diff --git a/terraform/projects/infra-mirror-bucket/.terraform-version b/terraform/projects/infra-mirror-bucket/.terraform-version
deleted file mode 100644
index ebf55b3d7..000000000
--- a/terraform/projects/infra-mirror-bucket/.terraform-version
+++ /dev/null
@@ -1 +0,0 @@
-0.13.6
diff --git a/terraform/projects/infra-mirror-bucket/README.md b/terraform/projects/infra-mirror-bucket/README.md
deleted file mode 100644
index c86a3a84b..000000000
--- a/terraform/projects/infra-mirror-bucket/README.md
+++ /dev/null
@@ -1,78 +0,0 @@
-## Project: infra-mirror-bucket
-
-This project creates two s3 buckets: a primary s3 bucket to store the govuk
-mirror files and a replica s3 bucket which tracks the primary s3 bucket.
-
-The primary bucket should be in London and the backup in Ireland.
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | = 0.13.6 |
-| [aws](#requirement\_aws) | ~> 3.76 |
-| [fastly](#requirement\_fastly) | >= 3.0.4 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | ~> 3.76 |
-| [aws.aws\_replica](#provider\_aws.aws\_replica) | ~> 3.76 |
-| [external](#provider\_external) | n/a |
-| [fastly](#provider\_fastly) | >= 3.0.4 |
-| [template](#provider\_template) | n/a |
-| [terraform](#provider\_terraform) | n/a |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.govuk_mirror_read_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.govuk_mirror_replication_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_attachment.govuk_mirror_read_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.govuk_mirror_replication_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_role.govuk_mirror_replication_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_user.govuk_mirror_google_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
-| [aws_s3_bucket.govuk-mirror](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket.govuk-mirror-replica](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_policy.govuk_mirror_read_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
-| [aws_s3_bucket_policy.govuk_mirror_replica_read_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.s3_mirror_read_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.s3_mirror_replica_read_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [fastly_ip_ranges.fastly](https://registry.terraform.io/providers/fastly/fastly/latest/docs/data-sources/ip_ranges) | data source |
-| [template_file.s3_govuk_mirror_read_policy_template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
-| [template_file.s3_govuk_mirror_replication_policy_template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
-| [template_file.s3_govuk_mirror_replication_role_template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
-| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
-| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
-| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes |
-| [aws\_integration\_account\_root\_arn](#input\_aws\_integration\_account\_root\_arn) | AWS account root ARN for the Integration account | `string` | n/a | yes |
-| [aws\_region](#input\_aws\_region) | AWS region where primary s3 bucket is located | `string` | `"eu-west-2"` | no |
-| [aws\_replica\_region](#input\_aws\_replica\_region) | AWS region where replica s3 bucket is located | `string` | `"eu-west-1"` | no |
-| [eks\_egress\_ips](#input\_eks\_egress\_ips) | Egress addresses for the corresponding EKS environment, in CIDR notation. | `list(string)` | n/a | yes |
-| [enable\_replica\_lifecycle\_rules](#input\_enable\_replica\_lifecycle\_rules) | Enable lifecycle rules for the mirror bucket's replica | `bool` | `true` | no |
-| [enable\_replication](#input\_enable\_replication) | Enable replication from the mirror bucket to its replica | `bool` | `true` | no |
-| [gds\_egress\_ips](#input\_gds\_egress\_ips) | An array of CIDR blocks that will be allowed offsite access. | `list(any)` | n/a | yes |
-| [lifecycle\_government\_uploads](#input\_lifecycle\_government\_uploads) | Number of days for the lifecycle rule for the mirror in the case where the prefix path is www.gov.uk/government/uploads/ | `string` | `"8"` | no |
-| [lifecycle\_main](#input\_lifecycle\_main) | Number of days for the lifecycle rule for the mirror | `string` | `"5"` | no |
-| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes |
-| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no |
-| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no |
-| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no |
-| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes |
-
-## Outputs
-
-No outputs.
