Merge pull request #19 from rhythmictech/lifecycle-fixes

sdickenson · web-flow · commit 00667da7f214 · 2025-03-08T10:44:19.000-05:00
Fix lifecycle rule drift
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -48,13 +48,13 @@ module "cloudtrail-logging" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.70.0, < 6.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.48.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.70.0, < 6.0.0 |
 
 ## Modules
 
@@ -82,7 +82,8 @@ No modules.
 | <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | Name to apply to bucket (use `bucket_name` or `bucket_suffix`) | `string` | `null` | no |
 | <a name="input_bucket_suffix"></a> [bucket\_suffix](#input\_bucket\_suffix) | Suffix to apply to the bucket (use `bucket_name` or `bucket_suffix`). When using `bucket_suffix`, the bucket name will be `[account_id]-[region]-s3logging-[bucket_suffix].` | `string` | `"default"` | no |
 | <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | KMS key to encrypt bucket with. | `string` | `null` | no |
-| <a name="input_lifecycle_rules"></a> [lifecycle\_rules](#input\_lifecycle\_rules) | lifecycle rules to apply to the bucket | <pre>list(object(<br>    {<br>      id                            = string<br>      enabled                       = optional(bool, true)<br>      expiration                    = optional(number)<br>      prefix                        = optional(number)<br>      noncurrent_version_expiration = optional(number)<br>      transition = optional(list(object({<br>        days          = number<br>        storage_class = string<br>      })))<br>  }))</pre> | <pre>[<br>  {<br>    "id": "expire-noncurrent-objects-after-ninety-days",<br>    "noncurrent_version_expiration": 90<br>  },<br>  {<br>    "id": "transition-to-IA-after-30-days",<br>    "transition": [<br>      {<br>        "days": 30,<br>        "storage_class": "STANDARD_IA"<br>      }<br>    ]<br>  },<br>  {<br>    "expiration": 2557,<br>    "id": "delete-after-seven-years"<br>  }<br>]</pre> | no |
+| <a name="input_lifecycle_rules"></a> [lifecycle\_rules](#input\_lifecycle\_rules) | lifecycle rules to apply to the bucket | <pre>list(object(<br>    {<br>      id                            = string<br>      enabled                       = optional(bool, true)<br>      expiration                    = optional(number)<br>      prefix                        = optional(string)<br>      noncurrent_version_expiration = optional(number)<br>      transition = optional(list(object({<br>        days          = number<br>        storage_class = string<br>      })))<br>  }))</pre> | <pre>[<br>  {<br>    "id": "expire-noncurrent-objects-after-ninety-days",<br>    "noncurrent_version_expiration": 90<br>  },<br>  {<br>    "id": "transition-to-IA-after-30-days",<br>    "transition": [<br>      {<br>        "days": 30,<br>        "storage_class": "STANDARD_IA"<br>      }<br>    ]<br>  },<br>  {<br>    "expiration": 2557,<br>    "id": "delete-after-seven-years"<br>  }<br>]</pre> | no |
+| <a name="input_lifecycle_transition_default_minimum_object_size"></a> [lifecycle\_transition\_default\_minimum\_object\_size](#input\_lifecycle\_transition\_default\_minimum\_object\_size) | The default minimum object size behavior applied to the lifecycle configuration | `string` | `"varies_by_storage_class"` | no |
 | <a name="input_object_ownership"></a> [object\_ownership](#input\_object\_ownership) | Specifies S3 object ownership control. Defaults to BucketOwnerPreferred for backwards-compatibility. Recommended value is BucketOwnerEnforced. | `string` | `"BucketOwnerEnforced"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to add to supported resources | `map(string)` | `{}` | no |
 | <a name="input_versioning_enabled"></a> [versioning\_enabled](#input\_versioning\_enabled) | Whether or not to use versioning on the bucket. This can be useful for audit purposes since objects in a logging bucket should not be updated. | `bool` | `true` | no |
diff --git a/examples/basic/.terraform.lock.hcl b/examples/basic/.terraform.lock.hcl
diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.70.0, < 6.0.0"
+    }
+  }
+}
diff --git a/examples/multiple-prefixes/versions.tf b/examples/multiple-prefixes/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.70.0, < 6.0.0"
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -29,9 +29,10 @@ resource "aws_s3_bucket_acl" "this" {
 }
 
 resource "aws_s3_bucket_lifecycle_configuration" "this" {
-  count = var.lifecycle_rules == null ? 0 : 1
+  count = length(var.lifecycle_rules) > 0 ? 1 : 0
 
-  bucket = aws_s3_bucket.this.id
+  bucket                                 = aws_s3_bucket.this.id
+  transition_default_minimum_object_size = var.lifecycle_transition_default_minimum_object_size
 
   dynamic "rule" {
     iterator = rule
@@ -42,18 +43,22 @@ resource "aws_s3_bucket_lifecycle_configuration" "this" {
       status = rule.value.enabled ? "Enabled" : "Disabled"
 
       filter {
-        prefix = lookup(rule.value, "prefix", null)
+        prefix = try(rule.value.prefix, null)
       }
 
-      expiration {
-        days = lookup(rule.value, "expiration", 2147483647)
+      dynamic "expiration" {
+        for_each = rule.value.expiration != null ? [1] : [0]
+
+        content {
+          days = rule.value.expiration
+        }
       }
 
       dynamic "noncurrent_version_expiration" {
-        for_each = lookup(rule.value, "noncurrent_version_expiration", null) != null ? [1] : []
+        for_each = rule.value.noncurrent_version_expiration != null ? [1] : []
 
         content {
-          noncurrent_days = lookup(rule.value, "noncurrent_version_expiration", null)
+          noncurrent_days = rule.value.noncurrent_version_expiration
         }
       }
 
diff --git a/variables.tf b/variables.tf
@@ -42,7 +42,7 @@ variable "lifecycle_rules" {
       id                            = string
       enabled                       = optional(bool, true)
       expiration                    = optional(number)
-      prefix                        = optional(number)
+      prefix                        = optional(string)
       noncurrent_version_expiration = optional(number)
       transition = optional(list(object({
         days          = number
@@ -51,9 +51,16 @@ variable "lifecycle_rules" {
   }))
 }
 
+variable "lifecycle_transition_default_minimum_object_size" {
+  default     = "varies_by_storage_class"
+  description = "The default minimum object size behavior applied to the lifecycle configuration"
+  type        = string
+}
+
 variable "object_ownership" {
   default     = "BucketOwnerEnforced"
   description = "Specifies S3 object ownership control. Defaults to BucketOwnerPreferred for backwards-compatibility. Recommended value is BucketOwnerEnforced."
+  type        = string
 }
 
 variable "tags" {
diff --git a/versions.tf b/versions.tf
@@ -1,6 +1,10 @@
 terraform {
   required_version = ">= 1.3"
+
   required_providers {
-    aws = ">= 4"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.70.0, < 6.0.0"
+    }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,10 @@`
`1`	`1`	`terraform {`
`2`	`2`	`required_version = ">= 1.3"`
	`3`	`+`
`3`	`4`	`required_providers {`
`4`		`- aws = ">= 4"`
	`5`	`+ aws = {`
	`6`	`+ source = "hashicorp/aws"`
	`7`	`+ version = ">= 5.70.0, < 6.0.0"`
	`8`	`+ }`
`5`	`9`	`}`
`6`	`10`	`}`