dominodatalab · ddl-olsonJD · Nov 14, 2023 · Nov 4, 2023 · Nov 4, 2023 · Nov 4, 2023
@@ -20,4 +20,4 @@ default_node_groups = {
 }
 
 enable_private_link      = true
-route53_hosted_zone_name = "domino"
+route53_hosted_zone_name = "domino"
@@ -9,4 +9,4 @@ output "info" {
 output "privatelink" {
   description = "Private Link Info"
   value       = var.privatelink.enabled ? module.privatelink[0].info : null
-}
+}
@@ -2,8 +2,7 @@ module "privatelink" {
   count            = var.privatelink.enabled ? 1 : 0
   source           = "./submodules/privatelink"
   deploy_id        = var.deploy_id
-  region           = var.region
   network_info     = var.network_info
   privatelink      = var.privatelink
   oidc_provider_id = aws_iam_openid_connect_provider.oidc_provider.id
-}
+}
@@ -41,11 +41,10 @@ No modules.
 | <a name="input_network_info"></a> [network\_info](#input\_network\_info) | {<br>      vpc\_id = VPC Id.<br>      subnets = {<br>        private = Private subnets.<br>        public  = Public subnets.<br>        pod     = Pod subnets.<br>      }), {})<br>    }), {}) | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>    })<br>  })</pre> | n/a | yes |
 | <a name="input_oidc_provider_id"></a> [oidc\_provider\_id](#input\_oidc\_provider\_id) | OIDC Provider ID | `string` | n/a | yes |
 | <a name="input_privatelink"></a> [privatelink](#input\_privatelink) | {<br>      enabled = Enable Private Link connections.<br>      namespace = Namespace for IAM Policy conditions.<br>      monitoring\_bucket = Bucket for NLBs monitoring.<br>      route53\_hosted\_zone\_name = Hosted zone for External DNS zone.<br>      vpc\_endpoint\_services = [{<br>        name      = Name of the VPC Endpoint Service.<br>        ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]<br>        cert\_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.<br>        private\_dns = Private DNS for the VPC Endpoint Service.<br>      }]<br>    } | <pre>object({<br>    enabled                  = optional(bool, false)<br>    namespace                = optional(string, "domino-platform")<br>    monitoring_bucket        = optional(string, null)<br>    route53_hosted_zone_name = optional(string, null)<br>    vpc_endpoint_services = optional(list(object({<br>      name        = optional(string)<br>      ports       = optional(list(number))<br>      cert_arn    = optional(string)<br>      private_dns = optional(string)<br>    })), [])<br>  })</pre> | `{}` | no |
-| <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_info"></a> [info](#output\_info) | Target groups... |
-+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
++<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -8,16 +8,6 @@ variable "deploy_id" {
   }
 }
 
-variable "region" {
-  type        = string
-  description = "AWS region for the deployment"
-  nullable    = false
-  validation {
-    condition     = can(regex("(us(-gov)?|ap|ca|cn|eu|sa|me|af|il)-(central|(north|south)?(east|west)?)-[0-9]", var.region))
-    error_message = "The provided region must follow the format of AWS region names, e.g., us-west-2, us-gov-west-1."
-  }
-}
-
 variable "network_info" {
   description = <<EOF
     {
@@ -97,4 +87,4 @@ variable "privatelink" {
   }
 
   default = {}
-}
+}
@@ -34,7 +34,8 @@
         "s3:PutBucketTagging",
         "s3:PutBucketVersioning",
         "s3:PutBucketPublicAccessBlock",
-        "s3:PutEncryptionConfiguration"
+        "s3:PutEncryptionConfiguration",
+        "s3:PutLifecycleConfiguration"
       ],
       "Resource": ["arn:${partition}:s3:::${deploy_id}-*"]
     },

@@ -65,7 +65,7 @@
 | <a name="input_route53_hosted_zone_name"></a> [route53\_hosted\_zone\_name](#input\_route53\_hosted\_zone\_name) | Optional hosted zone for External DNS zone. | `string` | `null` | no |
 | <a name="input_route53_hosted_zone_private"></a> [route53\_hosted\_zone\_private](#input\_route53\_hosted\_zone\_private) | Is the hosted zone private | `bool` | `false` | no |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>    }<br>  } | <pre>object({<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 
 ## Outputs