diff --git a/terraform/projects/infra-mirror-bucket/integration.govuk.backend b/terraform/projects/infra-mirror-bucket/integration.govuk.backend
deleted file mode 100644
index b4ad3cbe7..000000000
--- a/terraform/projects/infra-mirror-bucket/integration.govuk.backend
+++ /dev/null
@@ -1,4 +0,0 @@
-bucket = "govuk-terraform-steppingstone-integration"
-key = "govuk/infra-mirror-bucket.tfstate"
-encrypt = true
-region = "eu-west-1"
diff --git a/terraform/projects/infra-mirror-bucket/main.tf b/terraform/projects/infra-mirror-bucket/main.tf
deleted file mode 100644
index ed22d8e99..000000000
--- a/terraform/projects/infra-mirror-bucket/main.tf
+++ /dev/null
@@ -1,342 +0,0 @@
-/**
-* ## Project: infra-mirror-bucket
-*
-* This project creates two s3 buckets: a primary s3 bucket to store the govuk
-* mirror files and a replica s3 bucket which tracks the primary s3 bucket.
-*
-* The primary bucket should be in London and the backup in Ireland.
-*
-*/
-
-variable "aws_region" {
- type = string
- description = "AWS region where primary s3 bucket is located"
- default = "eu-west-2"
-}
-
-variable "aws_replica_region" {
- type = string
- description = "AWS region where replica s3 bucket is located"
- default = "eu-west-1"
-}
-
-variable "aws_environment" {
- type = string
- description = "AWS Environment"
-}
-
-variable "stackname" {
- type = string
- description = "Stackname"
-}
-
-variable "remote_state_bucket" {
- type = string
- description = "S3 bucket we store our terraform state in"
-}
-
-variable "remote_state_infra_monitoring_key_stack" {
- type = string
- description = "Override stackname path to infra_monitoring remote state "
- default = ""
-}
-
-variable "remote_state_infra_networking_key_stack" {
- type = string
- description = "Override infra_networking remote state path"
- default = ""
-}
-
-variable "gds_egress_ips" {
- type = list(any)
- description = "An array of CIDR blocks that will be allowed offsite access."
-}
-
-variable "eks_egress_ips" {
- type = list(string)
- description = "Egress addresses for the corresponding EKS environment, in CIDR notation."
-}
-
-variable "lifecycle_main" {
- type = string
- description = "Number of days for the lifecycle rule for the mirror"
- default = "5"
-}
-
-variable "lifecycle_government_uploads" {
- type = string
- description = "Number of days for the lifecycle rule for the mirror in the case where the prefix path is www.gov.uk/government/uploads/"
- default = "8"
-}
-
-variable "remote_state_infra_vpc_key_stack" {
- type = string
- description = "Override infra_vpc remote state path"
- default = ""
-}
-
-variable "enable_replication" {
- type = bool
- description = "Enable replication from the mirror bucket to its replica"
- default = true
-}
-
-variable "enable_replica_lifecycle_rules" {
- type = bool
- description = "Enable lifecycle rules for the mirror bucket's replica"
- default = true
-}
-
-# Resources
-# --------------------------------------------------------------
-
-# Set up the backend & provider for each region
-terraform {
- backend "s3" {}
- required_version = "= 0.13.6"
-
- required_providers {
- fastly = {
- source = "fastly/fastly"
- version = ">= 3.0.4"
- }
-
- aws = {
- source = "hashicorp/aws"
- version = "~> 3.76"
- }
- }
-}
-
-provider "aws" {
- region = var.aws_region
-}
-
-provider "aws" {
- region = var.aws_replica_region
- alias = "aws_replica"
-}
-
-# This provider is no longer used, but at time of writing resources still exist that were created by it, so it can't be removed yet
