Skip to content

Commit

Permalink
Merge pull request #16 from Coalfire-CF/remove_default_lifecycle_rules
Browse files Browse the repository at this point in the history
Remove default lifecycle rules.
  • Loading branch information
frank-avila authored Nov 22, 2024
2 parents 3511320 + b37d926 commit 7c1c232
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 23 deletions.
30 changes: 26 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,28 @@ module "s3_bucket" {
}
```

If you do not specify lifecycle rules when calling this module, none will be created.
Custom lifecycle rules:
```
enable_lifecycle_configuration_rules = true
lifecycle_configuration_rules = [
{
id = "default"
enabled = true
enable_glacier_transition = true
enable_current_object_expiration = true
enable_noncurrent_version_expiration = true
abort_incomplete_multipart_upload_days = 1
noncurrent_version_glacier_transition_days = 90
noncurrent_version_expiration_days = 365
glacier_transition_days = 90
expiration_days = 365
}
]
```

<!-- BEGIN_TF_DOCS -->
## Requirements

Expand Down Expand Up @@ -122,20 +144,20 @@ No modules.
| <a name="input_block_public_policy"></a> [block\_public\_policy](#input\_block\_public\_policy) | Whether Amazon S3 should block public bucket policies for this bucket. | `bool` | `false` | no |
| <a name="input_bucket_policy"></a> [bucket\_policy](#input\_bucket\_policy) | Conditionally create S3 bucket policy. | `bool` | `false` | no |
| <a name="input_control_object_ownership"></a> [control\_object\_ownership](#input\_control\_object\_ownership) | Whether to manage S3 Bucket Ownership Controls on this bucket. | `bool` | `false` | no |
| <a name="input_cors_rule"></a> [cors\_rule](#input\_cors\_rule) | CORS Configuration specification for this bucket | <pre>list(object({<br> allowed_headers = list(string)<br> allowed_methods = list(string)<br> allowed_origins = list(string)<br> expose_headers = list(string)<br> max_age_seconds = number<br> }))</pre> | `null` | no |
| <a name="input_cors_rule"></a> [cors\_rule](#input\_cors\_rule) | CORS Configuration specification for this bucket | <pre>list(object({<br/> allowed_headers = list(string)<br/> allowed_methods = list(string)<br/> allowed_origins = list(string)<br/> expose_headers = list(string)<br/> max_age_seconds = number<br/> }))</pre> | `null` | no |
| <a name="input_create_bucket"></a> [create\_bucket](#input\_create\_bucket) | Conditionally create S3 bucket. | `bool` | `true` | no |
| <a name="input_enable_kms"></a> [enable\_kms](#input\_enable\_kms) | Enable KMS key for enable\_server\_side\_encryption | `bool` | `true` | no |
| <a name="input_enable_lifecycle_configuration_rules"></a> [enable\_lifecycle\_configuration\_rules](#input\_enable\_lifecycle\_configuration\_rules) | enable or disable lifecycle\_configuration\_rules | `bool` | `true` | no |
| <a name="input_enable_lifecycle_configuration_rules"></a> [enable\_lifecycle\_configuration\_rules](#input\_enable\_lifecycle\_configuration\_rules) | enable or disable lifecycle\_configuration\_rules | `bool` | `false` | no |
| <a name="input_enable_server_side_encryption"></a> [enable\_server\_side\_encryption](#input\_enable\_server\_side\_encryption) | Enable enable\_server\_side\_encryption | `bool` | `true` | no |
| <a name="input_error_document"></a> [error\_document](#input\_error\_document) | he name of the error document for the website | `string` | `"error.html"` | no |
| <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no |
| <a name="input_ignore_public_acls"></a> [ignore\_public\_acls](#input\_ignore\_public\_acls) | Whether Amazon S3 should ignore public ACLs for this bucket. | `bool` | `false` | no |
| <a name="input_index_document"></a> [index\_document](#input\_index\_document) | The name of the index document for the website | `string` | `"index.html"` | no |
| <a name="input_kms_master_key_id"></a> [kms\_master\_key\_id](#input\_kms\_master\_key\_id) | The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse\_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse\_algorithm is aws:kms. | `string` | `null` | no |
