Resource: awsS3BucketLifecycleConfiguration
Provides an independent configuration resource for S3 bucket lifecycle configuration.
An S3 Lifecycle configuration consists of one or more Lifecycle rules. Each rule consists of the following:
- Rule metadata (
idandstatus) - Filter identifying objects to which the rule applies
- One or more transition or expiration actions
For more information see the Amazon S3 User Guide on lifecycleConfigurationElements.
\~> NOTE: S3 Buckets only support a single lifecycle configuration. Declaring multiple awsS3BucketLifecycleConfiguration resources to the same S3 Bucket will cause a perpetual difference in configuration.
Example Usage
With neither a filter nor prefix specified
The Lifecycle rule applies to a subset of objects based on the key name prefix ("").
This configuration is intended to replicate the default behavior of the lifecycleRule parameter in the Terraform AWS Provider awsS3Bucket resource prior to v40.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
id: "rule-1",
status: "Enabled",
},
],
}
);
Specifying an empty filter
The Lifecycle rule applies to all objects in the bucket.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {},
id: "rule-1",
status: "Enabled",
},
],
}
);
Specifying a filter using key prefixes
The Lifecycle rule applies to a subset of objects based on the key name prefix (logs/).
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {
prefix: "logs/",
},
id: "rule-1",
status: "Enabled",
},
],
}
);
If you want to apply a Lifecycle action to a subset of objects based on different key name prefixes, specify separate rules.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {
prefix: "logs/",
},
id: "rule-1",
status: "Enabled",
},
{
filter: {
prefix: "tmp/",
},
id: "rule-2",
status: "Enabled",
},
],
}
);
Specifying a filter based on an object tag
The Lifecycle rule specifies a filter based on a tag key and value. The rule then applies only to a subset of objects with the specific tag.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {
tag: {
key: "Name",
value: "Staging",
},
},
id: "rule-1",
status: "Enabled",
},
],
}
);
Specifying a filter based on multiple tags
The Lifecycle rule directs Amazon S3 to perform lifecycle actions on objects with two tags (with the specific tag keys and values). Notice tags is wrapped in the and configuration block.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {
and: {
tags: {
key1: "Value1",
key2: "Value2",
},
},
},
id: "rule-1",
status: "Enabled",
},
],
}
);
Specifying a filter based on both prefix and one or more tags
The Lifecycle rule directs Amazon S3 to perform lifecycle actions on objects with the specified prefix and two tags (with the specific tag keys and values). Notice both prefix and tags are wrapped in the and configuration block.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {
and: {
prefix: "logs/",
tags: {
key1: "Value1",
key2: "Value2",
},
},
},
id: "rule-1",
status: "Enabled",
},
],
}
);
Specifying a filter based on object size
Object size values are in bytes. Maximum filter size is 5TB. Some storage classes have minimum object size limitations, for more information, see Comparing the Amazon S3 storage classes.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {
objectSizeGreaterThan: 500,
},
id: "rule-1",
status: "Enabled",
},
],
}
);
Specifying a filter based on object size range and prefix
The objectSizeGreaterThan must be less than the objectSizeLessThan. Notice both the object size range and prefix are wrapped in the and configuration block.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"example",
{
bucket: "${aws_s3_bucket.bucket.id}",
rule: [
{
filter: {
and: {
objectSizeGreaterThan: 500,
objectSizeLessThan: 64000,
prefix: "logs/",
},
},
id: "rule-1",
status: "Enabled",
},
],
}
);
Creating a Lifecycle Configuration for a bucket with versioning
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketBucket = new aws.s3Bucket.S3Bucket(this, "bucket", {
bucket: "my-bucket",
});
const awsS3BucketVersioningBucket = new aws.s3Bucket.S3Bucket(
this,
"versioning_bucket",
{
bucket: "my-versioning-bucket",
}
);
new aws.s3BucketAcl.S3BucketAcl(this, "bucket_acl", {
acl: "private",
bucket: awsS3BucketBucket.id,
});
new aws.s3BucketAcl.S3BucketAcl(this, "versioning_bucket_acl", {
acl: "private",
bucket: awsS3BucketVersioningBucket.id,
});
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"bucket-config",
{
bucket: awsS3BucketBucket.id,
rule: [
{
expiration: {
days: 90,
},
filter: {
and: {
prefix: "log/",
tags: {
autoclean: "true",
rule: "log",
},
},
},
id: "log",
status: "Enabled",
transition: [
{
days: 30,
storageClass: "STANDARD_IA",
},
{
days: 60,
storageClass: "GLACIER",
},
],
},
{
expiration: {
date: "2023-01-13T00:00:00Z",
},
filter: {
prefix: "tmp/",
},
id: "tmp",
status: "Enabled",
},
],
}
);
const awsS3BucketVersioningVersioning =
new aws.s3BucketVersioning.S3BucketVersioningA(this, "versioning", {
bucket: awsS3BucketVersioningBucket.id,
versioningConfiguration: {
status: "Enabled",
},
});
new aws.s3BucketLifecycleConfiguration.S3BucketLifecycleConfiguration(
this,
"versioning-bucket-config",
{
bucket: awsS3BucketVersioningBucket.id,
depends_on: [`\${${awsS3BucketVersioningVersioning.fqn}}`],
rule: [
{
filter: {
prefix: "config/",
},
id: "config",
noncurrentVersionExpiration: {
noncurrentDays: 90,
},
noncurrentVersionTransition: [
{
noncurrentDays: 30,
storageClass: "STANDARD_IA",
},
{
noncurrentDays: 60,
storageClass: "GLACIER",
},
],
status: "Enabled",
},
],
}
);
Argument Reference
The following arguments are supported:
bucket- (Required) Name of the source S3 bucket you want Amazon S3 to monitor.expectedBucketOwner- (Optional) Account ID of the expected bucket owner. If the bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.rule- (Required) List of configuration blocks describing the rules managing the replication. See below.
rule
\~> NOTE: The filter argument, while Optional, is required if the rule configuration block does not contain a prefix and you intend to override the default behavior of setting the rule to filter objects with the empty string prefix (""). Since prefix is deprecated by Amazon S3 and will be removed in the next major version of the Terraform AWS Provider, we recommend users either specify filter or leave both filter and prefix unspecified.