@@ -79,4 +79,4 @@ output "create_eks_role_arn" {
 output "monitoring_bucket" {
   description = "Monitoring Bucket"
   value       = module.storage.info.s3.buckets.monitoring.bucket_name
-}
+}
@@ -40,6 +40,7 @@ No modules.
 | [aws_s3_bucket.monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket.registry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_acl.monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_lifecycle_configuration.costs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
 | [aws_s3_bucket_logging.buckets_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
 | [aws_s3_bucket_ownership_controls.monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
 | [aws_s3_bucket_policy.buckets_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
@@ -69,7 +70,7 @@ No modules.
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
 | <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>    })<br>  })</pre> | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    efs = optional(object({<br>      access_point_path = optional(string)<br>      backup_vault = optional(object({<br>        create        = optional(bool)<br>        force_destroy = optional(bool)<br>        backup = optional(object({<br>          schedule           = optional(string)<br>          cold_storage_after = optional(number)<br>          delete_after       = optional(number)<br>        }))<br>      }))<br>    }))<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool)<br>    }))<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool)<br>    }))<br>    enable_remote_backup = optional(bool)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | n/a | yes |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    efs = optional(object({<br>      access_point_path = optional(string)<br>      backup_vault = optional(object({<br>        create        = optional(bool)<br>        force_destroy = optional(bool)<br>        backup = optional(object({<br>          schedule           = optional(string)<br>          cold_storage_after = optional(number)<br>          delete_after       = optional(number)<br>        }))<br>      }))<br>    }))<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool)<br>    }))<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool)<br>    }))<br>    enable_remote_backup = optional(bool)<br>    costs_enabled        = optional(bool)<br>  })</pre> | n/a | yes |
 
 ## Outputs
 

@@ -481,6 +481,54 @@ resource "aws_s3_bucket" "costs" {
   object_lock_enabled = false
 }
 
+resource "aws_s3_bucket_lifecycle_configuration" "costs" {
+  count  = var.storage.costs_enabled ? 1 : 0
+  bucket = aws_s3_bucket.costs[0].id
+
+  rule {
+    id = "AssetsExpiration"
+
+    expiration {
+      days = 15
+    }
+
+    filter {
+      prefix = "federated/${var.deploy_id}/etl/bingen/assets/"
+    }
+
+    status = "Enabled"
+  }
+
+
+  rule {
+    id = "AllocationsExpiration"
+
+    expiration {
+      days = 15
+    }
+
+    filter {
+      prefix = "federated/${var.deploy_id}/etl/bingen/allocations/"
+    }
+
+    status = "Enabled"
+  }
+
+  rule {
+    id = "incomplete_upload"
+
+    abort_incomplete_multipart_upload {
+      days_after_initiation = 7
+    }
+
+    status = "Enabled"
+  }
+
+  depends_on = [
+    aws_s3_bucket.costs
+  ]
+}
+
 data "aws_iam_policy_document" "costs" {
   count = var.storage.costs_enabled ? 1 : 0
 

@@ -67,7 +67,7 @@ variable "storage" {
       force_destroy_on_deletion = optional(bool)
     }))
     enable_remote_backup = optional(bool)
-    costs_enabled        = optional(bool, true)
+    costs_enabled        = optional(bool)
   })
 }
 

@@ -341,6 +341,8 @@ variable "storage" {
       ecr = {
         force_destroy_on_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.
       }
+      enable_remote_backup = Enable tagging required for cross-account backups
+      costs_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage
     }
   }
   EOF
@@ -364,6 +366,7 @@ variable "storage" {
       force_destroy_on_deletion = optional(bool, true)
     }), {}),
     enable_remote_backup = optional(bool, false)
+    costs_enabled        = optional(bool, true)
   })
 
   default = {}