setup smart deletion rules

devksingh4 · devksingh4 · commit d6ce4bb204fa · 2025-08-30T19:29:04.000-05:00
diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf
@@ -82,7 +82,12 @@ module "archival" {
   RunEnvironment   = "dev"
   LogRetentionDays = var.LogRetentionDays
   BucketPrefix     = local.bucket_prefix
-  MonitorTables    = ["${var.ProjectId}-audit-log", "${var.ProjectId}-events", "${var.ProjectId}-room-requests", "${var.ProjectId}-room-requests-status"]
+  MonitorTables    = ["${var.ProjectId}-audit-log", "${var.ProjectId}-events", "${var.ProjectId}-room-requests"]
+  TableDeletionDays = tomap({
+    "${var.ProjectId}-audit-log" : 730,
+    "${var.ProjectId}-room-requests" : 730
+    # events are held forever as a cool historical archive - if no one reads them it shouldn't cost us much.
+  })
 }
 
 module "lambdas" {
diff --git a/terraform/modules/archival/main.tf b/terraform/modules/archival/main.tf
@@ -49,11 +49,41 @@ resource "aws_s3_bucket_lifecycle_configuration" "this" {
     id     = "intelligent-tiering-transition"
     status = "Enabled"
 
+    filter {}
+
     transition {
       days          = 1
       storage_class = "INTELLIGENT_TIERING"
     }
   }
+
+  rule {
+    id     = "ExpireNoncurrentVersions"
+    status = "Enabled"
+
+    filter {}
+
+    noncurrent_version_expiration {
+      noncurrent_days = 5
+    }
+  }
+
+  dynamic "rule" {
+    for_each = var.TableDeletionDays
+
+    content {
+      id     = "expire-${rule.key}"
+      status = "Enabled"
+
+      filter {
+        prefix = "resource=${rule.key}/"
+      }
+
+      expiration {
+        days = rule.value
+      }
+    }
+  }
 }
 
 resource "aws_s3_bucket_intelligent_tiering_configuration" "this" {
diff --git a/terraform/modules/archival/variables.tf b/terraform/modules/archival/variables.tf
@@ -7,10 +7,6 @@ variable "BucketPrefix" {
   type = string
 }
 
-variable "MonitorTables" {
-  type        = set(string)
-  description = "DynamoDB to monitor expire events for and archive."
-}
 
 variable "LogRetentionDays" {
   type = number
@@ -23,3 +19,13 @@ variable "RunEnvironment" {
     error_message = "The lambda run environment must be dev or prod."
   }
 }
+
+variable "MonitorTables" {
+  type        = set(string)
+  description = "DynamoDB to monitor expire events for and archive."
+}
+
+variable "TableDeletionDays" {
+  type        = map(string, number)
+  description = "Number of days for a given day to hold onto the records once it is put into the bucket."
+}
