Adds versioning to the pyramid and streaming buckets, with lifecycle …

…rules for versions (#3916) * Adds versioning to the pyramid and streamig buckets, with a lifecycle rule for 30 days that only applies to versions. * Bump the expiration to 90 days * Add CORS policy to pyramid bucket
nulib · May 7, 2024 · b36353f · b36353f
1 parent 42d22b0
commit b36353f
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/infrastructure/deploy/main.tf b/infrastructure/deploy/main.tf
@@ -218,7 +218,15 @@ resource "aws_s3_bucket" "meadow_streaming" {
   tags   = var.tags
 }
 
+resource "aws_s3_bucket_versioning" "meadow_streaming" {
+  bucket = aws_s3_bucket.meadow_streaming.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_bucket_lifecycle_configuration" "meadow_streaming" {
+  depends_on = [aws_s3_bucket_versioning.meadow_streaming]
   bucket = "${var.stack_name}-${var.environment}-streaming"
 
   rule {
@@ -229,6 +237,10 @@ resource "aws_s3_bucket_lifecycle_configuration" "meadow_streaming" {
     filter {
       prefix = ""
     }
+
+    noncurrent_version_expiration {
+      noncurrent_days = 90
+    }
 
     transition {
       days          = 0
@@ -253,6 +265,39 @@ data "aws_s3_bucket" "pyramid_bucket" {
   bucket = var.pyramid_bucket
 }
 
+resource "aws_s3_bucket_cors_configuration" "pyramid_bucket" {
+  bucket = data.aws_s3_bucket.pyramid_bucket.id
+  cors_rule {
+    allowed_headers = ["*"]
+    allowed_methods = ["GET", "HEAD"]
+    allowed_origins = ["*"]
+    expose_headers  = ["ETag", "Access-Control-Allow-Origin", "Access-Control-Allow-Headers"]
+    max_age_seconds = 3000
+  }
+}
+
+resource "aws_s3_bucket_versioning" "pyramid_bucket" {
+  bucket = data.aws_s3_bucket.pyramid_bucket.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "meadow_pyramids" {
+  depends_on = [aws_s3_bucket_versioning.pyramid_bucket]
+  bucket = data.aws_s3_bucket.pyramid_bucket.id
+
+  rule {
+    id = "expire_old_versions"
+
+    noncurrent_version_expiration {
+      noncurrent_days = 90
+    }
+
+    status = "Enabled"
+  }
+}
+
 data "aws_s3_bucket" "digital_collections_bucket" {
   bucket = var.digital_collections_bucket
 }