Merge pull request #205 from dandi/fix-s3-lifecycle-policy

Consolidate `aws_s3_bucket_lifecycle_configuration` resources into one
dandi · Jan 9, 2025 · eacd892 · eacd892
2 parents f683ebf + 37b3963
commit eacd892
Showing 1 changed file with 47 additions and 45 deletions.
diff --git a/terraform/modules/dandiset_bucket/main.tf b/terraform/modules/dandiset_bucket/main.tf
@@ -307,68 +307,70 @@ data "aws_iam_policy_document" "dandiset_bucket_policy" {
 }
 
 
-# S3 lifecycle policy that permanently deletes objects with delete markers
-# after 30 days. Note, this only applies to objects with the `blobs/` prefix.
-resource "aws_s3_bucket_lifecycle_configuration" "expire_deleted_objects" {
+resource "aws_s3_bucket_lifecycle_configuration" "dandiset_bucket" {
   # Must have bucket versioning enabled first
   depends_on = [aws_s3_bucket_versioning.dandiset_bucket]
 
   count = var.versioning ? 1 : 0
 
   bucket = aws_s3_bucket.dandiset_bucket.id
 
+  # S3 lifecycle policy that permanently deletes objects with delete markers
+  # after 30 days. Note, this only applies to objects with the `blobs/` prefix.
   # Based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lifecycle-config-conceptual-ex7
-  rule {
-    id = "ExpireOldDeleteMarkers"
-    filter {
-      # We only want to expire objects with the `blobs/` prefix, i.e. Asset Blobs.
-      # Other objects in this bucket are not subject to this lifecycle policy.
-      prefix = "blobs/"
-    }
+  dynamic "rule" {
+    # Only create this rule if versioning is enabled on the bucket
+    for_each = var.versioning ? [1] : []
 
-    # Expire objects with delete markers after 30 days
-    noncurrent_version_expiration {
-      noncurrent_days = 30
-    }
+    content {
+      id = "ExpireOldDeleteMarkers"
+      filter {
+        # We only want to expire objects with the `blobs/` prefix, i.e. Asset Blobs.
+        # Other objects in this bucket are not subject to this lifecycle policy.
+        prefix = "blobs/"
+      }
 
-    # Also delete any delete markers associated with the expired object
-    expiration {
-      expired_object_delete_marker = true
-    }
+      # Expire objects with delete markers after 30 days
+      noncurrent_version_expiration {
+        noncurrent_days = 30
+      }
 
-    status = "Enabled"
-  }
-}
+      # Also delete any delete markers associated with the expired object
+      expiration {
+        expired_object_delete_marker = true
+      }
 
-resource "aws_s3_bucket_lifecycle_configuration" "expire_noncurrent_manifest_files" {
-  # Must have bucket versioning enabled first
-  depends_on = [aws_s3_bucket_versioning.dandiset_bucket]
+      status = "Enabled"
+    }
+  }
 
-  count = var.versioning && var.enable_manifest_file_expiration ? 1 : 0
+  # S3 lifecycle policy that garbage collects old manifest file versions
+  dynamic "rule" {
+    # Only create this rule if versioning is enabled and we want to expire old manifest file versions
+    # TODO: remove enable_manifest_file_expiration once we are ready to deploy this to production
+    for_each = var.versioning && var.enable_manifest_file_expiration ? [1] : []
 
-  bucket = aws_s3_bucket.dandiset_bucket.id
+    content {
+      id = "ExpireOldManifestFileVersions"
+      filter {
+        # We only want to expire objects with the `dandisets/` prefix, i.e. manifest files.
+        # Other objects in this bucket are not subject to this lifecycle policy.
+        prefix = "dandisets/"
+      }
 
-  # Based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lifecycle-config-conceptual-ex7
-  rule {
-    id = "ExpireOldManifestFileVersions"
-    filter {
-      # We only want to expire objects with the `dandisets/` prefix, i.e. manifest files.
-      # Other objects in this bucket are not subject to this lifecycle policy.
-      prefix = "dandisets/"
-    }
+      noncurrent_version_expiration {
+        # keep most recent noncurrent version indefinitely
+        newer_noncurrent_versions = 1
+        # delete all other noncurrent versions after 1 day
+        noncurrent_days = 1
+      }
 
-    noncurrent_version_expiration {
-      # keep most recent noncurrent version indefinitely
-      newer_noncurrent_versions = 1
-      # delete all other noncurrent versions after 1 day
-      noncurrent_days = 1
-    }
+      # Also delete any delete markers associated with the expired object
+      expiration {
+        expired_object_delete_marker = true
+      }
 
-    # Also delete any delete markers associated with the expired object
-    expiration {
-      expired_object_delete_marker = true
+      status = "Enabled"
     }
-
-    status = "Enabled"
   }
 }