[sdlf-stage-glue] handling of storage parameters

sdlf-stage-glue/src/glue.yaml

@@ -39,14 +39,22 @@ Parameters:
     Description: EventBridge schedule group for the dataset
     Type: String
     Default: "" # if not provided, pDatasetDeploymentInstance must be specified
+  pStorageDeploymentInstance:
+    Type: String
+    Description: The string uniquely identifying a sdlf-foundations deployment in this AWS account
+    Default: "" # see below comments
   pRawBucket:
     Description: Raw bucket
     Type: String
-    Default: "{{resolve:ssm:/sdlf/storage/rRawBucket/dev}}"
+    Default: "" # if not provided, pStorageDeploymentInstance must be specified
   pStageBucket:
     Description: Stage bucket
     Type: String
-    Default: "{{resolve:ssm:/sdlf/storage/rStageBucket/dev}}"
+    Default: "" # if not provided, pStorageDeploymentInstance must be specified
+  pAnalyticsBucket:
+    Description: Analytics bucket
+    Type: String
+    Default: "" # if not provided, pStorageDeploymentInstance must be specified
   pDataset:
     Description: The name of the dataset (all lowercase, no symbols or spaces)
     Type: String
@@ -292,22 +300,6 @@ Resources:
             Principal:
               Service: lambda.amazonaws.com
             Action: sts:AssumeRole
-      Policies:
-        - PolicyName: !Sub sdlf-${pDataset}-${pPipeline}-${pStageName}-metadata
-          PolicyDocument:
-            Version: "2012-10-17"
-            Statement:
-              - Effect: Allow
-                Action:
-                  - s3:ListBucket
-                Resource:
-                  - !Sub arn:${AWS::Partition}:s3:::${pRawBucket}
-                  - !Sub arn:${AWS::Partition}:s3:::${pStageBucket}
-              - Effect: Allow
-                Action:
-                  - s3:GetObject
-                Resource:
-                  - !Sub arn:${AWS::Partition}:s3:::${pStageBucket}/${pDataset}/*
 
   # Error Handling Lambda Role
   rRoleLambdaExecutionErrorStep: