Adding lifecycle rule support (#18)

Author: jamengual

README.md

@@ -92,9 +92,13 @@ Available targets:
 | enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no |
 | force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no |
 | kms_master_key_arn | The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
+| lifecycle_rule_enabled | Enable or disable lifecycle rule | bool | `false` | no |
 | name | Name  (e.g. `app` or `cluster`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| noncurrent_version_expiration_days | Specifies when noncurrent object versions expire | number | `90` | no |
+| noncurrent_version_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier | number | `30` | no |
 | policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no |
+| prefix | Prefix identifying one or more objects to which the rule applies | string | `` | no |
 | region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee | string | `` | no |
 | sse_algorithm | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | string | `AES256` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
@@ -261,13 +265,13 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 |---|---|---|---|
 
   [osterman_homepage]: https://github.com/osterman
-  [osterman_avatar]: https://github.com/osterman.png?size=150
+  [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png
   [aknysh_homepage]: https://github.com/aknysh
-  [aknysh_avatar]: https://github.com/aknysh.png?size=150
+  [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png
   [maximmi_homepage]: https://github.com/maximmi
-  [maximmi_avatar]: https://github.com/maximmi.png?size=150
+  [maximmi_avatar]: https://img.cloudposse.com/150x150/https://github.com/maximmi.png
   [joshmyers_homepage]: https://github.com/joshmyers
-  [joshmyers_avatar]: https://github.com/joshmyers.png?size=150
+  [joshmyers_avatar]: https://img.cloudposse.com/150x150/https://github.com/joshmyers.png
 
 
 

docs/terraform.md

@@ -0,0 +1,41 @@
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| acl | The canned ACL to apply. We recommend `private` to avoid exposing sensitive information | string | `private` | no |
+| allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | `false` | no |
+| allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list(string) | `<list>` | no |
+| attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
+| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
+| enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no |
+| force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no |
+| kms_master_key_arn | The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
+| lifecycle_rule_enabled | Enable or disable lifecycle rule | bool | `false` | no |
+| name | Name  (e.g. `app` or `cluster`) | string | - | yes |
+| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| noncurrent_version_expiration_days | Specifies when noncurrent object versions expire | number | `90` | no |
+| noncurrent_version_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier | number | `30` | no |
+| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no |
+| prefix | Prefix identifying one or more objects to which the rule applies | string | `` | no |
+| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee | string | `` | no |
+| sse_algorithm | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | string | `AES256` | no |
+| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
+| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map(string) | `<map>` | no |
+| user_enabled | Set to `true` to create an IAM user with permission to access the bucket | bool | `false` | no |
+| versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket | bool | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| access_key_id | The access key ID |
+| bucket_arn | Bucket ARN |
+| bucket_domain_name | FQDN of bucket |
+| bucket_id | Bucket Name (aka ID) |
+| enabled | Is module enabled |
+| secret_access_key | The secret access key. This will be written to the state file in plain-text |
+| user_arn | The ARN assigned by AWS for the user |
+| user_enabled | Is user creation enabled |
+| user_name | Normalized IAM user name |
+| user_unique_id | The user unique ID assigned by AWS |
+

main.tf

@@ -21,6 +21,23 @@ resource "aws_s3_bucket" "default" {
     enabled = var.versioning_enabled
   }
 
+  lifecycle_rule {
+    id      = module.default_label.id
+    enabled = var.lifecycle_rule_enabled
+    prefix  = var.prefix
+    tags    = module.default_label.tags
+
+    noncurrent_version_transition {
+      days          = var.noncurrent_version_transition_days
+      storage_class = "GLACIER"
+    }
+
+    noncurrent_version_expiration {
+      days = var.noncurrent_version_expiration_days
+    }
+  }
+
+
   # https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
   # https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#enable-default-server-side-encryption
   server_side_encryption_configuration {

variables.tf

@@ -98,3 +98,27 @@ variable "allow_encrypted_uploads_only" {
   default     = false
   description = "Set to `true` to prevent uploads of unencrypted objects to S3 bucket"
 }
+
+variable "lifecycle_rule_enabled" {
+  type        = bool
+  default     = false
+  description = "Enable or disable lifecycle rule"
+}
+
+variable "prefix" {
+  type        = string
+  default     = ""
+  description = "Prefix identifying one or more objects to which the rule applies"
+}
+
+variable "noncurrent_version_transition_days" {
+  type        = number
+  default     = 30
+  description = "Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier"
+}
+
+variable "noncurrent_version_expiration_days" {
+  type        = number
+  default     = 90
+  description = "Specifies when noncurrent object versions expire"
+}