I'm trying to prevent a bucket's deletion in terraform. The bucket holds my terraform remote state files. Everywhere says to use lifecycle_configuration=prevent_destroy
. The terraform docs say to use the new parameter aws_s3_bucket_lifecycle_configuration
. I have that setup like so:
# Prevent deletion
resource "aws_s3_bucket_lifecycle_configuration" "tf_remote_state_s3_lifecycle_config" {
bucket = aws_s3_bucket.tf_remote_state.id
rule {
id = "prevent_destroy"
status = "Enabled"
}
}
I'm getting this error:
╷
│ Error: error creating S3 Lifecycle Configuration for bucket (XXXX): InvalidRequest: At least one action needs to be specified in a rule
│ status code: 400, request id: XXXX, host id: XXXX
│
│ with aws_s3_bucket_lifecycle_configuration.tf_remote_state_s3_lifecycle_config,
│ on main.tf line 34, in resource "aws_s3_bucket_lifecycle_configuration" "tf_remote_state_s3_lifecycle_config":
│ 34: resource "aws_s3_bucket_lifecycle_configuration" "tf_remote_state_s3_lifecycle_config" {
│
╵
What is the equivalent of lifecycle_configuration=prevent_destroy
in aws_s3_bucket_lifecycle_configuration
?
CodePudding user response:
You are confusing the lifecycle
configuration of terraform and the aws_s3_bucket_lifecycle_configuration
/ lifecycle_rule
which is an S3 feature controlling the lifycycle of objects in the bucket. The two have absolutely nothing to do with each other and for entirely unrelated things.
Solution: stick with / use lifecycle { prevent_destroy = true }
on your aws_s3_bucket
, do not use aws_s3_bucket_lifecycle_configuration
.
https://www.terraform.io/language/meta-arguments/lifecycle
https://registry.terraform.io/providers/hashicorp /aws/latest/docs/resources/s3_bucket_lifecycle_configuration