-provider "aws" {
- region = "us-east-1"
- alias = "aws_cloudfront_certificate"
-}
-
-data "aws_caller_identity" "current" {}
-
-data "terraform_remote_state" "infra_monitoring" {
- backend = "s3"
-
- config = {
- bucket = var.remote_state_bucket
- key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate"
- region = var.aws_replica_region
- }
-}
-
-data "terraform_remote_state" "infra_networking" {
- backend = "s3"
-
- config = {
- bucket = var.remote_state_bucket
- key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate"
- region = var.aws_replica_region
- }
-}
-
-data "terraform_remote_state" "infra_vpc" {
- backend = "s3"
-
- config = {
- bucket = var.remote_state_bucket
- key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate"
- region = var.aws_replica_region
- }
-}
-
-resource "aws_s3_bucket" "govuk-mirror" {
- bucket = "govuk-${var.aws_environment}-mirror"
-
- tags = {
- Name = "govuk-${var.aws_environment}-mirror"
- aws_environment = var.aws_environment
- }
-
- logging {
- target_bucket = data.terraform_remote_state.infra_monitoring.outputs.aws_secondary_logging_bucket_id
- target_prefix = "s3/govuk-${var.aws_environment}-mirror/"
- }
-
- versioning {
- enabled = true
- }
-
- lifecycle_rule {
- id = "main"
- enabled = true
-
- prefix = ""
-
- noncurrent_version_expiration {
- days = var.lifecycle_main
- }
- }
-
- lifecycle_rule {
- id = "government_uploads"
- enabled = true
-
- prefix = "www.gov.uk/government/uploads/"
-
- noncurrent_version_expiration {
- days = var.lifecycle_government_uploads
- }
- }
-
- dynamic "replication_configuration" {
- for_each = var.enable_replication ? [1] : []
-
- content {
- role = aws_iam_role.govuk_mirror_replication_role.arn
-
- rules {
- id = "govuk-mirror-replication-whole-bucket-rule"
- prefix = ""
- status = "Enabled"
-
- destination {
- bucket = aws_s3_bucket.govuk-mirror-replica.arn
- storage_class = "STANDARD"
- }
- }
- }
- }
-
- cors_rule {
- allowed_headers = ["*"]
- allowed_methods = ["GET", "HEAD"]
- allowed_origins = ["*"]
- max_age_seconds = 3000
- }
-}
-
-resource "aws_s3_bucket" "govuk-mirror-replica" {
- bucket = "govuk-${var.aws_environment}-mirror-replica"
- provider = aws.aws_replica
-
- tags = {
- Name = "govuk-${var.aws_environment}-mirror-replica"
- Status = var.enable_replication ? null : "Not in use in ${var.aws_environment} environment"
- aws_environment = var.aws_environment
- }
-
- logging {
- target_bucket = data.terraform_remote_state.infra_monitoring.outputs.aws_logging_bucket_id
- target_prefix = "s3/govuk-${var.aws_environment}-mirror-replica/"
- }
-
- versioning {
- enabled = true
- }
-
- dynamic "lifecycle_rule" {
- for_each = var.enable_replica_lifecycle_rules ? [1] : []
-
- content {
- id = "main"
- enabled = true
-
- prefix = ""
-
- noncurrent_version_expiration {
- days = var.lifecycle_main
- }
- }
- }
-
- dynamic "lifecycle_rule" {
- for_each = var.enable_replica_lifecycle_rules ? [1] : []
-
- content {
- id = "government_uploads"
- enabled = true
-
- prefix = "www.gov.uk/government/uploads/"
-
- noncurrent_version_expiration {
- days = var.lifecycle_government_uploads
- }
- }
- }
-}
-
-resource "aws_s3_bucket_policy" "govuk_mirror_read_policy" {
- bucket = aws_s3_bucket.govuk-mirror.id
- policy = data.aws_iam_policy_document.s3_mirror_read_policy_doc.json
-}
-
-resource "aws_s3_bucket_policy" "govuk_mirror_replica_read_policy" {
