From 54836d7c5617c60aeacaf317274ba92de012c1d2 Mon Sep 17 00:00:00 2001
From: Tyler Mikev <112508158+aws-tyler@users.noreply.github.com>
Date: Fri, 28 Apr 2023 15:56:11 -0500
Subject: [PATCH] Revert "[feat] Use S3VPCE to prevent S3 access outside of VPC
 (#1183)"

This reverts commit 6db5a8f62f396a5347432d6bba20a41f8e9830b1.
---
 .../src/templates/onboard-account.cfn.yml                 | 6 ++----
 .../service-catalog/sagemaker-notebook-instance.cfn.yml   | 8 --------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml
index 573bc78aa1..d9c6bb3b11 100644
--- a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml
+++ b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/onboard-account.cfn.yml
@@ -1228,9 +1228,7 @@ Outputs:
     Condition: isAppStreamAndCustomDomain
     Value: !Ref Route53HostedZone
 
-  S3VPCE:
+  S3VpcEndpoint:
     Description: S3 interface endpoint
     Condition: isAppStream
-    Value: !Ref S3Endpoint
-    Export:
-      Name: !Join [ '', [ Ref: Namespace, '-S3VPCE' ] ]
\ No newline at end of file
+    Value: !Ref S3Endpoint
\ No newline at end of file
diff --git a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml
index 3b45a4b769..d267db875f 100644
--- a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml
+++ b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml
@@ -122,14 +122,6 @@ Resources:
               - sagemaker:DescribeNotebookInstance
               - sagemaker:StopNotebookInstance
             Resource: '*'
-          - Effect: Deny
-            Action: 's3:*'
-            Resource: '*'
-            Condition:
-              StringNotEquals:
-                aws:SourceVpce:
-                  Fn::ImportValue: !Sub '${SolutionNamespace}-S3VPCE'
-
 
   IAMRoleSageMakerURL:
     Type: 'AWS::IAM::Role'