSecretKey: !Ref DjangoSecretKey
-        AWSAccessKeyId: !Ref AWSAccessKeyId
-        AWSSecretAccessKey: !Ref AWSSecretAccessKey
         AppUrl: !Ref AppUrl
         VPC: !GetAtt VPC.Outputs.VPC
         ECSCluster: !GetAtt ECS.Outputs.ECSCluster

cloudformation/services/backend.yaml

@@ -49,14 +49,6 @@ Parameters:
     Description: The ECR repository for the backend container
     Type: String
 
-  AWSAccessKeyId:
-    Description: "AWS ACCESS KEY ID"
-    Type: String
-
-  AWSSecretAccessKey:
-    Description: "AWS SECRET ACCESS KEY"
-    Type: String
-
   DjangoSecretKey:
     Description: The Secret Key for backend, celery and beat containers
     Type: String
@@ -90,10 +82,6 @@ Resources:
           Environment:
             - Name: GIT_SHA
               Value: !Ref GitSHA
-            - Name: AWS_ACCESS_KEY_ID
-              Value: !Ref AWSAccessKeyId
-            - Name: AWS_SECRET_ACCESS_KEY
-              Value: !Ref AWSSecretAccessKey
             - Name: SECRET_KEY
               Value: !Ref DjangoSecretKey
             - Name: APP_URL

cloudformation/services/beat.yaml

@@ -41,14 +41,6 @@ Parameters:
     Description: The ECR repository for the backend container
     Type: String
 
-  AWSAccessKeyId:
-    Description: "AWS ACCESS KEY ID"
-    Type: String
-
-  AWSSecretAccessKey:
-    Description: "AWS SECRET ACCESS KEY"
-    Type: String
-
   DjangoSecretKey:
     Description: The Secret Key for backend, celery and beat containers
     Type: String
@@ -83,10 +75,6 @@ Resources:
           Environment:
             - Name: GIT_SHA
               Value: !Ref GitSHA
-            - Name: AWS_ACCESS_KEY_ID
-              Value: !Ref AWSAccessKeyId
-            - Name: AWS_SECRET_ACCESS_KEY
-              Value: !Ref AWSSecretAccessKey
             - Name: SECRET_KEY
               Value: !Ref DjangoSecretKey
             - Name: APP_URL

cloudformation/services/celery.yaml

@@ -41,14 +41,6 @@ Parameters:
     Description: The ECR repository for the backend container
     Type: String
 
-  AWSAccessKeyId:
-    Description: "AWS ACCESS KEY ID"
-    Type: String
-
-  AWSSecretAccessKey:
-    Description: "AWS SECRET ACCESS KEY"
-    Type: String
-
   DjangoSecretKey:
     Description: The Secret Key for backend, celery and beat containers
     Type: String
@@ -82,10 +74,6 @@ Resources:
           Environment:
             - Name: GIT_SHA
               Value: !Ref GitSHA
-            - Name: AWS_ACCESS_KEY_ID
-              Value: !Ref AWSAccessKeyId
-            - Name: AWS_SECRET_ACCESS_KEY
-              Value: !Ref AWSSecretAccessKey
             - Name: SECRET_KEY
               Value: !Ref DjangoSecretKey
             - Name: APP_URL

cloudformation/services/daphne.yaml

@@ -49,14 +49,6 @@ Parameters:
     Description: The ECR repository for the backend container
     Type: String
 
-  AWSAccessKeyId:
-    Description: "AWS ACCESS KEY ID"
-    Type: String
-
-  AWSSecretAccessKey:
-    Description: "AWS SECRET ACCESS KEY"
-    Type: String
-
   DjangoSecretKey:
     Description: The Secret Key for backend, celery and beat containers
     Type: String
@@ -95,10 +87,6 @@ Resources:
           Environment:
             - Name: GIT_SHA
               Value: !Ref GitSHA
-            - Name: AWS_ACCESS_KEY_ID
-              Value: !Ref AWSAccessKeyId
-            - Name: AWS_SECRET_ACCESS_KEY
-              Value: !Ref AWSSecretAccessKey
             - Name: SECRET_KEY
               Value: !Ref DjangoSecretKey
             - Name: APP_URL