[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: cdn: Increase Terraform state retention period.
From: |
Chris Marusich |
Subject: |
02/02: cdn: Increase Terraform state retention period. |
Date: |
Fri, 4 Jan 2019 03:06:40 -0500 (EST) |
marusich pushed a commit to branch master
in repository maintenance.
commit f584a1f3a8f4bfa30aa818395f839481806345ff
Author: Chris Marusich <address@hidden>
Date: Thu Jan 3 23:27:12 2019 -0800
cdn: Increase Terraform state retention period.
* cdn/terraform/main.tf (guix-terraform-state) <lifecycle_rule>:
Update abort_incomplete_multipart_upload_days to 7 and
noncurrent_version_expiration to 14 days.
---
cdn/terraform/main.tf | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf
index 539139e..7b9c5e5 100644
--- a/cdn/terraform/main.tf
+++ b/cdn/terraform/main.tf
@@ -3,7 +3,6 @@
terraform {
# This backend will not work if you delete the corresponding bucket.
backend "s3" {
- # TODO: Add a Dynamo DB table for locking.
bucket = "guix-terraform-state"
key = "state"
# The backend documentation does not clarify if it respects the
@@ -278,12 +277,9 @@ resource "aws_s3_bucket" "guix-terraform-state" {
bucket = "guix-terraform-state"
# Access should be granted via IAM policies.
acl = "private"
- # This allows us to recover state if something ever goes wrong. The
- # cost of storing all versions of the state is negligible for the
- # foreseeable future, but if it ever becomes a concern, we can
- # (1) stop using the S3 backend, (2) suspend versioning, (3) delete
- # old versions manually, or (4) add a "lifecycle policy" to expire
- # non-current versions. For details, see:
+ # This allows us to recover state if something ever goes wrong - as
+ # long as we do so within the time period specified by our lifecycle
+ # policy (see below). For details, see:
# https://docs.aws.amazon.com/AmazonS3/latest/dev/DeletingObjectVersions.html
versioning {
enabled = true
@@ -310,12 +306,10 @@ resource "aws_s3_bucket" "guix-terraform-state" {
# It seems unlikely that Terraform would use multi-part uploads to
# upload the state, since the state is small, but just in case,
# let's automatically abort any stuck multi-part uploads.
- # TODO: Increase this to 7 days after initial testing is over.
- abort_incomplete_multipart_upload_days = 1
+ abort_incomplete_multipart_upload_days = 7
# Clean up old non-current versions.
- # TODO: Increase this to 14 days after initial testing is over.
noncurrent_version_expiration {
- days = 1
+ days = 14
}
}
lifecycle {