From c84ab20df809ace6ec2c12889176d74a6c72efaa Mon Sep 17 00:00:00 2001
From: David Elliott <david.elliott@digital.justice.gov.uk>
Date: Fri, 6 Oct 2023 16:17:26 +0100
Subject: [PATCH] Remove S3 resources which have been migrated

These resources have been migrated to the management account already or
they do not exist.
---
 terraform/.terraform.lock.hcl |  61 --------
 terraform/s3.tf               | 254 ----------------------------------
 2 files changed, 315 deletions(-)
 delete mode 100644 terraform/s3.tf

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index cfd330b6..ba571344 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -1,47 +1,6 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
-provider "registry.terraform.io/auth0/auth0" {
-  version     = "0.50.2"
-  constraints = ">= 0.35.0"
-  hashes = [
-    "h1:Y/H3JW0OLdo5VJsmeOvV+/6GfYwkyH6csaVDuD5lDUo=",
-    "zh:1548bd0aeaae593f92d166be7f5fe0cdee0328c6cd284faeed593bc2222d7db0",
-    "zh:4b6bfa09ee9ffdf55911e52e5aea6c1169b7922e017516ac5c8b4ad90c6d36a4",
-    "zh:5e3eca4bf5a42f1d7f537c2462844c3cb28d7e816eec6d87291226985155ea3e",
-    "zh:67a8e4f113d44829e94df137aeffb951c8cd14b0277f83974fe0774e2204886d",
-    "zh:698595036a1fcdaf2e23bd0578c670fe7e7a2b4c88d218aadb60831bd61c5937",
-    "zh:7a54d2ec2e07976fd5a67f2807ffa3fc43efaf0e4d42f34177a6d93deb2405d2",
-    "zh:96c869926b9680af4f4336995b9dfc509aa7e522a6589501d90d2c82e500b5e0",
-    "zh:9aad04430f30116684c820919a79d3b5db6b463c1df0682a7b445680fd81b7eb",
-    "zh:aed6834b16286ec4480cb5b3ad0acfa8693da91124d0114a07463ff47e395baf",
-    "zh:b99575074296c5e49f904bfb7e1be14a372f072ab0dda776c70c7658130fe34f",
-    "zh:bc38040d9fe8175221bb1d02e307821b3ffe4622b64cb72a457496092b72d0d8",
-    "zh:c2431107604e211b8115c453e73f16d4ca726037a4e482d80302df4e83c22bb4",
-    "zh:f54f6b22451fcc969853732039f2b9bc1c76012b6df1170afd85c3798630a942",
-    "zh:fdb4ff1497669886ab97f502db675b7ed64d8476934ea06675e3ac58fba10bc4",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/archive" {
-  version     = "2.2.0"
-  constraints = ">= 2.2.0"
-  hashes = [
-    "h1:2K5LQkuWRS2YN1/YoNaHn9MAzjuTX8Gaqy6i8Mbfv8Y=",
-    "zh:06bd875932288f235c16e2237142b493c2c2b6aba0e82e8c85068332a8d2a29e",
-    "zh:0c681b481372afcaefddacc7ccdf1d3bb3a0c0d4678a526bc8b02d0c331479bc",
-    "zh:100fc5b3fc01ea463533d7bbfb01cb7113947a969a4ec12e27f5b2be49884d6c",
-    "zh:55c0d7ddddbd0a46d57c51fcfa9b91f14eed081a45101dbfc7fd9d2278aa1403",
-    "zh:73a5dd68379119167934c48afa1101b09abad2deb436cd5c446733e705869d6b",
-    "zh:841fc4ac6dc3479981330974d44ad2341deada8a5ff9e3b1b4510702dfbdbed9",
-    "zh:91be62c9b41edb137f7f835491183628d484e9d6efa82fcb75cfa538c92791c5",
-    "zh:acd5f442bd88d67eb948b18dc2ed421c6c3faee62d3a12200e442bfff0aa7d8b",
-    "zh:ad5720da5524641ad718a565694821be5f61f68f1c3c5d2cfa24426b8e774bef",
-    "zh:e63f12ea938520b3f83634fc29da28d92eed5cfbc5cc8ca08281a6a9c36cca65",
-    "zh:f6542918faa115df46474a36aabb4c3899650bea036b5f8a5e296be6f8f25767",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "3.74.1"
   constraints = ">= 3.6.0, >= 3.20.0, >= 3.27.0, >= 3.47.0, >= 3.60.0"
@@ -61,23 +20,3 @@ provider "registry.terraform.io/hashicorp/aws" {
