Merge pull request #1163 from NHSDigital/hotfix/made14-NRL-1966-fix-test-acc-wide-deploy

mattdean3-nhs · web-flow · commit 94572b663d87 · 2026-03-05T10:49:58.000Z
[NRL-1966] Remove permissions layer from account-wide lambdas
diff --git a/.github/workflows/deploy-account-wide-infra.yml b/.github/workflows/deploy-account-wide-infra.yml
@@ -65,12 +65,6 @@ jobs:
           role-to-assume: ${{ secrets.MGMT_ROLE_ARN }}
           role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
 
-      - name: Add S3 Permissions to Lambda Layer
-        env:
-          ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }}
-        run: |
-          make get-s3-perms ENV=${ACCOUNT_NAME}
-
       - name: Retrieve Server Certificates
         env:
           ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }}
@@ -107,7 +101,6 @@ jobs:
 
           aws s3 cp dist/nrlf.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf.zip
           aws s3 cp dist/dependency_layer.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/dependency_layer.zip
-          aws s3 cp dist/nrlf_permissions.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf_permissions.zip
           aws s3 cp dist/seed_sandbox.zip s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/seed_sandbox.zip
 
   terraform-apply:
@@ -151,7 +144,6 @@ jobs:
           mkdir -p dist
           aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf.zip dist/nrlf.zip
           aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/dependency_layer.zip dist/dependency_layer.zip
-          aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/nrlf_permissions.zip dist/nrlf_permissions.zip
           aws s3 cp s3://nhsd-nrlf--mgmt--ci-data/acc-$ACCOUNT_NAME/${{ github.run_id }}/seed_sandbox.zip dist/seed_sandbox.zip
 
       - name: Retrieve Server Certificates
diff --git a/terraform/account-wide-infrastructure/dev/lambda__seed-sandbox.tf b/terraform/account-wide-infrastructure/dev/lambda__seed-sandbox.tf
@@ -20,7 +20,6 @@ module "seed_sandbox_lambda" {
   layers = [
     module.shared_lambda_layers.nrlf_layer_arn,
     module.shared_lambda_layers.third_party_layer_arn,
-    module.shared_lambda_layers.nrlf_permissions_layer_arn
   ]
 
   table_names = local.seed_table_names
diff --git a/terraform/account-wide-infrastructure/modules/lambda-layers/layers.tf b/terraform/account-wide-infrastructure/modules/lambda-layers/layers.tf
@@ -23,11 +23,3 @@ resource "aws_lambda_layer_version" "third_party" {
   compatible_runtimes = ["python3.12"]
   description         = "Third party dependencies layer (account-wide)"
 }
-
-resource "aws_lambda_layer_version" "nrlf_permissions" {
-  layer_name          = "${var.name_prefix}--nrlf-permissions-layer"
-  filename            = "${local.dist_dir}/${local.layer_zips.nrlf_permissions}"
-  source_code_hash    = filebase64sha256("${local.dist_dir}/${local.layer_zips.nrlf_permissions}")
-  compatible_runtimes = ["python3.12"]
-  description         = "NRLF permissions library layer (account-wide)"
-}
diff --git a/terraform/account-wide-infrastructure/modules/lambda-layers/outputs.tf b/terraform/account-wide-infrastructure/modules/lambda-layers/outputs.tf
@@ -7,8 +7,3 @@ output "third_party_layer_arn" {
   description = "ARN of the third party dependencies Lambda layer"
   value       = aws_lambda_layer_version.third_party.arn
 }
-
-output "nrlf_permissions_layer_arn" {
-  description = "ARN of the NRLF permissions Lambda layer"
-  value       = aws_lambda_layer_version.nrlf_permissions.arn
-}
diff --git a/terraform/account-wide-infrastructure/test/lambda__seed-sandbox.tf b/terraform/account-wide-infrastructure/test/lambda__seed-sandbox.tf
@@ -21,7 +21,6 @@ module "seed_sandbox_lambda" {
   layers = [
     module.shared_lambda_layers.nrlf_layer_arn,
     module.shared_lambda_layers.third_party_layer_arn,
-    module.shared_lambda_layers.nrlf_permissions_layer_arn
   ]
 
   table_names = local.seed_table_names

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,6 @@ module "seed_sandbox_lambda" {`
`20`	`20`	`layers = [`
`21`	`21`	`module.shared_lambda_layers.nrlf_layer_arn,`
`22`	`22`	`module.shared_lambda_layers.third_party_layer_arn,`
`23`		`- module.shared_lambda_layers.nrlf_permissions_layer_arn`
`24`	`23`	`]`
`25`	`24`
`26`	`25`	`table_names = local.seed_table_names`
Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,3 @@ output "third_party_layer_arn" {`
`7`	`7`	`description = "ARN of the third party dependencies Lambda layer"`
`8`	`8`	`value = aws_lambda_layer_version.third_party.arn`
`9`	`9`	`}`
`10`		`-`
`11`		`-output "nrlf_permissions_layer_arn" {`
`12`		`- description = "ARN of the NRLF permissions Lambda layer"`
`13`		`- value = aws_lambda_layer_version.nrlf_permissions.arn`
`14`		`-}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@ module "seed_sandbox_lambda" {`
`21`	`21`	`layers = [`
`22`	`22`	`module.shared_lambda_layers.nrlf_layer_arn,`
`23`	`23`	`module.shared_lambda_layers.third_party_layer_arn,`
`24`		`- module.shared_lambda_layers.nrlf_permissions_layer_arn`
`25`	`24`	`]`
`26`	`25`
`27`	`26`	`table_names = local.seed_table_names`