Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tdrd 59 dirty bucket life cycle policy #545

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Tdrd 59 dirty bucket life cycle policy #545

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
f68e75a
Dirty s3 bucket life cycle policy
TomJKing Oct 14, 2024
3cb8896
Change tag name
TomJKing Oct 14, 2024
d5718a8
Update sub-module hash
TomJKing Oct 15, 2024
0058ca4
Merge remote-tracking branch 'origin/master' into TDRD-59-dirty-bucke…
TomJKing Nov 22, 2024
e7f74ae
Update tagging filters
TomJKing Nov 22, 2024
ada41a2
Add rule for quarantine buckets
TomJKing Nov 22, 2024
ebb0b92
Merge remote-tracking branch 'origin/master' into TDRD-59-dirty-bucke…
TomJKing Nov 22, 2024
99818c4
Add tagging as environment variable
TomJKing Nov 25, 2024
3fd77ce
Merge branch 'master' into TDRD-59-dirty-bucket-life-cycle-policy
TomJKing Nov 25, 2024
2cca723
Merge branch 'master' into TDRD-59-dirty-bucket-life-cycle-policy
vimleshtna Nov 26, 2024
c386441
Merge remote-tracking branch 'origin/master' into TDRD-59-dirty-bucke…
TomJKing Dec 17, 2024
a5e6881
Merge branch 'master' into TDRD-59-dirty-bucket-life-cycle-policy
TomJKing Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions root_backend_checks.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,8 +271,10 @@ module "yara_av_v2" {
role_name = "TDRYaraAVV2LambdaRole${title(local.environment)}"
runtime = local.runtime_python_3_9
plaintext_env_vars = {
ENVIRONMENT = local.environment
ROOT_DIRECTORY = local.tmp_directory
ENVIRONMENT = local.environment
ROOT_DIRECTORY = local.tmp_directory
DELETE_OBJECT_TAG_KEY = local.delete_object_tag_key
DELETE_OBJECT_TAG_VALUE = local.delete_object_tag_value
}
vpc_config = [
{
Expand Down
92 changes: 92 additions & 0 deletions root_s3_life_cycle.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
locals {
delete_object_tag_key = "Delete"
delete_object_tag_value = "True"

clean_buckets = [module.upload_bucket]
clean_bucket_expiration_days = local.environment == "prod" ? 30 : 7
clean_bucket_policy_status = "Disabled"

dirty_buckets = [module.upload_file_cloudfront_dirty_s3]
dirty_bucket_expiration_days = local.environment == "prod" ? 7 : 1
dirty_bucket_policy_status = local.environment == "intg" ? "Enabled" : "Disabled"

export_buckets = [module.export_bucket, module.flat_format_export_bucket]
export_bucket_expiration_days = local.environment == "prod" ? 30 : 7
export_bucket_policy_status = "Disabled"

quarantine_buckets = [module.upload_bucket_quarantine]
quarantine_bucket_expiration_days = local.environment == "prod" ? 30 : 7
quarantine_buckets_policy_status = "Disabled"
}

resource "aws_s3_bucket_lifecycle_configuration" "dirty_s3_buckets" {
for_each = { for bucket in local.dirty_buckets : bucket.s3_bucket_name => bucket }
bucket = each.value.s3_bucket_id
rule {
id = "delete-dirty-buckets-objects"
status = local.dirty_bucket_policy_status
filter {
tag {
key = local.delete_object_tag_key
value = local.delete_object_tag_value
}
}
expiration {
days = local.dirty_bucket_expiration_days
}
}
}

resource "aws_s3_bucket_lifecycle_configuration" "quarantine_s3_buckets" {
for_each = { for bucket in local.quarantine_buckets : bucket.s3_bucket_name => bucket }
bucket = each.value.s3_bucket_id
rule {
id = "delete-quarantine-buckets-objects"
status = local.quarantine_buckets_policy_status
filter {
tag {
key = local.delete_object_tag_key
value = local.delete_object_tag_value
}
}
expiration {
days = local.quarantine_bucket_expiration_days
}
}
}

resource "aws_s3_bucket_lifecycle_configuration" "clean_s3_buckets" {
for_each = { for bucket in local.clean_buckets : bucket.s3_bucket_name => bucket }
bucket = each.value.s3_bucket_id
rule {
id = "delete-clean-buckets-objects"
status = local.clean_bucket_policy_status
filter {
tag {
key = local.delete_object_tag_key
value = local.delete_object_tag_value
}
}
expiration {
days = local.clean_bucket_expiration_days
}
}
}

resource "aws_s3_bucket_lifecycle_configuration" "export_s3_buckets" {
for_each = { for bucket in local.export_buckets : bucket.s3_bucket_name => bucket }
bucket = each.value.s3_bucket_id
rule {
id = "delete-export-buckets-objects"
status = local.export_bucket_policy_status
filter {
tag {
key = local.delete_object_tag_key
value = local.delete_object_tag_value
}
}
expiration {
days = local.export_bucket_expiration_days
}
}
}
Loading