From 9c391211039255f5fa08c91de6e2878a6dd57e97 Mon Sep 17 00:00:00 2001
From: TomJKing <tom.king@nationalarchives.gov.uk>
Date: Mon, 3 Feb 2025 15:21:41 +0000
Subject: [PATCH] Dynamic lifecycle config rules

Buckets will require additional lifecycle configuration rules to manage objects within TDR
---
 s3/main.tf      | 42 ++++++++++++++++++++++++++++++++++++++++++
 s3/variables.tf |  6 ++++++
 2 files changed, 48 insertions(+)

diff --git a/s3/main.tf b/s3/main.tf
index 2e2efdd..7ce92bd 100644
--- a/s3/main.tf
+++ b/s3/main.tf
@@ -123,6 +123,48 @@ resource "aws_s3_bucket_lifecycle_configuration" "bucket_lifecycle" {
       expired_object_delete_marker = false
     }
   }
+
+  dynamic "rule" {
+    for_each = var.lifecycle_rules
+    iterator = rule
+    content {
+      id     = rule.value.id
+      status = rule.value.status
+
+      dynamic "expiration" {
+        for_each = length(keys(lookup(rule.value, "expiration", {}))) == 0 ? [] : [rule.value.expiration]
+        content {
+          date                         = lookup(expiration.value, "date", null)
+          days                         = lookup(expiration.value, "days", null)
+          expired_object_delete_marker = lookup(expiration.value, "expired_object_delete_marker", null)
+        }
+      }
+
+      dynamic "noncurrent_version_expiration" {
+        for_each = length(keys(lookup(rule.value, "noncurrent_version_expiration", {}))) == 0 ? [] : [rule.value.noncurrent_version_expiration]
+        content {
+          noncurrent_days           = lookup(noncurrent_version_expiration.value, "noncurrent_days", null)
+          newer_noncurrent_versions = lookup(noncurrent_version_expiration.value, "newer_noncurrent_versions", null)
+        }
+      }
+
+      dynamic "filter" {
+        for_each = length(keys(lookup(rule.value, "filter", {}))) == 0 ? [] : [rule.value.filter]
+        content {
+          prefix                   = lookup(filter.value, "prefix", null)
+          object_size_greater_than = lookup(filter.value, "object_size_greater_than", null)
+          object_size_less_than    = lookup(filter.value, "object_size_less_than", null)
+          dynamic "tag" {
+            for_each = length(keys(lookup(filter.value, "tag", {}))) == 0 ? [] : [filter.value.tag]
+            content {
+              key   = lookup(tag.value, "key")
+              value = lookup(tag.value, "value")
+            }
+          }
+        }
+      }
+    }
+  }
 }
 
 resource "aws_s3_bucket_cors_configuration" "bucket_cors" {
diff --git a/s3/variables.tf b/s3/variables.tf
index 0abd031..2acdb96 100644
--- a/s3/variables.tf
+++ b/s3/variables.tf
@@ -145,3 +145,9 @@ variable "aws_logs_delivery_account_id" {
   description = "AWS log delivery account ID"
   default     = ""
 }
+
+variable "lifecycle_rules" {
+  description = "List of maps describing configuration of object lifecycle management for bucket"
+  type        = any
+  default     = []
+}