terraform-aws-modules / terraform-aws-s3-bucket

Describe the solution you'd like.

Please add the following features in the case of "Publish flow logs to Amazon S3":

The ability to specify a "retention period" - for example, after 30 days to delete old files in s3.
Now there is only the option "flow_log_cloudwatch_log_group_retention_in_days", But there is no such option with the storage type in S3 bucket
flow_log_s3_retention_in_days
The ability for s3 bucket to specify an additional custom policy of the aws_iam_policy_document format - for example, so that the Athena service can immediately analyze this s3 bucket, and not prescribe the necessary policy with a separate terragrant file

FYI - I believe this should be on the S3 module, not the VPC, so I have moved it there

@bryantbiggs My request was specifically to the VPC module and its option to send logs to s3 (https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/examples/vpc-flow-logs/main.tf #L124)
This has nothing to do with the pure module s3.

Right, but those features you pointed out are specific to the S3 bucket; the VPC module does not provide an S3 bucket.

The ability to specify a "retention period"

This is available in the S3 module using lifecycle rules

The ability for s3 bucket to specify an additional custom policy of the aws_iam_policy_document format - for example, so that the Athena service can immediately analyze this s3 bucket, and not prescribe the necessary policy with a separate terragrant file

I don't know what this means, but we do have examples for setting up logging buckets

terraform-aws-s3-bucket/examples/complete/main.tf

Lines 66 to 82 in f1b6c7b

    
           module "log_bucket" { 
        
             source = "../../" 
        
             bucket        = "logs-${random_pet.this.id}" 
        
             force_destroy = true 
        
             control_object_ownership = true 
        
             attach_elb_log_delivery_policy        = true 
        
             attach_lb_log_delivery_policy         = true 
        
             attach_access_log_delivery_policy     = true 
        
             attach_deny_insecure_transport_policy = true 
        
             attach_require_latest_tls_policy      = true 
        
             access_log_delivery_policy_source_accounts = [data.aws_caller_identity.current.account_id] 
        
             access_log_delivery_policy_source_buckets  = ["arn:aws:s3:::${local.bucket_name}"] 
        
           }

	module "log_bucket" {
	source = "../../"

	bucket = "logs-${random_pet.this.id}"
	force_destroy = true

	control_object_ownership = true

	attach_elb_log_delivery_policy = true
	attach_lb_log_delivery_policy = true
	attach_access_log_delivery_policy = true
	attach_deny_insecure_transport_policy = true
	attach_require_latest_tls_policy = true

	access_log_delivery_policy_source_accounts = [data.aws_caller_identity.current.account_id]
	access_log_delivery_policy_source_buckets = ["arn:aws:s3:::${local.bucket_name}"]
	}

Retention period and custom policy for S3-bucket

Describe the solution you'd like.