feat: enabled S3 lifecycle for non-current objects (#65)

stefanfreitag · Feb 24, 2023 · 90a8d6c · 90a8d6c
1 parent ef0b6a5
commit 90a8d6c
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -38,8 +38,8 @@ The S3 bucket is configured as below
 - enabled versioning of objects
 - enabled encryption using an S3 managed Key
 - disallowing public access
-- A lifecycle configuration for the archived repositories. They transistion
- through different storage classes
+- A lifecycle configuration for the archived repositories. They and their
+ versions transistion through different storage classes
  - Infrequent Access after 30 days
  - Glacier after 90 days
  - Deep Archive 180 days

diff --git a/src/archiver.ts b/src/archiver.ts
@@ -156,6 +156,20 @@ export class Archiver extends Construct {
  transitionAfter: Duration.days(180),
  },
  ],
+ noncurrentVersionTransitions: [
+ {
+ storageClass: s3.StorageClass.INFREQUENT_ACCESS,
+ transitionAfter: Duration.days(30),
+ },
+ {
+ storageClass: s3.StorageClass.GLACIER,
+ transitionAfter: Duration.days(90),
+ },
+ {
+ storageClass: s3.StorageClass.DEEP_ARCHIVE,
+ transitionAfter: Duration.days(180),
+ },
+ ],
  },
  ],
  publicReadAccess: false,

diff --git a/test/README.md b/test/README.md
@@ -11,9 +11,9 @@
 - Running integration tests
 
  ```shell
- integ-runner -v --language typescript --parallel-regions eu-central-1
+ integ-runner -v --language typescript --parallel-regions eu-central-1 --profiles default
  ```
 
  ```shell
- integ-runner -v --language typescript --parallel-regions eu-central-1 --update-on-failed
+ integ-runner -v --language typescript --parallel-regions eu-central-1 --profiles default --update-on-failed
  ```
diff --git a/test/archiver.test.ts b/test/archiver.test.ts
@@ -32,7 +32,6 @@ describe('S3 Bucket settings', () => {
  });
 
  test('S3 bucket has encryption enabled', () => {
- assertions.Template.fromStack(stack).resourceCountIs('AWS::S3::Bucket', 1);
  assertions.Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', {
  BucketEncryption: {
  ServerSideEncryptionConfiguration: [
@@ -47,13 +46,64 @@ describe('S3 Bucket settings', () => {
  });
 
  test('S3 bucket has versioning enabled', () => {
- assertions.Template.fromStack(stack).resourceCountIs('AWS::S3::Bucket', 1);
  assertions.Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', {
  VersioningConfiguration: {
  Status: 'Enabled',
  },
  });
  });
+
+ test('S3 bucket lifecycle policy for objects', () => {
+ assertions.Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', {
+ LifecycleConfiguration: {
+ Rules: [
+ {
+ ExpirationInDays: 360,
+ Status: 'Enabled',
+ Transitions: [
+ {
+ StorageClass: 'STANDARD_IA',
+ TransitionInDays: 30,
+ },
+ {
+ StorageClass: 'GLACIER',
+ TransitionInDays: 90,
+ },
+ {
+ StorageClass: 'DEEP_ARCHIVE',
+ TransitionInDays: 180,
+ },
+ ],
+ },
+ ],
+ },
+ });
+ });
+ test('S3 bucket lifecycle policy for non-current objects', () => {
+ assertions.Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', {
+ LifecycleConfiguration: {
+ Rules: [
+ {
+ Status: 'Enabled',
+ NoncurrentVersionTransitions: [
+ {
+ StorageClass: 'STANDARD_IA',
+ TransitionInDays: 30,
+ },
+ {
+ StorageClass: 'GLACIER',
+ TransitionInDays: 90,
+ },
+ {
+ StorageClass: 'DEEP_ARCHIVE',
+ TransitionInDays: 180,
+ },
+ ],
+ },
+ ],
+ },
+ });
+ });
 });
 
 describe('S3 events', () => {