\~> NOTE: A rule cannot be updated from having a filter (via either the ruleFilter parameter or when neither ruleFilter and rulePrefix are specified) to only having a prefix via the rulePrefix parameter.
\~> NOTE Terraform cannot distinguish a difference between configurations that use ruleFilter {} and configurations that neither use ruleFilter nor rulePrefix, so a rule cannot be updated from applying to all objects in the bucket via ruleFilter {} to applying to a subset of objects based on the key prefix "" and vice versa.
The rule configuration block supports the following arguments:
abortIncompleteMultipartUpload- (Optional) Configuration block that specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. See below.expiration- (Optional) Configuration block that specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker. See below.filter- (Optional) Configuration block used to identify objects that a Lifecycle Rule applies to. See below. If not specified, therulewill default to usingprefix.id- (Required) Unique identifier for the rule. The value cannot be longer than 255 characters.noncurrentVersionExpiration- (Optional) Configuration block that specifies when noncurrent object versions expire. See below.noncurrentVersionTransition- (Optional) Set of configuration blocks that specify the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. See below.prefix- (Optional) DEPRECATED Usefilterinstead. This has been deprecated by Amazon S3. Prefix identifying one or more objects to which the rule applies. Defaults to an empty string ("") iffilteris not specified.status- (Required) Whether the rule is currently being applied. Valid values:enabledordisabled.transition- (Optional) Set of configuration blocks that specify when an Amazon S3 object transitions to a specified storage class. See below.
abortIncompleteMultipartUpload
The abortIncompleteMultipartUpload configuration block supports the following arguments:
daysAfterInitiation- Number of days after which Amazon S3 aborts an incomplete multipart upload.
expiration
The expiration configuration block supports the following arguments:
date- (Optional) Date the object is to be moved or deleted. Should be in RFC3339 format.days- (Optional) Lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.expiredObjectDeleteMarker- (Optional, Conflicts withdateanddays) Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set totrue, the delete marker will be expired; if set tofalsethe policy takes no action.
filter
\~> NOTE: The filter configuration block must either be specified as the empty configuration block (filter {}) or with exactly one of prefix, tag, and, objectSizeGreaterThan or objectSizeLessThan specified.
The filter configuration block supports the following arguments:
and- (Optional) Configuration block used to apply a logicalandto two or more predicates. See below. The Lifecycle Rule will apply to any object matching all the predicates configured inside theandblock.objectSizeGreaterThan- (Optional) Minimum object size (in bytes) to which the rule applies.objectSizeLessThan- (Optional) Maximum object size (in bytes) to which the rule applies.prefix- (Optional) Prefix identifying one or more objects to which the rule applies. Defaults to an empty string ("") if not specified.tag- (Optional) Configuration block for specifying a tag key and value. See below.
noncurrentVersionExpiration
The noncurrentVersionExpiration configuration block supports the following arguments:
newerNoncurrentVersions- (Optional) Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer.noncurrentDays- (Optional) Number of days an object is noncurrent before Amazon S3 can perform the associated action. Must be a positive integer.
noncurrentVersionTransition
The noncurrentVersionTransition configuration block supports the following arguments:
newerNoncurrentVersions- (Optional) Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer.noncurrentDays- (Optional) Number of days an object is noncurrent before Amazon S3 can perform the associated action.storageClass- (Required) Class of storage used to store the object. Valid Values:glacier,STANDARD_IA,ONEZONE_IA,INTELLIGENT_TIERING,DEEP_ARCHIVE,GLACIER_IR.
transition
The transition configuration block supports the following arguments:
\~> Note: Only one of date or days should be specified. If neither are specified, the transition will default to 0 days.
date- (Optional, Conflicts withdays) Date objects are transitioned to the specified storage class. The date value must be in RFC3339 format and set to midnight UTC e.g.20230113T00:00:00Z.days- (Optional, Conflicts withdate) Number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer. If bothdaysanddateare not specified, defaults to0. Valid values depend onstorageClass, see Transition objects using Amazon S3 Lifecycle for more details.storageClass- Class of storage used to store the object. Valid Values:glacier,STANDARD_IA,ONEZONE_IA,INTELLIGENT_TIERING,DEEP_ARCHIVE,GLACIER_IR.
and
The and configuration block supports the following arguments:
objectSizeGreaterThan- (Optional) Minimum object size to which the rule applies. Value must be at least0if specified.objectSizeLessThan- (Optional) Maximum object size to which the rule applies. Value must be at least1if specified.prefix- (Optional) Prefix identifying one or more objects to which the rule applies.tags- (Optional) Key-value map of resource tags. All of these tags must exist in the object's tag set in order for the rule to apply.
tag
The tag configuration block supports the following arguments:
key- (Required) Name of the object key.value- (Required) Value of the tag.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id- ThebucketorbucketandexpectedBucketOwnerseparated by a comma (,) if the latter is provided.
Import
S3 bucket lifecycle configuration can be imported in one of two ways.
If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, the S3 bucket lifecycle configuration resource should be imported using the bucket e.g.,
If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, the S3 bucket lifecycle configuration resource should be imported using the bucket and expectedBucketOwner separated by a comma (,) e.g.,