r/aws_elastic_beanstalk_application: Add appversion_lifecycle

[mfenniak]

Adds appversion_lifecycle configuration under aws_elastic_beanstalk_application resource to configure automatic cleanup of application versions.

Addresses issue #537.

[bflad]

Hi @mfenniak 👋 Very sorry for the delayed review of this PR 😅 after rebasing and randomizing the test resource naming (we run our acceptance testing concurrently), this LGTM.

make testacc TEST=./aws TESTARGS='-run=TestAccAWSBeanstalkApp'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSBeanstalkApp -timeout 120m
=== RUN   TestAccAWSBeanstalkApp_basic
--- PASS: TestAccAWSBeanstalkApp_basic (15.12s)
=== RUN   TestAccAWSBeanstalkApp_appversionlifecycle
--- PASS: TestAccAWSBeanstalkApp_appversionlifecycle (36.71s)
=== RUN   TestAccAWSBeanstalkAppVersion_basic
--- PASS: TestAccAWSBeanstalkAppVersion_basic (32.75s)
=== RUN   TestAccAWSBeanstalkAppVersion_duplicateLabels
--- PASS: TestAccAWSBeanstalkAppVersion_duplicateLabels (32.79s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	117.403s

[bflad]

This has been released in version 1.16.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[mfenniak]

Thanks for the review, merge, and quick release bflad! Appreciate it.

[ozbillwang]

@mfenniak

I recently applied the change with appversion_lifecycle with max_count to 50

But I found there are still more than 100 versions, I wait for one week, total versions doesn't reduce to 50 automatically.

Could you please confirm if this feature really works or not?

provider "aws" {
  region = "${var.AWS_DEFAULT_REGION}"
}

data "aws_iam_role" "eb" {
  name = "AWSServiceRoleForElasticBeanstalk"
}

resource "aws_elastic_beanstalk_application" "ebapp" {
  name        = "${var.APP_NAME}"
  description = "Beanstalk application for ${var.APP_NAME}"

  appversion_lifecycle {
    service_role          = "${data.aws_iam_role.eb.arn}"
    max_count             = 50
    delete_source_from_s3 = true
  }
}

terraform version is 0.11.7
aws provider is latest.

Can you confirm what policies I should assign to iam role AWSServiceRoleForElasticBeanstalk?

[mfenniak]

@ozbillwang Hi Bill; I can confirm that this capability actually works on AWS. If it is appearing in the application's "Settings" page on the AWS Console, it is likely a problem with your IAM role. Other than this, if it appears in the AWS Console, but it doesn't work, it's not a problem with the terraform side of this equation, and I'd suggest you reach out to AWS support for further help. :-)

Here's a working IAM role policy that my application uses:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "elasticbeanstalk:DeleteApplicationVersion",
            "Resource": "arn:aws:elasticbeanstalk:*:*:applicationversion/*/*"
        },
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::elasticbeanstalk-*/*",
                "arn:aws:s3:::elasticbeanstalk-*"
            ]
        }
    ]
}

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!