Remove unused CDN logs Kinesis stream

spire/templates/root.yml

@@ -1177,11 +1177,6 @@ Outputs:
   SharedAuroraPostgresqlPort:
     Value: !Ref SharedAuroraPostgresqlPort
 
-  DovetailCdnLogsKinesisStreamArn:
-    Value: !GetAtt SharedDovetailKinesisStack.Outputs.DovetailCdnLogsKinesisStreamArn
-  DovetailCdnLogsKinesisStreamOrgWriterRoleArn:
-    Value: !GetAtt SharedDovetailKinesisStack.Outputs.DovetailCdnLogsKinesisStreamOrgWriterRoleArn
-
   AuguryHostname: { Value: !GetAtt Constants2.Outputs.AuguryHostname }
   TheCastleHostname: { Value: !GetAtt Constants2.Outputs.TheCastleHostname }
   TheCountHostname: { Value: !GetAtt Constants2.Outputs.TheCountHostname }

spire/templates/shared-dovetail-kinesis.yml

@@ -18,62 +18,6 @@ Conditions:
 Resources:
   NestedChangeSetScrubber: { Type: AWS::SNS::Topic, Condition: EnableNestedChangeSetScrubbingResources }
 
-  # realtime cloudfront logs, including bytes-downloaded by listeners
-  #
-  # dovetail-cdn realtime logs --> dovetail-counts
-  DovetailCdnLogsKinesisStream:
-    Type: AWS::Kinesis::Stream
-    DeletionPolicy: Retain
-    UpdateReplacePolicy: Retain
-    Properties:
-      RetentionPeriodHours: !If [IsProduction, 48, 24]
-      StreamModeDetails:
-        StreamMode: ON_DEMAND
-      Tags:
-        - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
-        - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
-        - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
-        - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
-        - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
-        - { Key: prx:ops:environment, Value: !Ref EnvironmentType }
-        - { Key: prx:dev:family, Value: Dovetail }
-        - { Key: prx:dev:application, Value: Counts }
-  DovetailCdnLogsKinesisStreamOrgWriterRole:
-    # This role exists so that it can be assumed by roles in other accounts, so
-    # that they can write to the Kinesis stream above
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        # TODO This should probably be limited in some way, at least so stag
-        # and prod can't cross contaminate
-        Statement:
-          - Action: sts:AssumeRole
-            Condition:
-              StringEquals:
-                aws:ResourceOrgID: ${aws:PrincipalOrgID}
-            Effect: Allow
-            Principal:
-              AWS: "*"
-        Version: "2012-10-17"
-      Policies:
-        - PolicyDocument:
-            Statement:
-              - Action: kinesis:PutRecords
-                Effect: Allow
-                Resource: !GetAtt DovetailCdnLogsKinesisStream.Arn
-                Sid: AllowRecordsWrite
-            Version: "2012-10-17"
-          PolicyName: OrgStreamWriterPolicy
-      Tags:
-        - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
-        - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
-        - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
-        - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
-        - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
-        - { Key: prx:ops:environment, Value: !Ref EnvironmentType }
-        - { Key: prx:dev:family, Value: Dovetail }
-        - { Key: prx:dev:application, Value: Counts }
-
   # IAB2 counted segment-numbers
   # but ALSO dovetail-router redirect data TODO: move this
   #
@@ -121,14 +65,6 @@ Resources:
         - { Key: prx:dev:application, Value: Analytics }
 
 Outputs:
-  DovetailCdnLogsKinesisStreamName:
-    Value: !Ref DovetailCdnLogsKinesisStream
-  DovetailCdnLogsKinesisStreamArn:
-    Value: !GetAtt DovetailCdnLogsKinesisStream.Arn
-
-  DovetailCdnLogsKinesisStreamOrgWriterRoleArn:
-    Value: !GetAtt DovetailCdnLogsKinesisStreamOrgWriterRole.Arn
-
   DovetailCountedKinesisStreamName:
     Value: !Ref DovetailCountedKinesisStream
   DovetailCountedKinesisStreamArn: