Skip to content

Commit

Permalink
Add backend checks bucket policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@TomJKing
TomJKing committed Jan 20, 2025
1 parent c9c7d99 commit 61f45fd
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions root_s3_life_cycle.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ locals {
clean_bucket_expiration_days = local.environment == "prod" ? 30 : 7
clean_bucket_policy_status = "Disabled"

backend_checks_buckets = [module.backend_lambda_function_bucket]
backend_checks_bucket_expiration_days = local.environment == "prod" ? 30 : 7
backend_checks_bucket_policy_status = local.environment == "prod" ? "Disabled" : "Enabled"

dirty_buckets = [module.upload_file_cloudfront_dirty_s3]
dirty_bucket_expiration_days = local.environment == "prod" ? 7 : 1
dirty_bucket_policy_status = local.environment == "intg" ? "Enabled" : "Disabled"
Expand Down Expand Up @@ -55,6 +59,18 @@ resource "aws_s3_bucket_lifecycle_configuration" "quarantine_s3_buckets" {
}
}

resource "aws_s3_bucket_lifecycle_configuration" "backend_checks_s3_buckets" {
for_each = { for bucket in local.backend_checks_buckets: bucket.s3_bucket_name => bucket }
bucket = each.value.s3_bucket_id
rule {
id = "delete-backend-checks-buckets-objects"
status = local.backend_checks_bucket_policy_status
expiration {
days = local.backend_checks_bucket_expiration_days
}
}
}

resource "aws_s3_bucket_lifecycle_configuration" "clean_s3_buckets" {
for_each = { for bucket in local.clean_buckets : bucket.s3_bucket_name => bucket }
bucket = each.value.s3_bucket_id
Expand Down

0 comments on commit 61f45fd

Please sign in to comment.