From 1072e8822b7c46867476df4b5d7f90ac65958774 Mon Sep 17 00:00:00 2001
From: Jacob Nesbitt <jjnesbitt2@gmail.com>
Date: Wed, 3 Apr 2024 11:05:34 -0400
Subject: [PATCH] Revert "Add embargoed tags bucket policy"

---
 terraform/modules/dandiset_bucket/main.tf | 36 -----------------------
 1 file changed, 36 deletions(-)

diff --git a/terraform/modules/dandiset_bucket/main.tf b/terraform/modules/dandiset_bucket/main.tf
index 7208fb3..1967041 100644
--- a/terraform/modules/dandiset_bucket/main.tf
+++ b/terraform/modules/dandiset_bucket/main.tf
@@ -136,42 +136,6 @@ data "aws_iam_policy_document" "dandiset_bucket_owner" {
   }
 }
 
-resource "aws_s3_bucket_policy" "dandiset_embargoed_objects" {
-  count    = var.public ? 1 : 0
-  provider = aws
-  bucket   = aws_s3_bucket.dandiset_bucket.id
-  policy   = data.aws_iam_policy_document.dandiset_embargoed_objects[0].json
-}
-
-data "aws_iam_policy_document" "dandiset_embargoed_objects" {
-  count   = var.public ? 1 : 0
-  version = "2008-10-17"
-
-  statement {
-    effect = "Deny"
-    principals {
-      identifiers = ["*"]
-      type        = "*"
-    }
-    actions = [
-      "s3:*",
-    ]
-    resources = [
-      "${aws_s3_bucket.dandiset_bucket.arn}/*",
-    ]
-    condition {
-      test     = "StringEquals"
-      variable = "s3:ExistingObjectTag/embargoed"
-      values   = ["true"]
-    }
-    condition {
-      test     = "ArnNotEquals"
-      variable = "aws:PrincipalArn"
-      values   = [var.heroku_user.arn]
-    }
-  }
-}
-
 resource "aws_s3_bucket_policy" "dandiset_bucket_policy" {
   provider = aws