terraform s3对象删除在有版本的存储桶生命周期规则中。

huangapple go评论64阅读模式
英文:

terraform s3 object delete on versioned bucket lifecycle rule

问题

I've translated the code portions for you:

- 我已经搜索了一些帖子,但没有一个完全让我理解。希望我能更清楚地提出这个问题,以便未来的搜索。

- 我有一个有版本的存储桶
- 我有一些对象,在180天后过渡到Glacier

这是在terraform中完成的,使用以下方式

resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"

server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

lifecycle_rule {
enabled = true

transition {
  days          = 180
  storage_class = "GLACIER"
}

}

versioning {
enabled = true
}
}


我需要以下内容:
- 删除所有超过365天的对象(不考虑它们的存储类别)

我需要它永久删除对象(不仅仅创建一个删除标记,而是从S3中完全删除文件)。 

只需设置到期属性吗?

resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"

server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

lifecycle_rule {
enabled = true

transition {
  days          = 180
  storage_class = "GLACIER"
}

expiration {
  days = 365
}

}

versioning {
enabled = true
}
}


还是我需要处理非当前版本的到期?

提前感谢。
英文:

I've searched a few posts, but none fully make sense to me. Hopefully, I can write this question more clearly for future searches.

  • I have a versioned bucket
  • I have objects that are transitioned to Glacier after 180 days

This is done in terraform using the following

resource "aws_s3_bucket" "main" {
  bucket = "zzz-bucket-127364-${terraform.workspace}"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }

  lifecycle_rule {
    enabled = true

    transition {
      days          = 180
      storage_class = "GLACIER"
    }
  }
  
  versioning {
    enabled = true
  }
}

I need the following:

  • Delete all objects older than 365 days (irrespective of their storage class)

I need it to permanently delete the object (not just create a delete marker, but remove the file completely from S3).

Is it just a matter of setting the expiration property?

resource "aws_s3_bucket" "main" {
  bucket = "zzz-bucket-127364-${terraform.workspace}"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }

  lifecycle_rule {
    enabled = true

    transition {
      days          = 180
      storage_class = "GLACIER"
    }
    
    expiration {
      days = 365
    }
 }
  
  versioning {
    enabled = true
  }
}


Or do I need to do something with noncurrent_version_expiration?

Thanks in advance.

答案1

得分: 1

First of all, it is recommended to use aws_s3_bucket_lifecycle_configuration resource block instead of specifying inside the aws_s3_bucket block.

Answer to your requirement, yes, you must use noncurrent_version_transition block for versioned objects expiration.

resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
  depends_on = [aws_s3_bucket_versioning.<the_versioning_block_name>]
  bucket     = aws_s3_bucket.bucket.id

  rule {
    id     = "expiration-365"
    status = "Enabled"

    noncurrent_version_transition {
      noncurrent_days = 180
      storage_class   = "GLACIER"
    }

    noncurrent_version_expiration {
      newer_noncurrent_versions = 0
      noncurrent_days           = 365
    }
  }
}

To add lifecycle in your existing S3 resource block legacy method, this should do it.

resource "aws_s3_bucket" "main" {
  bucket = "zzz-bucket-127364-${terraform.workspace}"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }

  lifecycle_rule {
    id      = "expiration-365"
    enabled = true

    noncurrent_version_transition {
      days          = 180
      storage_class = "GLACIER"
    }

    noncurrent_version_expiration {
      noncurrent_version_expiration = 365
    }
  }

  versioning {
    enabled = true
  }
}
英文:

First of all, it is recommended to use aws_s3_bucket_lifecycle_configuration resource block instead of specifying inside the aws_s3_bucket block

Answer to your requirement, yes, you must use noncurrent_version_transition block for versioned objects expiration.

resource &quot;aws_s3_bucket_lifecycle_configuration&quot; &quot;lifecycle&quot; {
depends_on = [aws_s3_bucket_versioning.&lt;the_versioning_block_name&gt;]

  bucket = aws_s3_bucket.bucket.id

  rule {
    id = &quot;expiration-365&quot;

    status = &quot;Enabled&quot;

    noncurrent_version_transition {
        noncurrent_days = 180
        storage_class   = &quot;GLACIER&quot;
    }
    noncurrent_version_expiration {
        newer_noncurrent_versions = 0
        noncurrent_days           = 365
      }
    }
  }
}

To add lifecycle in your existing S3 resource block legacy method, this should do it

resource &quot;aws_s3_bucket&quot; &quot;main&quot; {
  bucket = &quot;zzz-bucket-127364-${terraform.workspace}&quot;

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = &quot;AES256&quot;
      }
    }
  }

  lifecycle_rule {
    id = &quot;expiration-365&quot;
    enabled = true

    noncurrent_version_transition {
        days          = 180
        storage_class = &quot;GLACIER&quot;
    }

    noncurrent_version_expiration {
        noncurrent_version_expiration = 365
      }
    }
  }
  
  versioning {
    enabled = true
  }
}

huangapple
  • 本文由 发表于 2023年5月22日 09:13:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/76302551.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定