BATIAI-1398 updated code to have 7 day expiration on dev environments (…

…#6)

* BATIAI-1398 updated code to have 7 day expiration on dev environments

.gitignore

@@ -0,0 +1,34 @@
+# Ignore files generated by Terraform
+.terraform
+*.terraform.lock.hcl
+
+# Ignore .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Ignore crash log files
+crash.log
+
+# Ignore override files
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore provider plugin files
+.terraformrc
+terraform.rc
+
+# Ignore sensitive files
+*.pem
+*.key
+*.pub
+*.cer
+*.crt
+*.jks
+*.p12
+*.pfx
+
+# Ignore local development files
+.envrc
+.env

main.tf

@@ -95,3 +95,25 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
     }
   }
 }
+
+# Lifecycle configuration for the dev buckets to remove all objects older than var.lifecycle_expiration_days.
+resource "aws_s3_bucket_lifecycle_configuration" "lifecycle_expiration_days" {
+  for_each = var.lifecycle_expiration_days > 0 ? aws_s3_bucket.landing_zone_buckets : []
+
+  bucket = each.value.id
+
+  dynamic "rule" {
+    for_each = var.lifecycle_expiration_days > 0 ? [1] : []
+
+    content {
+      id     = "delete-old-objects"
+      status =  "Enabled"
+      expiration {
+       days = var.lifecycle_expiration_days
+      }
+      noncurrent_version_expiration {
+       noncurrent_days = 1 
+      }
+    }
+  }
+}

variables.tf

@@ -23,3 +23,9 @@ variable "sse_algorithm" {
   default     = "aws:kms"
   description = "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms, defaults to aws:kms."
 }
+
+variable "lifecycle_expiration_days" {
+  type        = string
+  default     = "0"
+  description = "Number of days for object lifecycle to expire the objects in dev env.  Defaults to 0, which disables the rule"
+}