Dynamic lifecycle config rules

Buckets will require additional lifecycle configuration rules to manage objects within TDR
nationalarchives · Feb 3, 2025 · 9c39121 · 9c39121
1 parent c5e4ed2
commit 9c39121
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/s3/main.tf b/s3/main.tf
@@ -123,6 +123,48 @@ resource "aws_s3_bucket_lifecycle_configuration" "bucket_lifecycle" {
       expired_object_delete_marker = false
     }
   }
+
+  dynamic "rule" {
+    for_each = var.lifecycle_rules
+    iterator = rule
+    content {
+      id     = rule.value.id
+      status = rule.value.status
+
+      dynamic "expiration" {
+        for_each = length(keys(lookup(rule.value, "expiration", {}))) == 0 ? [] : [rule.value.expiration]
+        content {
+          date                         = lookup(expiration.value, "date", null)
+          days                         = lookup(expiration.value, "days", null)
+          expired_object_delete_marker = lookup(expiration.value, "expired_object_delete_marker", null)
+        }
+      }
+
+      dynamic "noncurrent_version_expiration" {
+        for_each = length(keys(lookup(rule.value, "noncurrent_version_expiration", {}))) == 0 ? [] : [rule.value.noncurrent_version_expiration]
+        content {
+          noncurrent_days           = lookup(noncurrent_version_expiration.value, "noncurrent_days", null)
+          newer_noncurrent_versions = lookup(noncurrent_version_expiration.value, "newer_noncurrent_versions", null)
+        }
+      }
+
+      dynamic "filter" {
+        for_each = length(keys(lookup(rule.value, "filter", {}))) == 0 ? [] : [rule.value.filter]
+        content {
+          prefix                   = lookup(filter.value, "prefix", null)
+          object_size_greater_than = lookup(filter.value, "object_size_greater_than", null)
+          object_size_less_than    = lookup(filter.value, "object_size_less_than", null)
+          dynamic "tag" {
+            for_each = length(keys(lookup(filter.value, "tag", {}))) == 0 ? [] : [filter.value.tag]
+            content {
+              key   = lookup(tag.value, "key")
+              value = lookup(tag.value, "value")
+            }
+          }
+        }
+      }
+    }
+  }
 }
 
 resource "aws_s3_bucket_cors_configuration" "bucket_cors" {

diff --git a/s3/variables.tf b/s3/variables.tf
@@ -145,3 +145,9 @@ variable "aws_logs_delivery_account_id" {
   description = "AWS log delivery account ID"
   default     = ""
 }
+
+variable "lifecycle_rules" {
+  description = "List of maps describing configuration of object lifecycle management for bucket"
+  type        = any
+  default     = []
+}