update nomis lifecycle settings

terraform/environments/nomis/locals.tf

@@ -44,14 +44,14 @@ locals {
       enable_ec2_user_keypair                     = true
       enable_s3_bucket                            = true
       enable_s3_db_backup_bucket                  = true
+      enable_s3_software_bucket                   = true
       enable_image_builder                        = true
       enable_hmpps_domain                         = true # Syscon users are collaborators so need domain creds to access nomis-client EC2s
       iam_policies_filter                         = ["ImageBuilderS3BucketWriteAndDeleteAccessPolicy"]
       iam_policies_ec2_default                    = ["EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy"]
-      route53_resolver_rules = {
-        outbound-data-and-private-subnets = ["azure-fixngo-domain"]
-      }
-      s3_iam_policies = ["EC2S3BucketWriteAndDeleteAccessPolicy"]
+      route53_resolver_rules                      = { outbound-data-and-private-subnets = ["azure-fixngo-domain"] }
+      s3_iam_policies                             = ["EC2S3BucketWriteAndDeleteAccessPolicy"]
+      software_bucket_name                        = "ec2-image-builder-nomis"
     }
   }
 

terraform/environments/nomis/locals_development.tf

@@ -476,15 +476,15 @@ locals {
     }
 
     s3_buckets = {
-      nomis-audit-archives = {
-        custom_kms_key = module.environment.kms_keys["general"].arn
-        iam_policies   = module.baseline_presets.s3_iam_policies
-        lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default]
-      }
+      # nomis-audit-archives = {
+      #   custom_kms_key = module.environment.kms_keys["general"].arn
+      #   iam_policies   = module.baseline_presets.s3_iam_policies
+      #   lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.rman_backup_one_month]
+      # }
       syscon-bucket = {
         custom_kms_key = module.environment.kms_keys["general"].arn
         iam_policies   = module.baseline_presets.s3_iam_policies
-        lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default]
+        lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.software]
       }
     }
 

terraform/environments/nomis/locals_preproduction.tf

@@ -521,13 +521,13 @@ locals {
     }
 
     s3_buckets = {
-      nomis-audit-archives = {
-        custom_kms_key = module.environment.kms_keys["general"].arn
-        iam_policies   = module.baseline_presets.s3_iam_policies
-        lifecycle_rule = [
-          module.baseline_presets.s3_lifecycle_rules.ninety_day_standard_ia_ten_year_expiry
-        ]
-      }
+      # nomis-audit-archives = {
+      #   custom_kms_key = module.environment.kms_keys["general"].arn
+      #   iam_policies   = module.baseline_presets.s3_iam_policies
+      #   lifecycle_rule = [
+      #     module.baseline_presets.s3_lifecycle_rules.ninety_day_standard_ia_ten_year_expiry
+      #   ]
+      # }
     }
 
     secretsmanager_secrets = {

terraform/environments/nomis/locals_test.tf

@@ -684,17 +684,6 @@ locals {
         iam_policies   = module.baseline_presets.s3_iam_policies
         lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default]
       }
-
-      # use this bucket for storing artefacts for use across all accounts
-      ec2-image-builder-nomis = {
-        bucket_policy_v2 = [
-          module.baseline_presets.s3_bucket_policies.ImageBuilderWriteAccessBucketPolicy,
-          module.baseline_presets.s3_bucket_policies.AllEnvironmentsWriteAccessBucketPolicy,
-        ]
-        custom_kms_key = module.environment.kms_keys["general"].arn
-        iam_policies   = module.baseline_presets.s3_iam_policies
-        lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.default]
-      }
     }
 
     secretsmanager_secrets = {