fix: remove duplicate vpc execution permissions (#3304)

* fix(runners): remove duplicate VPC permissions

* fix(syncer): remove duplicate permissions

* docs: auto update terraform docs

* fix(pool): remove duplicate permissions

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: wzyboy

Diff for: modules/runner-binaries-syncer/README.md

@@ -63,7 +63,6 @@ No modules.
 | [aws_iam_role.syncer_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy.lambda_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.lambda_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.lambda_syncer_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.syncer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.syncer_lambda_xray](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy_attachment.syncer_vpc_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

Diff for: modules/runner-binaries-syncer/policies/lambda-vpc.json

@@ -108,14 +108,6 @@ resource "aws_iam_role_policy" "lambda_logging" {
   })
 }
 
-resource "aws_iam_role_policy" "lambda_syncer_vpc" {
-  count = length(var.lambda_subnet_ids) > 0 && length(var.lambda_security_group_ids) > 0 ? 1 : 0
-  name  = "${var.prefix}-lambda-syncer-vpc"
-  role  = aws_iam_role.syncer_lambda.id
-
-  policy = file("${path.module}/policies/lambda-vpc.json")
-}
-
 resource "aws_iam_role_policy" "syncer" {
   name = "${var.prefix}-lambda-syncer-s3-policy"
   role = aws_iam_role.syncer_lambda.id

Diff for: modules/runner-binaries-syncer/runner-binaries-syncer.tf

@@ -87,8 +87,6 @@ yarn run dist
 | [aws_iam_role_policy.describe_tags](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.dist_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.lambda_scale_down_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.lambda_scale_up_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.runner_session_manager_aws_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.scale_down](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy.scale_down_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |

Diff for: modules/runners/README.md

@@ -94,14 +94,6 @@ resource "aws_iam_role_policy" "pool_logging" {
   })
 }
 
-resource "aws_iam_role_policy" "lambda_pool_vpc" {
-  count = length(var.config.lambda.subnet_ids) > 0 && length(var.config.lambda.security_group_ids) > 0 ? 1 : 0
-  name  = "${var.config.prefix}-lambda-pool-vpc"
-  role  = aws_iam_role.pool.id
-
-  policy = file("${path.module}/../policies/lambda-vpc.json")
-}
-
 resource "aws_iam_role_policy_attachment" "pool_vpc_execution_role" {
   count      = length(var.config.lambda.subnet_ids) > 0 ? 1 : 0
   role       = aws_iam_role.pool.name

Diff for: modules/runners/policies/lambda-vpc.json

@@ -104,14 +104,6 @@ resource "aws_iam_role_policy" "scale_down_logging" {
   })
 }
 
-resource "aws_iam_role_policy" "lambda_scale_down_vpc" {
-  count = length(var.lambda_subnet_ids) > 0 && length(var.lambda_security_group_ids) > 0 ? 1 : 0
-  name  = "${var.prefix}-lambda-scale-down-vpc"
-  role  = aws_iam_role.scale_down.id
-
-  policy = file("${path.module}/policies/lambda-vpc.json")
-}
-
 resource "aws_iam_role_policy_attachment" "scale_down_vpc_execution_role" {
   count      = length(var.lambda_subnet_ids) > 0 ? 1 : 0
   role       = aws_iam_role.scale_down.name

Diff for: modules/runners/pool/main.tf

@@ -118,14 +118,6 @@ resource "aws_iam_role_policy" "service_linked_role" {
   policy = templatefile("${path.module}/policies/service-linked-role-create-policy.json", { aws_partition = var.aws_partition })
 }
 
-resource "aws_iam_role_policy" "lambda_scale_up_vpc" {
-  count = length(var.lambda_subnet_ids) > 0 && length(var.lambda_security_group_ids) > 0 ? 1 : 0
-  name  = "${var.prefix}-lambda-scale-up-vpc"
-  role  = aws_iam_role.scale_up.id
-
-  policy = file("${path.module}/policies/lambda-vpc.json")
-}
-
 resource "aws_iam_role_policy_attachment" "scale_up_vpc_execution_role" {
   count      = length(var.lambda_subnet_ids) > 0 ? 1 : 0
   role       = aws_iam_role.scale_up.name