From 09ca279a522ce42c4106543d967d241364075b89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Svantesson?= <marten.svantesson@ticket.se>
Date: Mon, 9 Sep 2024 16:53:34 +0200
Subject: [PATCH] fix: abort incomplete uploads to s3 bucket (#379)

As a best practice to save costs there should be a lifecycle configuration on s3 buckets to abort incomplete uploads

https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpu-abort-incomplete-mpu-lifecycle-config.html
---
 modules/backup/main.tf     | 12 ++++++++++++
 modules/cluster/storage.tf | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/modules/backup/main.tf b/modules/backup/main.tf
index f934d27..11351d5 100644
--- a/modules/backup/main.tf
+++ b/modules/backup/main.tf
@@ -43,6 +43,18 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "backup_bucket" {
   }
 }
 
+resource "aws_s3_bucket_lifecycle_configuration" "backup_bucket" {
+  count  = var.enable_backup ? 1 : 0
+  bucket   = aws_s3_bucket.backup_bucket.id
+  rule {
+    status = "Enabled"
+    id     = "abort_incomplete_uploads"
+    abort_incomplete_multipart_upload {
+      days_after_initiation = 7
+    }
+  }
+}
+
 // ----------------------------------------------------------------------------
 // Setup IAM User and Policies for Velero
 //
diff --git a/modules/cluster/storage.tf b/modules/cluster/storage.tf
index 1194021..a3f580f 100644
--- a/modules/cluster/storage.tf
+++ b/modules/cluster/storage.tf
@@ -44,6 +44,18 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "logs_jenkins_x" {
   }
 }
 
+resource "aws_s3_bucket_lifecycle_configuration" "logs_jenkins_x" {
+  count  = var.enable_logs_storage ? 1 : 0
+  bucket   = aws_s3_bucket.logs_jenkins_x.id
+  rule {
+    status = "Enabled"
+    id     = "abort_incomplete_uploads"
+    abort_incomplete_multipart_upload {
+      days_after_initiation = 7
+    }
+  }
+}
+
 // ---------------------------------
 // Configuration for reports bucket
 // ---------------------------------
@@ -81,6 +93,18 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "reports_jenkins_x
   }
 }
 
+resource "aws_s3_bucket_lifecycle_configuration" "reports_jenkins_x" {
+  count  = var.enable_reports_storage ? 1 : 0
+  bucket   = aws_s3_bucket.reports_jenkins_x.id
+  rule {
+    status = "Enabled"
+    id     = "abort_incomplete_uploads"
+    abort_incomplete_multipart_upload {
+      days_after_initiation = 7
+    }
+  }
+}
+
 // ------------------------------------
 // Configuration for repository bucket
 // ------------------------------------
@@ -118,3 +142,15 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "repository_jenkin
     }
   }
 }
+
+resource "aws_s3_bucket_lifecycle_configuration" "repository_jenkins_x" {
+  count  = var.enable_repository_storage ? 1 : 0
+  bucket   = aws_s3_bucket.repository_jenkins_x.id
+  rule {
+    status = "Enabled"
+    id     = "abort_incomplete_uploads"
+    abort_incomplete_multipart_upload {
+      days_after_initiation = 7
+    }
+  }
+}