marusich pushed a commit to branch master
in repository maintenance.
commit 5129c651780bb70b4885b9e4925cb20dd128b974
Author: Chris Marusich <[email protected]>
Date: Fri Dec 28 03:21:11 2018 -0800
cdn: Add a lifecycle policy to the state bucket.
* cdn/terraform/main.tf (guix-terraform-state) <lifecycle_rule>: New
lifecycle rule.
---
cdn/terraform/main.tf | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf
index 7c1fbdd..e36ae6b 100644
--- a/cdn/terraform/main.tf
+++ b/cdn/terraform/main.tf
@@ -2,6 +2,7 @@
# https://www.terraform.io/docs/backends/types/s3.html
terraform {
backend "s3" {
+ # TODO: Add a Dynamo DB table for locking.
bucket = "guix-terraform-state"
key = "state"
region = "us-west-2"
@@ -291,6 +292,23 @@ resource "aws_s3_bucket" "guix-terraform-state" {
}
}
}
+ # The intent of this rule is to retain the current version and zero
+ # or more recent non-current versions, while preventing the size of
+ # the bucket from growing out of hand.
+ lifecycle_rule {
+ id = "clean-up"
+ enabled = true
+ # It seems unlikely that Terraform would use multi-part uploads to
+ # upload the state, since the state is small, but just in case,
+ # let's automatically abort any stuck multi-part uploads.
+ # TODO: Increase this to 7 days after initial testing is over.
+ abort_incomplete_multipart_upload_days = 1
+ # Clean up old non-current versions.
+ # TODO: Increase this to 14 days after initial testing is over.
+ noncurrent_version_expiration {
+ days = 1
+ }
+ }
lifecycle {
prevent_destroy = true
}