     "zh:f1c2c9145383ab8675eab68398b53cf33edb2665d64ef2e48e0444771fa5849e",
   ]
 }
-
-provider "registry.terraform.io/hashicorp/external" {
-  version     = "2.2.0"
-  constraints = ">= 2.1.0"
-  hashes = [
-    "h1:V1XoXkVwM+Bg73BNtbMxScjTcty2jbRZzgSdHrYxQ+4=",
-    "zh:094c3cfae140fbb70fb0e272b1df833b4d7467c6c819fbf59a3e8ac0922f95b6",
-    "zh:15c3906abbc1cd03a72afd02bda9caeeb5f6ca421292c32ddeb2acd7a3488669",
-    "zh:388c14bceeb1593bb16cadedc8f5ad7d41d398197db049dc0871bc847aa61083",
-    "zh:5696772136b6763faade0cc065fafc2bf06493021b943826be0144790fae514a",
-    "zh:6427c693b1b750644d5b633395e54617dc36ae717a531a5cde8cb0246b6593ca",
-    "zh:7196d9845eeffa3158f5e3067bf8b7ad489490aa26d29e2da1ad4c8924463469",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:8850d3ce9e5f5776b9349890ce4e2c4056defe16ed741dc845045942a6d9e025",
-    "zh:a2c6fc6cf087b35ebd6b6f20272ed32d4217ea9936c1dd630baa46d86718a455",
-    "zh:ac709be4ea5c9a6e1ab80e864d24cd9f8e6aaea29fb5dbe1de0897e2e86c3c17",
-    "zh:dcf806f044801fae5b21ae2754dc3c19c68e458d4584965752ce49be75305ff5",
-    "zh:f875b34be86c3439899828978638ef7e2d41a9e5e32397858a0c31daeaa1abc2",
-  ]
-}
diff --git a/terraform/s3.tf b/terraform/s3.tf
deleted file mode 100644
index 91826dbc..00000000
--- a/terraform/s3.tf
+++ /dev/null
@@ -1,254 +0,0 @@
-# S3 buckets in eu-west-2
-## S3 bucket to store Terraform state
-resource "aws_s3_bucket" "aws-root-account-terraform-state" {
-  bucket = "moj-aws-root-account-terraform-state"
-  acl    = "private"
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "aws:kms"
-      }
-    }
-  }
-
-  versioning {
-    enabled = true
-  }
-
-  tags = local.root_account
-}
-
-resource "aws_s3_bucket_public_access_block" "aws-root-account-terraform-state" {
-  bucket = aws_s3_bucket.aws-root-account-terraform-state.id
-
-  # Block public ACLs
-  block_public_acls = true
-
-  # Block public bucket policies
-  block_public_policy = true
-
-  # Ignore public ACLs
-  ignore_public_acls = true
-
-  # Restrict public bucket policies
-  restrict_public_buckets = true
-}
-
-## S3 bucket for moj-cur-reports
-resource "aws_s3_bucket" "moj-cur-reports" {
-  bucket = "moj-cur-reports"
-  acl    = "private"
-
-  versioning {
-    enabled = true
-  }
-}
-
-data "aws_iam_policy_document" "moj-cur-reports-bucket-policy" {
-  version = "2008-10-17"
-
-  # 386209384616 is owned and maintained by AWS themselves, to enable
-  # upwards reporting of billing.
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetBucketAcl",
-      "s3:GetBucketPolicy"
-    ]
-    resources = [aws_s3_bucket.moj-cur-reports.arn]
-
-    principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::386209384616:root"]
-    }
-  }
-
-  statement {
-    effect    = "Allow"
-    actions   = ["s3:PutObject"]
-    resources = ["${aws_s3_bucket.moj-cur-reports.arn}/*"]
-
-    principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::386209384616:root"]
-    }
-  }
-}
-
-resource "aws_s3_bucket_policy" "moj-cur-reports-bucket-policy" {
-  bucket = aws_s3_bucket.moj-cur-reports.bucket
-
-  # 386209384616 is owned and maintained by AWS themselves, to enable
-  # upwards reporting of billing.
