From dda2ebc1040877a73acd1e9b1bca70f4898421f7 Mon Sep 17 00:00:00 2001
From: Matthew Pugh <pughmds@cyram.org>
Date: Wed, 23 Oct 2024 09:45:00 +0100
Subject: [PATCH] Cleanup Tasks (#122)

* Added org s3 bucket for storing lambda code

* Remove env vars from dagit and daemon that weren't needed. Added profile to org FE definition
---
 .../cloudformation/full/la/dagster.yaml          | 16 ----------------
 .../full/organisation/dagster.yaml               |  1 +
 .../full/organisation/sso2_azure.yaml            |  1 +
 3 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/infrastructure/environments/cloudformation/full/la/dagster.yaml b/infrastructure/environments/cloudformation/full/la/dagster.yaml
index fa76e6b..64c6392 100644
--- a/infrastructure/environments/cloudformation/full/la/dagster.yaml
+++ b/infrastructure/environments/cloudformation/full/la/dagster.yaml
@@ -479,14 +479,8 @@ Resources:
               Value: !Ref DBName
             - Name: DAGSTER_POSTGRES_PORT
               Value: !Ref DBPort
-            - Name: OUTPUT_LOCATION
-              Value: !Ref OutputLocation
-            - Name: INPUT_LOCATION
-              Value: !Ref InputLocation
             - Name: PYTHONLEGACYWINDOWSSTDIO
               Value: "utf8.env"
-            - Name: 903_WILDCARDS
-              Value: "*.csv"
             - Name: DAGSTER_CODE_SERVER_TASK
               Value: !GetAtt CodeServerTaskDefinition.TaskDefinitionArn
       Tags:
@@ -546,18 +540,8 @@ Resources:
               Value: !Ref DBPort
             - Name: DAGSTER_CODE_SERVER_TASK
               Value: !GetAtt CodeServerTaskDefinition.TaskDefinitionArn
-            - Name: OUTPUT_LOCATION
-              Value: !Ref OutputLocation
-            - Name: INPUT_LOCATION
-              Value: !Ref InputLocation
             - Name: PYTHONLEGACYWINDOWSSTDIO
               Value: "utf8.env"
-            - Name: 903_WILDCARDS
-              Value: "*.csv"
-            - Name: INPUT_LOCATION_903
-              Value: !Sub "${OutputLocation}/Current"
-            - Name: INPUT_LOCATION
-              Value: !Ref InputLocation
       Tags:
         - Key: Project
           Value: !Ref ProjectName
diff --git a/infrastructure/environments/cloudformation/full/organisation/dagster.yaml b/infrastructure/environments/cloudformation/full/organisation/dagster.yaml
index af4be4c..7f83e36 100644
--- a/infrastructure/environments/cloudformation/full/organisation/dagster.yaml
+++ b/infrastructure/environments/cloudformation/full/organisation/dagster.yaml
@@ -439,6 +439,7 @@ Resources:
                   - "s3:GetObjectVersion"
                 Resource:
                   - !Ref InputLocationArn
+                  - !Sub "${InputLocationArn}/*"
 
       ManagedPolicyArns: # These need to be peared down for security reasons. What is necessary?
         - arn:aws:iam::aws:policy/CloudWatchFullAccess
diff --git a/infrastructure/environments/cloudformation/full/organisation/sso2_azure.yaml b/infrastructure/environments/cloudformation/full/organisation/sso2_azure.yaml
index e6c4abe..5ded63b 100644
--- a/infrastructure/environments/cloudformation/full/organisation/sso2_azure.yaml
+++ b/infrastructure/environments/cloudformation/full/organisation/sso2_azure.yaml
@@ -51,6 +51,7 @@ Resources:
         - "openid"
         - "email"
         - "aws.cognito.signin.user.admin"
+        - "profile"
       SupportedIdentityProviders:
         - !Sub "${ApplicationName}-${OrganisationName}-AzureADProvider-${EnvironmentName}"
       AllowedOAuthFlowsUserPoolClient: true