From 40a8cc04ef4eb1a2d92b89a0749408d467d5f339 Mon Sep 17 00:00:00 2001
From: Chuck Daniels <chuck@developmentseed.org>
Date: Tue, 12 Dec 2023 13:44:08 -0500
Subject: [PATCH] Fix SNS topic subscribe permissions (#309)

---
 app/stacks/cumulus/main.tf                    | 24 ++-----------------
 .../discover-granules-workflow.asl.json       |  2 +-
 2 files changed, 3 insertions(+), 23 deletions(-)

diff --git a/app/stacks/cumulus/main.tf b/app/stacks/cumulus/main.tf
index bdb388a..90aa8f3 100644
--- a/app/stacks/cumulus/main.tf
+++ b/app/stacks/cumulus/main.tf
@@ -121,27 +121,6 @@ resource "null_resource" "put_bucket_logging" {
 }
 # <% end %>
 
-# <% if !in_sandbox? then %>
-resource "null_resource" "allow_sns_subscriptions_from_metrics" {
-  for_each = toset(["collections", "executions", "granules", "pdrs"])
-
-  triggers = {
-    metrics_aws_account_id = data.aws_ssm_parameter.metrics_aws_account_id.value
-  }
-
-  provisioner "local-exec" {
-    interpreter = ["bash", "-c"]
-    command     = <<-COMMAND
-      aws sns add-permission \
-        --topic-arn arn:aws:sns:${var.aws_region}:${local.aws_account_id}:${var.prefix}-report-${each.value}-topic \
-        --label subscribe_from_metrics \
-        --action Subscribe \
-        --aws-account-id ${data.aws_ssm_parameter.metrics_aws_account_id.value} || true
-    COMMAND
-  }
-}
-# <% end %>
-
 resource "random_string" "token_secret" {
   length  = 32
   special = true
@@ -555,7 +534,8 @@ module "cumulus" {
   api_gateway_stage           = var.api_gateway_stage
 
   # <% if !in_sandbox? then %>
-  log_destination_arn = data.aws_ssm_parameter.log_destination_arn.value
+  log_destination_arn              = data.aws_ssm_parameter.log_destination_arn.value
+  report_sns_topic_subscriber_arns = ["arn:aws:iam::${data.aws_ssm_parameter.metrics_aws_account_id.value}:root"]
   # <% end %>
   additional_log_groups_to_elk = var.additional_log_groups_to_elk
 
diff --git a/app/stacks/cumulus/templates/discover-granules-workflow.asl.json b/app/stacks/cumulus/templates/discover-granules-workflow.asl.json
index d334230..6d92380 100644
--- a/app/stacks/cumulus/templates/discover-granules-workflow.asl.json
+++ b/app/stacks/cumulus/templates/discover-granules-workflow.asl.json
@@ -90,7 +90,7 @@
                           "buckets": "{$.meta.buckets}",
                           "stack": "{$.meta.stack}",
                           "duplicateGranuleHandling": "{$.meta.collection.duplicateHandling}",
-                          "concurrency": 8
+                          "concurrency": 4
                         }
                       }
                     },