| <a name="input_lifecycle_configuration_rules"></a> [lifecycle\_configuration\_rules](#input\_lifecycle\_configuration\_rules) | A list of lifecycle rules | <pre>list(object({<br> id = string<br> prefix = optional(string, null)<br> enabled = bool<br> tags = optional(map(string), null)<br><br> enable_glacier_transition = optional(bool, true)<br> enable_deeparchive_transition = optional(bool, false)<br> enable_standard_ia_transition = optional(bool, false)<br> enable_current_object_expiration = optional(bool, true)<br> enable_noncurrent_version_expiration = optional(bool, true)<br><br> abort_incomplete_multipart_upload_days = optional(number, null)<br> noncurrent_version_glacier_transition_days = optional(number, null)<br> noncurrent_version_deeparchive_transition_days = optional(number, null)<br> noncurrent_version_expiration_days = optional(number, null)<br><br> standard_transition_days = optional(number, null)<br> glacier_transition_days = optional(number, null)<br> deeparchive_transition_days = optional(number, null)<br> expiration_days = optional(number, null)<br> }))</pre> | <pre>[<br> {<br> "abort_incomplete_multipart_upload_days": 1,<br> "enable_current_object_expiration": true,<br> "enable_glacier_transition": true,<br> "enable_noncurrent_version_expiration": true,<br> "enabled": true,<br> "expiration_days": 365,<br> "glacier_transition_days": 90,<br> "id": "default",<br> "noncurrent_version_expiration_days": 365,<br> "noncurrent_version_glacier_transition_days": 90<br> }<br>]</pre> | no |
| <a name="input_lifecycle_configuration_rules"></a> [lifecycle\_configuration\_rules](#input\_lifecycle\_configuration\_rules) | A list of lifecycle rules | <pre>list(object({<br/> id = optional(string)<br/> prefix = optional(string, null)<br/> enabled = optional(bool)<br/> tags = optional(map(string), null)<br/><br/> enable_glacier_transition = optional(bool, true)<br/> enable_deeparchive_transition = optional(bool, false)<br/> enable_standard_ia_transition = optional(bool, false)<br/> enable_current_object_expiration = optional(bool, true)<br/> enable_noncurrent_version_expiration = optional(bool, true)<br/><br/> abort_incomplete_multipart_upload_days = optional(number, null)<br/> noncurrent_version_glacier_transition_days = optional(number, null)<br/> noncurrent_version_deeparchive_transition_days = optional(number, null)<br/> noncurrent_version_expiration_days = optional(number, null)<br/><br/> standard_transition_days = optional(number, null)<br/> glacier_transition_days = optional(number, null)<br/> deeparchive_transition_days = optional(number, null)<br/> expiration_days = optional(number, null)<br/> }))</pre> | `[]` | no |
| <a name="input_logging"></a> [logging](#input\_logging) | Logging Object to enable and disable logging | `bool` | `false` | no |
| <a name="input_name"></a> [name](#input\_name) | Name of S3 bucket | `string` | n/a | yes |
| <a name="input_object_lock_configuration"></a> [object\_lock\_configuration](#input\_object\_lock\_configuration) | With S3 Object Lock, you can store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. | <pre>object({<br> mode = string #Valid values are GOVERNANCE and COMPLIANCE.<br> days = number<br> years = number<br> })</pre> | `null` | no |
| <a name="input_object_lock_configuration"></a> [object\_lock\_configuration](#input\_object\_lock\_configuration) | With S3 Object Lock, you can store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. | <pre>object({<br/> mode = string #Valid values are GOVERNANCE and COMPLIANCE.<br/> days = number<br/> years = number<br/> })</pre> | `null` | no |
| <a name="input_object_ownership"></a> [object\_ownership](#input\_object\_ownership) | Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. 'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. 'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. 'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. | `string` | `"ObjectWriter"` | no |
| <a name="input_redirect"></a> [redirect](#input\_redirect) | The redirect behavior for every request to this bucket's website endpoint | `string` | `"documents/"` | no |
| <a name="input_request_payer"></a> [request\_payer](#input\_request\_payer) | Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer | `bool` | `false` | no |
Expand Down
23 changes: 4 additions & 19 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,15 @@ variable "kms_master_key_id" {

variable "enable_lifecycle_configuration_rules" {
type = bool
default = true
default = false
description = "enable or disable lifecycle_configuration_rules"
}

variable "lifecycle_configuration_rules" {
type = list(object({
id = string
id = optional(string)
prefix = optional(string, null)
enabled = bool
enabled = optional(bool)
tags = optional(map(string), null)

enable_glacier_transition = optional(bool, true)
Expand All @@ -74,22 +74,7 @@ variable "lifecycle_configuration_rules" {
deeparchive_transition_days = optional(number, null)
expiration_days = optional(number, null)
}))
default = [
{
id = "default"
enabled = true

enable_glacier_transition = true
enable_current_object_expiration = true
enable_noncurrent_version_expiration = true

abort_incomplete_multipart_upload_days = 1
noncurrent_version_glacier_transition_days = 90
noncurrent_version_expiration_days = 365
glacier_transition_days = 90
expiration_days = 365
}
]
default = []
description = "A list of lifecycle rules"
}

Expand Down

0 comments on commit 7c1c232

Please sign in to comment.