-  policy = data.aws_iam_policy_document.moj-cur-reports-bucket-policy.json
-}
-
-## S3 bucket for moj-cur-reports-quicksight
-resource "aws_s3_bucket" "moj-cur-reports-quicksight" {
-  bucket = "moj-cur-reports-quicksight"
-  acl    = "private"
-
-  versioning {
-    enabled = true
-  }
-}
-
-data "aws_iam_policy_document" "moj-cur-reports-quicksight-bucket-policy" {
-  version = "2008-10-17"
-
-  # 386209384616 is owned and maintained by AWS themselves, to enable
-  # upwards reporting of billing.
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetBucketAcl",
-      "s3:GetBucketPolicy"
-    ]
-    resources = [aws_s3_bucket.moj-cur-reports-quicksight.arn]
-
-    principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::386209384616:root"]
-    }
-  }
-
-  statement {
-    effect    = "Allow"
-    actions   = ["s3:PutObject"]
-    resources = ["${aws_s3_bucket.moj-cur-reports-quicksight.arn}/*"]
-
-    principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::386209384616:root"]
-    }
-  }
-}
-
-resource "aws_s3_bucket_policy" "moj-cur-reports-quicksight-bucket-policy" {
-  bucket = aws_s3_bucket.moj-cur-reports-quicksight.bucket
-
-  # 386209384616 is owned and maintained by AWS themselves, to enable
-  # upwards reporting of billing.
-  policy = data.aws_iam_policy_document.moj-cur-reports-quicksight-bucket-policy.json
-}
-
-# S3 bucket for storing tagging policy reports
-resource "aws_s3_bucket" "tagging-policy-reports" {
-  # The bucket for Tag Policy reports used MUST reside in us-east-1, see:
-  # https://docs.aws.amazon.com/ARG/latest/userguide/tag-policies-arg-evaluating-org-wide-compliance.html
-  provider = aws.aws-root-account-us-east-1
-
-  bucket_prefix = "tagging-policy-reports-"
-  acl           = "private"
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-
-  versioning {
-    enabled = true
-  }
-
-  tags = local.root_account
-
-  force_destroy = true
-}
-
-resource "aws_s3_bucket_public_access_block" "tagging-policy-reports" {
-  # The bucket for Tag Policy reports used MUST reside in us-east-1, see:
-  # https://docs.aws.amazon.com/ARG/latest/userguide/tag-policies-arg-evaluating-org-wide-compliance.html
-  provider = aws.aws-root-account-us-east-1
-
-  bucket = aws_s3_bucket.tagging-policy-reports.id
-
-  # Block public ACLs
-  block_public_acls = true
-
-  # Block public bucket policies
-  block_public_policy = true
-
-  # Ignore public ACLs
-  ignore_public_acls = true
-
-  # Restrict public bucket policies
-  restrict_public_buckets = true
-}
-
-# S3 bucket policy for Tag policies. See:
-# https://docs.aws.amazon.com/ARG/latest/userguide/tag-policies-prereqs.html
-data "aws_iam_policy_document" "tagging-policy" {
-  version = "2012-10-17"
-
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetBucketAcl"
-    ]
-    resources = [aws_s3_bucket.tagging-policy-reports.arn]
-
-    principals {
-      type        = "Service"
-      identifiers = ["tagpolicies.tag.amazonaws.com"]
-    }
-  }
-
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:PutObject"
-    ]
-    resources = ["${aws_s3_bucket.tagging-policy-reports.arn}/AwsTagPolicies/*"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["tagpolicies.tag.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_s3_bucket_policy" "tagging-policy" {
-  # The bucket for Tag Policy reports used MUST reside in us-east-1, see:
-  # https://docs.aws.amazon.com/ARG/latest/userguide/tag-policies-arg-evaluating-org-wide-compliance.html
-  provider = aws.aws-root-account-us-east-1
-
-  bucket = aws_s3_bucket.tagging-policy-reports.bucket
-  policy = data.aws_iam_policy_document.tagging-policy.json
-
-  depends_on = [aws_s3_bucket_public_access_block.tagging-policy-reports]
-}
-
-# S3 buckets in Ireland
-## S3 bucket for moj-iam-credential-reports
-resource "aws_s3_bucket" "moj-iam-credential-reports" {
-  provider = aws.aws-root-account-eu-west-1
-  bucket   = "moj-iam-credential-reports"
-  acl      = "private"
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-}
-
-## S3 bucket for cf-templates-rkovlae8ktmg-eu-west-1
-resource "aws_s3_bucket" "cf-templates-rkovlae8ktmg-eu-west-1" {
-  provider = aws.aws-root-account-eu-west-1
-  bucket   = "cf-templates-rkovlae8ktmg-eu-west-1"
-  acl      = "private"
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-}