- bucket = aws_s3_bucket.govuk-mirror-replica.id
- policy = data.aws_iam_policy_document.s3_mirror_replica_read_policy_doc.json
- provider = aws.aws_replica
-}
-
-# S3 backup replica role configuration
-data "template_file" "s3_govuk_mirror_replication_role_template" {
- template = file("${path.module}/../../policies/s3_govuk_mirror_replication_role.tpl")
-}
-
-# Adding backup replication role
-resource "aws_iam_role" "govuk_mirror_replication_role" {
- name = "${var.stackname}-mirror-replication-role"
- assume_role_policy = data.template_file.s3_govuk_mirror_replication_role_template.rendered
-}
-
-data "template_file" "s3_govuk_mirror_replication_policy_template" {
- template = file("${path.module}/../../policies/s3_govuk_mirror_replication_policy.tpl")
-
- vars = {
- govuk_mirror_arn = aws_s3_bucket.govuk-mirror.arn
- govuk_mirror_replica_arn = aws_s3_bucket.govuk-mirror-replica.arn
- aws_account_id = data.aws_caller_identity.current.account_id
- }
-}
-
-# Adding backup replication policy
-resource "aws_iam_policy" "govuk_mirror_replication_policy" {
- name = "govuk-${var.aws_environment}-mirror-buckets-replication-policy"
- policy = data.template_file.s3_govuk_mirror_replication_policy_template.rendered
- description = "Allows replication of the mirror buckets"
-}
-
-# Combine the role and policy
-resource "aws_iam_policy_attachment" "govuk_mirror_replication_policy_attachment" {
- name = "s3-govuk-mirror-replication-policy-attachment"
- roles = [aws_iam_role.govuk_mirror_replication_role.name]
- policy_arn = aws_iam_policy.govuk_mirror_replication_policy.arn
-}
-
-data "template_file" "s3_govuk_mirror_read_policy_template" {
- template = file("${path.module}/../../policies/s3_govuk_mirror_read_policy.tpl")
-
- vars = {
- govuk_mirror_arn = aws_s3_bucket.govuk-mirror.arn
- }
-}
-
-resource "aws_iam_policy" "govuk_mirror_read_policy" {
- name = "govuk-${var.aws_environment}-mirror-read-policy"
- policy = data.template_file.s3_govuk_mirror_read_policy_template.rendered
- description = "Allow the listing and reading of the primary govuk mirror bucket"
-}
-
-resource "aws_iam_user" "govuk_mirror_google_reader" {
- name = "govuk_mirror_google_reader"
-}
-
-resource "aws_iam_policy_attachment" "govuk_mirror_read_policy_attachment" {
- name = "s3-govuk-mirror-read-policy-attachment"
- users = [aws_iam_user.govuk_mirror_google_reader.name]
- policy_arn = aws_iam_policy.govuk_mirror_read_policy.arn
-}
diff --git a/terraform/projects/infra-mirror-bucket/mirror-read-policy.tf b/terraform/projects/infra-mirror-bucket/mirror-read-policy.tf
deleted file mode 100644
index a492dbbcd..000000000
--- a/terraform/projects/infra-mirror-bucket/mirror-read-policy.tf
+++ /dev/null
@@ -1,209 +0,0 @@
-provider "fastly" {
- # We only want to use fastly's data API
- api_key = "test"
-}
-
-variable "aws_integration_account_root_arn" {
- type = string
- description = "AWS account root ARN for the Integration account"
-}
-
-locals {
- egress_ips = concat(
- var.eks_egress_ips,
- data.terraform_remote_state.infra_networking.outputs.nat_gateway_elastic_ips_list,
- )
-}
-
-data "fastly_ip_ranges" "fastly" {}
-
-data "aws_iam_policy_document" "s3_mirror_read_policy_doc" {
- statement {
- sid = "S3FastlyReadBucket"
- actions = ["s3:GetObject"]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}/*",
- ]
-
- condition {
- test = "IpAddress"
- variable = "aws:SourceIp"
- values = data.fastly_ip_ranges.fastly.cidr_blocks
- }
-
- principals {
