lifecycle configuration of S3 remote state

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.

https://terragrunt.gruntwork.io/

MIT License

7.93k stars 964 forks source link

lifecycle configuration of S3 remote state #2329

Open ebini opened 1 year ago

ebini commented 1 year ago

We use terragrunt with S3 versioning. According to the AWS Documentation: "S3 buckets with versioning enabled should have lifecycle policies configured"

Is it possible to add a lifecycle rule to the S3 remote state bucket?

My question: a) Is it possible to configure this with the remote state configuration (or it may be a feature request) b) Is there another "best practises" way to add a lifecycle rule to the created s3 bucket?

Thanks in advance

denis256 commented 1 year ago

Hi, AFAIK lifecycle policies from Terragrunt can't be set, only configured skip_bucket_versioning=true/false.

Can be attempted to configure lifecycle through Terraform(that may be some kind of recursion)

https://terragrunt.gruntwork.io/docs/reference/config-blocks-and-attributes/#remote_state

ebini commented 1 year ago

sorry for my late response. wouldn't this a nice feature request do add some more basic configuration to the bucket like lifeccycle policies?

rafaljanicki commented 12 months ago

Bump on the above, we're running a security audit through our accounts and that was also noticed. Is there any reason why this is not supported?