Feature - flexible s3 lifecycle rules

src/main.tf

@@ -173,19 +173,19 @@ module "archive_bucket" {
       enabled = var.lifecycle_rules_enabled
       tags    = {}
 
-      abort_incomplete_multipart_upload_days         = null
-      enable_glacier_transition                      = var.enable_glacier_transition
-      glacier_transition_days                        = var.glacier_transition_days
-      noncurrent_version_glacier_transition_days     = 30
-      enable_deeparchive_transition                  = false
-      deeparchive_transition_days                    = 0
-      noncurrent_version_deeparchive_transition_days = 0
-      enable_standard_ia_transition                  = false
-      standard_transition_days                       = 0
-      enable_current_object_expiration               = false
-      expiration_days                                = 0
-      enable_noncurrent_version_expiration           = false
-      noncurrent_version_expiration_days             = 0
+      abort_incomplete_multipart_upload_days         = var.archive_lifecycle_config.abort_incomplete_multipart_upload_days
+      enable_glacier_transition                      = var.archive_lifecycle_config.enable_glacier_transition
+      glacier_transition_days                        = var.archive_lifecycle_config.glacier_transition_days
+      noncurrent_version_glacier_transition_days     = var.archive_lifecycle_config.noncurrent_version_glacier_transition_days
+      enable_deeparchive_transition                  = var.archive_lifecycle_config.enable_deeparchive_transition
+      deeparchive_transition_days                    = var.archive_lifecycle_config.deeparchive_transition_days
+      noncurrent_version_deeparchive_transition_days = var.archive_lifecycle_config.noncurrent_version_deeparchive_transition_days
+      enable_standard_ia_transition                  = var.archive_lifecycle_config.enable_standard_ia_transition
+      standard_transition_days                       = var.archive_lifecycle_config.standard_transition_days
+      enable_current_object_expiration               = var.archive_lifecycle_config.expiration_days > 0
+      expiration_days                                = var.archive_lifecycle_config.expiration_days
+      enable_noncurrent_version_expiration           = var.archive_lifecycle_config.noncurrent_version_expiration_days > 0
+      noncurrent_version_expiration_days             = var.archive_lifecycle_config.noncurrent_version_expiration_days
     },
   ]
 
@@ -237,19 +237,19 @@ module "cloudtrail_s3_bucket" {
       enabled = var.lifecycle_rules_enabled
       tags    = {}
 
-      abort_incomplete_multipart_upload_days         = null
-      enable_glacier_transition                      = var.enable_glacier_transition
-      glacier_transition_days                        = 365
-      noncurrent_version_glacier_transition_days     = 365
-      enable_deeparchive_transition                  = false
-      deeparchive_transition_days                    = 0
-      noncurrent_version_deeparchive_transition_days = 0
-      enable_standard_ia_transition                  = false
-      standard_transition_days                       = 0
-      enable_current_object_expiration               = false
-      expiration_days                                = 0
-      enable_noncurrent_version_expiration           = false
-      noncurrent_version_expiration_days             = 0
+      abort_incomplete_multipart_upload_days         = var.cloudtrail_lifecycle_config.abort_incomplete_multipart_upload_days
+      enable_glacier_transition                      = var.cloudtrail_lifecycle_config.enable_glacier_transition
+      glacier_transition_days                        = var.cloudtrail_lifecycle_config.glacier_transition_days
+      noncurrent_version_glacier_transition_days     = var.cloudtrail_lifecycle_config.noncurrent_version_glacier_transition_days
+      enable_deeparchive_transition                  = var.cloudtrail_lifecycle_config.enable_deeparchive_transition
+      deeparchive_transition_days                    = var.cloudtrail_lifecycle_config.deeparchive_transition_days
+      noncurrent_version_deeparchive_transition_days = var.cloudtrail_lifecycle_config.noncurrent_version_deeparchive_transition_days
+      enable_standard_ia_transition                  = var.cloudtrail_lifecycle_config.enable_standard_ia_transition
+      standard_transition_days                       = var.cloudtrail_lifecycle_config.standard_transition_days
+      enable_current_object_expiration               = var.cloudtrail_lifecycle_config.expiration_days > 0
+      expiration_days                                = var.cloudtrail_lifecycle_config.expiration_days
+      enable_noncurrent_version_expiration           = var.cloudtrail_lifecycle_config.noncurrent_version_expiration_days > 0
+      noncurrent_version_expiration_days             = var.cloudtrail_lifecycle_config.noncurrent_version_expiration_days
     },
   ]
 

src/variables.tf

@@ -21,18 +21,43 @@ variable "lifecycle_rules_enabled" {
   default     = true
 }
 
-variable "enable_glacier_transition" {
-  type        = bool
-  description = "Enable/disable transition to glacier for log archive bucket. Has no effect unless lifecycle_rules_enabled set to true"
-  default     = true
+variable "archive_lifecycle_config" {
+  type = object({
+    abort_incomplete_multipart_upload_days         = optional(number, null)
+    enable_glacier_transition                      = optional(bool, true)
+    glacier_transition_days                        = optional(number, 365)
+    noncurrent_version_glacier_transition_days     = optional(number, 30)
+    enable_deeparchive_transition                  = optional(bool, false)
+    deeparchive_transition_days                    = optional(number, 0)
+    noncurrent_version_deeparchive_transition_days = optional(number, 0)
+    enable_standard_ia_transition                  = optional(bool, false)
+    standard_transition_days                       = optional(number, 0)
+    expiration_days                                = optional(number, 0)
+    noncurrent_version_expiration_days             = optional(number, 0)
+  })
+  description = "Lifecycle configuration for the archive S3 bucket"
+  default     = {}
 }
 
-variable "glacier_transition_days" {
-  type        = number
-  description = "Number of days after which to transition objects to glacier storage in log archive bucket"
-  default     = 365
+variable "cloudtrail_lifecycle_config" {
+  type = object({
+    abort_incomplete_multipart_upload_days         = optional(number, null)
+    enable_glacier_transition                      = optional(bool, true)
+    glacier_transition_days                        = optional(number, 365)
+    noncurrent_version_glacier_transition_days     = optional(number, 365)
+    enable_deeparchive_transition                  = optional(bool, false)
+    deeparchive_transition_days                    = optional(number, 0)
+    noncurrent_version_deeparchive_transition_days = optional(number, 0)
+    enable_standard_ia_transition                  = optional(bool, false)
+    standard_transition_days                       = optional(number, 0)
+    expiration_days                                = optional(number, 0)
+    noncurrent_version_expiration_days             = optional(number, 0)
+  })
+  description = "Lifecycle configuration for the cloudtrail S3 bucket"
+  default     = {}
 }
 
+
 variable "object_lock_days_archive" {
   type        = number
   description = "Object lock duration for archive buckets in days"
@@ -62,3 +87,5 @@ variable "s3_force_destroy" {
   description = "Set to true to delete non-empty buckets when enabled is set to false"
   default     = false
 }
+
+