- type = "AWS"
- identifiers = ["*"]
- }
- }
-
- statement {
- sid = "S3OfficeReadBucket"
- actions = ["s3:GetObject"]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}/*",
- ]
-
- condition {
- test = "IpAddress"
- variable = "aws:SourceIp"
- values = var.gds_egress_ips
- }
-
- principals {
- type = "AWS"
- identifiers = ["*"]
- }
- }
-
- statement {
- sid = "S3NATInternalReadBucket"
- actions = ["s3:GetObject"]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}/*",
- ]
-
- condition {
- test = "IpAddress"
- variable = "aws:SourceIp"
- values = local.egress_ips
- }
-
- principals {
- type = "AWS"
- identifiers = ["*"]
- }
- }
-
- statement {
- sid = "CrossAccountAccess"
- effect = "Allow"
-
- actions = [
- "s3:ListBucket",
- "s3:GetObject",
- ]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror.id}/*",
- ]
-
- principals {
- type = "AWS"
- identifiers = [var.aws_integration_account_root_arn]
- }
- }
-}
-
-data "aws_iam_policy_document" "s3_mirror_replica_read_policy_doc" {
- statement {
- sid = "S3FastlyReadBucket"
- actions = ["s3:GetObject"]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}/*",
- ]
-
- condition {
- test = "IpAddress"
- variable = "aws:SourceIp"
- values = data.fastly_ip_ranges.fastly.cidr_blocks
- }
-
- principals {
- type = "AWS"
- identifiers = ["*"]
- }
- }
-
- statement {
- sid = "S3OfficeReadBucket"
- actions = ["s3:GetObject"]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}/*",
- ]
-
- condition {
- test = "IpAddress"
- variable = "aws:SourceIp"
- values = var.gds_egress_ips
- }
-
- principals {
- type = "AWS"
- identifiers = ["*"]
- }
- }
-
- statement {
- sid = "S3NATInternalReadBucket"
- actions = ["s3:GetObject"]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}/*",
- ]
-
- condition {
- test = "IpAddress"
- variable = "aws:SourceIp"
- values = local.egress_ips
- }
-
- principals {
- type = "AWS"
- identifiers = ["*"]
- }
- }
-
- statement {
- sid = "S3NATGatewayReadBucket"
- actions = ["s3:GetObject"]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}/*",
- ]
-
- condition {
- test = "StringEquals"
- variable = "aws:SourceVpce"
- values = [data.terraform_remote_state.infra_vpc.outputs.s3_gateway_id]
- }
-
- principals {
- type = "AWS"
- identifiers = ["*"]
- }
- }
-
- statement {
- sid = "CrossAccountAccess"
- effect = "Allow"
-
- actions = [
- "s3:ListBucket",
- "s3:GetObject",
- ]
-
- resources = [
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}",
- "arn:aws:s3:::${aws_s3_bucket.govuk-mirror-replica.id}/*",
- ]
-
- principals {
- type = "AWS"
- identifiers = [var.aws_integration_account_root_arn]
- }
- }
-}
diff --git a/terraform/projects/infra-mirror-bucket/production.govuk.backend b/terraform/projects/infra-mirror-bucket/production.govuk.backend
deleted file mode 100644
index 7d2cfe678..000000000
--- a/terraform/projects/infra-mirror-bucket/production.govuk.backend
+++ /dev/null
@@ -1,4 +0,0 @@
-bucket = "govuk-terraform-steppingstone-production"
-key = "govuk/infra-mirror-bucket.tfstate"
-encrypt = true
-region = "eu-west-1"
diff --git a/terraform/projects/infra-mirror-bucket/staging.govuk.backend b/terraform/projects/infra-mirror-bucket/staging.govuk.backend
deleted file mode 100644
index eb0e73ca7..000000000
--- a/terraform/projects/infra-mirror-bucket/staging.govuk.backend
+++ /dev/null
@@ -1,4 +0,0 @@
-bucket = "govuk-terraform-steppingstone-staging"
-key = "govuk/infra-mirror-bucket.tfstate"
-encrypt = true
-region = "eu-west-1"