Add 'Governance' and 'Compliance' object retention modes for aws_s3_bucket

[voroale]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hi,
As of current moment - v0.11.11 - one cannot simply configure S3 Object Lock as a part of object versioning configuration or otherwise.
Being able to set Retention Modes - Governance and Compliance is crucial for some businesses, that are prone to regulatory constraints.

Potential Terraform Configuration

Something like retention_mode in versioning section

resource "aws_s3_bucket" "versioning_bucket" {
  bucket = "my-versioning-bucket"
  acl    = "private"

  versioning {
    enabled = true
    retention_mode = "governance" // "compliance" , "generic"
  }
}

[ewbankkit]

Related:

• Feature request: Support for S3 Object Locks #6634

[ewbankkit]

It looks like we will need to modify a couple of resources for full support:

• aws_s3_bucket
• aws_s3_bucket_object

Suggested syntax:

resource "aws_s3_bucket" "foo" {
  bucket = "my-versioning-bucket"
  acl    = "private"

  object_lock_configuration {
    object_lock_enabled = true

    rule {
      default_retention {
        mode = "GOVERNANCE"
        days = 30
      }
    }
  }
}

resource "aws_s3_bucket_object" "foo" {
  bucket = "my-versioning-bucket"
  key    = "important-data.txt"

  retention {
    mode              = "GOVERNANCE"
    retain_until_date = "2020-01-05T00:00:00.000Z"
  }

  legal_hold {
    status = "ON"
  }
}

[bflad]

Support for S3 object lock configuration in the aws_s3_bucket resource has been merged and will release with version 1.56.0 of the Terraform AWS provider, likely in the next few hours.

For tracking aws_s3_bucket_object support, its probably best to create a separate feature request issue. 👍

[bflad]

This has been released in version 1.56.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!