From 42b2be8e7e8b9a5238052ca6c9dad8ffd020779e Mon Sep 17 00:00:00 2001
From: thisiz_A <arun.sanna@outlook.com>
Date: Wed, 29 Mar 2023 10:52:23 -0400
Subject: [PATCH] BATIAI-1398 updated code to have 7 day expiration on dev
 environments (#6)

* BATIAI-1398 updated code to have 7 day expiration on dev environments
---
 .gitignore   | 34 ++++++++++++++++++++++++++++++++++
 main.tf      | 22 ++++++++++++++++++++++
 variables.tf |  6 ++++++
 3 files changed, 62 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..720b1e7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,34 @@
+# Ignore files generated by Terraform
+.terraform
+*.terraform.lock.hcl
+
+# Ignore .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Ignore crash log files
+crash.log
+
+# Ignore override files
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore provider plugin files
+.terraformrc
+terraform.rc
+
+# Ignore sensitive files
+*.pem
+*.key
+*.pub
+*.cer
+*.crt
+*.jks
+*.p12
+*.pfx
+
+# Ignore local development files
+.envrc
+.env
diff --git a/main.tf b/main.tf
index 448e66e..ec15881 100644
--- a/main.tf
+++ b/main.tf
@@ -95,3 +95,25 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
     }
   }
 }
+
+# Lifecycle configuration for the dev buckets to remove all objects older than var.lifecycle_expiration_days.
+resource "aws_s3_bucket_lifecycle_configuration" "lifecycle_expiration_days" {
+  for_each = var.lifecycle_expiration_days > 0 ? aws_s3_bucket.landing_zone_buckets : []
+
+  bucket = each.value.id
+
+  dynamic "rule" {
+    for_each = var.lifecycle_expiration_days > 0 ? [1] : []
+
+    content {
+      id     = "delete-old-objects"
+      status =  "Enabled"
+      expiration {
+       days = var.lifecycle_expiration_days
+      }
+      noncurrent_version_expiration {
+       noncurrent_days = 1 
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index fb42d38..cb78bd5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -23,3 +23,9 @@ variable "sse_algorithm" {
   default     = "aws:kms"
   description = "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms, defaults to aws:kms."
 }
+
+variable "lifecycle_expiration_days" {
+  type        = string
+  default     = "0"
+  description = "Number of days for object lifecycle to expire the objects in dev env.  Defaults to 0, which disables the rule"
+}
\ No newline at end of file