08/14: cdn: Add a lifecycle policy to the state bucket.

[Chris Marusich]

marusich pushed a commit to branch master
in repository maintenance.

commit 5129c651780bb70b4885b9e4925cb20dd128b974
Author: Chris Marusich <address@hidden>
Date:   Fri Dec 28 03:21:11 2018 -0800

    cdn: Add a lifecycle policy to the state bucket.
    
    * cdn/terraform/main.tf (guix-terraform-state) <lifecycle_rule>: New
    lifecycle rule.
---
 cdn/terraform/main.tf | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf
index 7c1fbdd..e36ae6b 100644
--- a/cdn/terraform/main.tf
+++ b/cdn/terraform/main.tf
@@ -2,6 +2,7 @@
 # https://www.terraform.io/docs/backends/types/s3.html
 terraform {
   backend "s3" {
+    # TODO: Add a Dynamo DB table for locking.
     bucket = "guix-terraform-state"
     key    = "state"
     region = "us-west-2"
@@ -291,6 +292,23 @@ resource "aws_s3_bucket" "guix-terraform-state" {
       }
     }
   }
+  # The intent of this rule is to retain the current version and zero
+  # or more recent non-current versions, while preventing the size of
+  # the bucket from growing out of hand.
+  lifecycle_rule {
+    id = "clean-up"
+    enabled = true
+    # It seems unlikely that Terraform would use multi-part uploads to
+    # upload the state, since the state is small, but just in case,
+    # let's automatically abort any stuck multi-part uploads.
+    # TODO: Increase this to 7 days after initial testing is over.
+    abort_incomplete_multipart_upload_days = 1
+    # Clean up old non-current versions.
+    # TODO: Increase this to 14 days after initial testing is over.
+    noncurrent_version_expiration {
+      days = 1
+    }
+  }
   lifecycle {
     prevent_destroy = true
   }