Revert "[feat] Use S3VPCE to prevent S3 access outside of VPC (#1183)"

This reverts commit 6db5a8f.
awslabs · Apr 28, 2023 · 54836d7 · 54836d7
1 parent c75600c
commit 54836d7
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 12 deletions.
diff --git a/...ns/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml b/...ns/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml
@@ -1228,9 +1228,7 @@ Outputs:
     Condition: isAppStreamAndCustomDomain
     Value: !Ref Route53HostedZone
 
-  S3VPCE:
+  S3VpcEndpoint:
     Description: S3 interface endpoint
     Condition: isAppStream
-    Value: !Ref S3Endpoint
-    Export:
-      Name: !Join [ '', [ Ref: Namespace, '-S3VPCE' ] ]
+    Value: !Ref S3Endpoint
diff --git a/...base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml b/...base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml
@@ -122,14 +122,6 @@ Resources:
               - sagemaker:DescribeNotebookInstance
               - sagemaker:StopNotebookInstance
             Resource: '*'
-          - Effect: Deny
-            Action: 's3:*'
-            Resource: '*'
-            Condition:
-              StringNotEquals:
-                aws:SourceVpce:
-                  Fn::ImportValue: !Sub '${SolutionNamespace}-S3VPCE'
-
 
   IAMRoleSageMakerURL:
     Type: 'AWS::IAM::Role'