I'm trying to prevent a bucket's deletion in terraform. The bucket holds my terraform remote state files. Everywhere says to use lifecycle_configuration=prevent_destroy. The terraform docs say to use the new parameter aws_s3_bucket_lifecycle_configuration. I have that setup like so:

# Prevent deletion
resource "aws_s3_bucket_lifecycle_configuration" "tf_remote_state_s3_lifecycle_config" {
  bucket = aws_s3_bucket.tf_remote_state.id
  rule {
    id     = "prevent_destroy"
    status = "Enabled"
  }
  
}

I'm getting this error:

╷
│ Error: error creating S3 Lifecycle Configuration for bucket (XXXX): InvalidRequest: At least one action needs to be specified in a rule
│       status code: 400, request id: XXXX, host id: XXXX
│ 
│   with aws_s3_bucket_lifecycle_configuration.tf_remote_state_s3_lifecycle_config,
│   on main.tf line 34, in resource "aws_s3_bucket_lifecycle_configuration" "tf_remote_state_s3_lifecycle_config":
│   34: resource "aws_s3_bucket_lifecycle_configuration" "tf_remote_state_s3_lifecycle_config" {
│ 
╵

What is the equivalent of lifecycle_configuration=prevent_destroy in aws_s3_bucket_lifecycle_configuration?

CodePudding user response：

You are confusing the lifecycle configuration of terraform and the aws_s3_bucket_lifecycle_configuration / lifecycle_rule which is an S3 feature controlling the lifycycle of objects in the bucket. The two have absolutely nothing to do with each other and for entirely unrelated things.

Solution: stick with / use lifecycle { prevent_destroy = true } on your aws_s3_bucket, do not use aws_s3_bucket_lifecycle_configuration.

https://www.terraform.io/language/meta-arguments/lifecycle
https://registry.terraform.io/providers/hashicorp /aws/latest/docs/resources/s3_bucket_lifecycle_configuration