From b0a3029fc85466e866c6f32b963721e5a59f64ff Mon Sep 17 00:00:00 2001
From: Xavier Schildwachter <x.schildwachter@sagebase.org>
Date: Thu, 16 Nov 2023 14:00:07 -0800
Subject: [PATCH] Switch to shared script

---
 .../config/prod/snowflake-access.yaml         |  4 +-
 .../templates/snowflake-access.yaml           | 63 -------------------
 2 files changed, 3 insertions(+), 64 deletions(-)
 delete mode 100644 sceptre/synapseprod/templates/snowflake-access.yaml

diff --git a/sceptre/synapseprod/config/prod/snowflake-access.yaml b/sceptre/synapseprod/config/prod/snowflake-access.yaml
index 21bea155..e358a63c 100644
--- a/sceptre/synapseprod/config/prod/snowflake-access.yaml
+++ b/sceptre/synapseprod/config/prod/snowflake-access.yaml
@@ -1,6 +1,8 @@
 template:
-  path: snowflake-access.yaml
+  type: http
+  url: https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com/aws-infra/v0.7.8/IAM/snowflake-synapse-access.yaml
 stack_name: snowflake-accesss
 parameters:
+  Stack: prod
   SnowflakeAccountArn: "arn:aws:iam::365909334157:user/m2nb0000-s"
   SnowflakeAccountExternalId: !ssm /infra/SnowflakeAccountExternalId
diff --git a/sceptre/synapseprod/templates/snowflake-access.yaml b/sceptre/synapseprod/templates/snowflake-access.yaml
deleted file mode 100644
index d360f37f..00000000
--- a/sceptre/synapseprod/templates/snowflake-access.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-Description: >
-  Setup cross account IAM access for Snowflake.
-  See https://docs.snowflake.com/en/user-guide/data-load-s3-config-storage-integration
-AWSTemplateFormatVersion: 2010-09-09
-Parameters:
-  SnowflakeAccountArn:
-    Type: String
-  SnowflakeAccountExternalId:
-    Type: String
-Resources:
-  SnowflakeServicePolicy:
-    Type: 'AWS::IAM::ManagedPolicy'
-    Properties:
-      PolicyDocument: |
-        {
-          "Version": "2012-10-17",
-          "Statement": [
-              {
-                  "Effect": "Allow",
-                  "Action": [
-                      "s3:GetObject",
-                      "s3:GetObjectVersion"
-                  ],
-                  "Resource": "arn:aws:s3:::prod.datawarehouse.sagebase.org/warehouse/*"
-              },
-              {
-                  "Effect": "Allow",
-                  "Action": [
-                      "s3:ListBucket",
-                      "s3:GetBucketLocation"
-                  ],
-                  "Resource": "arn:aws:s3:::prod.datawarehouse.sagebase.org",
-                  "Condition": {
-                      "StringLike": {
-                        "s3:prefix": [ "warehouse/*" ]
-                      }
-                  }
-              }
-          ]
-        }
-  SnowflakeServiceRole:
-    Type: "AWS::IAM::Role"
-    Properties:
-      Path: "/"
-      ManagedPolicyArns:
-        - !Ref SnowflakeServicePolicy
-      AssumeRolePolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          - Effect: Allow
-            Principal:
-              AWS: !Sub ${SnowflakeAccountArn}
-            Action:
-              - sts:AssumeRole
-              - sts:TagSession
-            Condition:
-              StringEquals:
-                sts:ExternalId: !Sub ${SnowflakeAccountExternalId}
-Outputs:
-  SnowflakeServiceRoleArn:
-    Value: !GetAtt SnowflakeServiceRole.Arn
-    Export:
-      Name: !Sub '${AWS::StackName}-SnowflakeServiceRoleArn'