Merge pull request #872 from ministryofjustice/feature/remove-cp-tran…

…sit-gateways Remove cloud platform transit gateways account
ministryofjustice · Feb 28, 2024 · 9316172 · 9316172
2 parents 6248e86 + 64fb21d
commit 9316172
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 32 deletions.
diff --git a/management-account/terraform/.terraform.lock.hcl b/management-account/terraform/.terraform.lock.hcl
diff --git a/management-account/terraform/organizations-accounts-technology-services.tf b/management-account/terraform/organizations-accounts-technology-services.tf
@@ -216,25 +216,3 @@ resource "aws_organizations_account" "network_architecture" {
     ]
   }
 }
-
-resource "aws_organizations_account" "cloud_platform_transit_gateways" {
-  name                       = "Cloud Platform Transit Gateways"
-  email                      = replace(local.aws_account_email_addresses_template, "{email}", "cloud-platform-transit-gateways")
-  iam_user_access_to_billing = "ALLOW"
-  parent_id                  = aws_organizations_organizational_unit.technology_services.id
-
-  tags = merge(local.tags_technology_services, {
-    is-production = true
-    application   = "Core Transit Gateway"
-    source-code   = "github.com/ministryofjustice/transit-gateways"
-  })
-
-  lifecycle {
-    ignore_changes = [
-      email,
-      iam_user_access_to_billing,
-      name,
-      role_name,
-    ]
-  }
-}
diff --git a/management-account/terraform/organizations-policy-service-control.tf b/management-account/terraform/organizations-policy-service-control.tf
@@ -87,11 +87,6 @@ resource "aws_organizations_policy_attachment" "deny_aws_account_root_user_opg"
   target_id = aws_organizations_organizational_unit.opg.id
 }
 
-resource "aws_organizations_policy_attachment" "deny_aws_account_root_user_cloud_platform_transit_gateways" {
-  policy_id = aws_organizations_policy.deny_aws_account_root_user.id
-  target_id = aws_organizations_account.cloud_platform_transit_gateways.id
-}
-
 #####################################
 # Deny all actions on all resources #
 #####################################

diff --git a/management-account/terraform/sso-admin-account-assignments.tf b/management-account/terraform/sso-admin-account-assignments.tf
@@ -6,7 +6,6 @@ locals {
       account_ids = [
         aws_organizations_account.cloud_platform.id,
         aws_organizations_account.cloud_platform_ephemeral_test.id,
-        aws_organizations_account.cloud_platform_transit_gateways.id
       ]
     },
     {
@@ -176,7 +175,6 @@ locals {
       github_team        = "modernisation-platform-engineers",
       permission_set_arn = aws_ssoadmin_permission_set.read_only_access.arn,
       account_ids = [
-        aws_organizations_account.cloud_platform_transit_gateways.id,
         aws_organizations_account.moj_official_production.id,
         aws_organizations_account.moj_official_shared_services.id,
       ]