fix: Fix IAM role for S3 Mountpoint lab

lab/iam/policies/labs3.yaml

@@ -13,7 +13,7 @@ Statement:
       - s3:DeleteObject
       - s3:DeleteObjectVersion
     Resource:
-      - arn:aws:s3:::eks-workshop-canary-artifacts*
+      - arn:aws:s3:::${Env}-*
       - arn:aws:s3:::aws-synthetics-library*
   - Effect: Allow
     Action:

manifests/modules/fundamentals/storage/s3/.workshop/cleanup.sh

@@ -4,18 +4,18 @@
 
 set -e
 
+logmessage "Deleting assets-images folder..."
+
 # Delete local directory of image files
 rm -rf ~/environment/assets-images/
 
-logmessage "Deleting assets-images folder..."
-
 addon_exists=$(aws eks list-addons --cluster-name $EKS_CLUSTER_NAME --query "addons[? @ == 'aws-mountpoint-s3-csi-driver']" --output text)
 
+logmessage "Scaling down assets deployment..."
+
 # Scale down assets
 kubectl scale -n assets --replicas=0 deployment/assets
 
-logmessage "Scaling down assets deployment..."
-
 # Check if the S3 CSI driver addon exists
 if [ ! -z "$addon_exists" ]; then
   # Delete if addon exists
@@ -26,10 +26,10 @@ if [ ! -z "$addon_exists" ]; then
   aws eks wait addon-deleted --cluster-name $EKS_CLUSTER_NAME --addon-name aws-mountpoint-s3-csi-driver
 fi
 
+logmessage "Deleting PV and PVC that were created..."
+
 # Delete PVC
 kubectl delete pvc s3-claim -n assets --ignore-not-found=true
 
 # Delete PV
-kubectl delete pv s3-pv --ignore-not-found=true
-
-logmessage "Deleting PV and PVC that were created..."
+kubectl delete pv s3-pv --ignore-not-found=true

manifests/modules/fundamentals/storage/s3/.workshop/terraform/main.tf

@@ -30,22 +30,4 @@ module "mountpoint_s3_csi_driver_irsa" {
   tags = var.tags
 
   force_detach_policies = true
-}
-
-resource "aws_iam_role_policy" "eks_workshop_ide_s3_put_access" {
-  name = "eks-workshop-ide-s3-put-access"
-  role = "eks-workshop-ide-role"
-
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": "s3:PutObject",
-      "Resource": "${aws_s3_bucket.mountpoint_s3.arn}/*"
-    }
-  ]
-}
-EOF
 }