Migrate existing s3 buckets over to use our new s3 shared module

[jaskaransarkaria]

User Need

As a Platform Engineer
I want to control aws s3 bucket creation, deletion and updates from our terraform module
so that we don't have disparate configurations and code and can enforce better standards going forward

---

Context

(Add any extra context, links, diagrams, stakeholder interviews, etc.)

Our first use of the module is a good example for others to come. Note the pinning the module version, this important so that we don't inadvertently cause existing buckets to change when we make changes to the module.

module "secure_s3_bucket" {
  source = "github.com/alphagov/govuk-infrastructure/terraform/shared-modules/s3?ref=3f260111d76ce69eeb1f6b9b8d3ea52e1bd467b4"

  name               = local.bucket_name
  versioning_enabled = true
  lifecycle_rules    = []
}

---

What’s Needed

List anything the solution must do or be (behaviour, performance, security, UX, etc.).

• Migrate terraform/deployments/govuk-publishing-infrastructure/search_relevancy_s3.tf to S3 Shared Module
• Migrate terraform/deployments/govuk-publishing-infrastructure/whitehall_csvs_s3.tf to S3 Shared Module
• Migrate terraform/deployments/opensearch/s3.tf to S3 Shared Module
• terraform/deployments/elasticsearch-green/s3.tf
• terraform/deployments/govuk-publishing-infrastructure/locations_api_s3.tf
• terraform/deployments/govuk-publishing-infrastructure/app_assets_s3.tf
• terraform/deployments/govuk-publishing-infrastructure/attachments_s3.tf
• terraform/deployments/logging/aws_logging.tf
• terraform/deployments/govuk-publishing-infrastructure/content_data_s3.tf
• terraform/deployments/govuk-publishing-infrastructure/asset_manager_s3.tf
• terraform/deployments/govuk-publishing-infrastructure/search_sitemaps_s3.tf
• terraform/deployments/govuk-publishing-infrastructure/athena_query_results_s3.tf
• terraform/deployments/govuk-publishing-infrastructure/govuk_mirror_sync.tf
• terraform/deployments/govuk-publishing-infrastructure/ai_accelerator_s3.tf
• terraform/deployments/datagovuk-infrastructure/static_data_bucket.tf
• terraform/deployments/mobile-backend/config-bucket.tf
• terraform/deployments/datagovuk-infrastructure/organogram_bucket.tf
• terraform/deployments/elasticsearch/s3.tf

---

Acceptance Criteria

Clear, measurable conditions to verify the story is complete and valuable.

• all buckets are using our shared module without any changes made to the existing buckets
• Buckets that are not well configured but can be migrated without disruption, can be migrated. Anything that cannot, will need some extra consideration.

---

Risks & Mitigation (optional)

• Changing existing bucket configuration [Mitigation] - ensure all code change results in a noop

---

[dj-maisy]

[Refinement] Spin this into sub-tasks to take on bucket migrations individually, learn from the process. Tweak the module if necessary.

AC: Buckets that are not well configured but can be migrated without disruption, can be migrated. Anything that cannot, will need some extra consideration.