英文:
terraform s3 object delete on versioned bucket lifecycle rule
问题
I've translated the code portions for you:
- 我已经搜索了一些帖子,但没有一个完全让我理解。希望我能更清楚地提出这个问题,以便未来的搜索。
- 我有一个有版本的存储桶
- 我有一些对象,在180天后过渡到Glacier
这是在terraform中完成的,使用以下方式
resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
lifecycle_rule {
enabled = true
transition {
days = 180
storage_class = "GLACIER"
}
}
versioning {
enabled = true
}
}
我需要以下内容:
- 删除所有超过365天的对象(不考虑它们的存储类别)
我需要它永久删除对象(不仅仅创建一个删除标记,而是从S3中完全删除文件)。
只需设置到期属性吗?
resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
lifecycle_rule {
enabled = true
transition {
days = 180
storage_class = "GLACIER"
}
expiration {
days = 365
}
}
versioning {
enabled = true
}
}
还是我需要处理非当前版本的到期?
提前感谢。
英文:
I've searched a few posts, but none fully make sense to me. Hopefully, I can write this question more clearly for future searches.
- I have a versioned bucket
- I have objects that are transitioned to Glacier after 180 days
This is done in terraform using the following
resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
lifecycle_rule {
enabled = true
transition {
days = 180
storage_class = "GLACIER"
}
}
versioning {
enabled = true
}
}
I need the following:
- Delete all objects older than 365 days (irrespective of their storage class)
I need it to permanently delete the object (not just create a delete marker, but remove the file completely from S3).
Is it just a matter of setting the expiration property?
resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
lifecycle_rule {
enabled = true
transition {
days = 180
storage_class = "GLACIER"
}
expiration {
days = 365
}
}
versioning {
enabled = true
}
}
Or do I need to do something with noncurrent_version_expiration?
Thanks in advance.
答案1
得分: 1
First of all, it is recommended to use aws_s3_bucket_lifecycle_configuration resource block instead of specifying inside the aws_s3_bucket block.
Answer to your requirement, yes, you must use noncurrent_version_transition block for versioned objects expiration.
resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
depends_on = [aws_s3_bucket_versioning.<the_versioning_block_name>]
bucket = aws_s3_bucket.bucket.id
rule {
id = "expiration-365"
status = "Enabled"
noncurrent_version_transition {
noncurrent_days = 180
storage_class = "GLACIER"
}
noncurrent_version_expiration {
newer_noncurrent_versions = 0
noncurrent_days = 365
}
}
}
To add lifecycle in your existing S3 resource block legacy method, this should do it.
resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
lifecycle_rule {
id = "expiration-365"
enabled = true
noncurrent_version_transition {
days = 180
storage_class = "GLACIER"
}
noncurrent_version_expiration {
noncurrent_version_expiration = 365
}
}
versioning {
enabled = true
}
}
英文:
First of all, it is recommended to use aws_s3_bucket_lifecycle_configuration resource block instead of specifying inside the aws_s3_bucket block
Answer to your requirement, yes, you must use noncurrent_version_transition block for versioned objects expiration.
resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
depends_on = [aws_s3_bucket_versioning.<the_versioning_block_name>]
bucket = aws_s3_bucket.bucket.id
rule {
id = "expiration-365"
status = "Enabled"
noncurrent_version_transition {
noncurrent_days = 180
storage_class = "GLACIER"
}
noncurrent_version_expiration {
newer_noncurrent_versions = 0
noncurrent_days = 365
}
}
}
}
To add lifecycle in your existing S3 resource block legacy method, this should do it
resource "aws_s3_bucket" "main" {
bucket = "zzz-bucket-127364-${terraform.workspace}"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
lifecycle_rule {
id = "expiration-365"
enabled = true
noncurrent_version_transition {
days = 180
storage_class = "GLACIER"
}
noncurrent_version_expiration {
noncurrent_version_expiration = 365
}
}
}
versioning {
enabled = true
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论