Documentation

s3_lifecycle - Manage s3 bucket lifecycle rules in AWS

New in version 2.0.

Synopsis

  • Manage s3 bucket lifecycle rules in AWS

Requirements (on host that executes module)

  • boto
  • python >= 2.6
  • python-dateutil

Options

parameter required default choices comments
aws_access_key
no
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.

aliases: ec2_access_key, access_key
aws_secret_key
no
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.

aliases: ec2_secret_key, secret_key
ec2_url
no
Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
expiration_date
no
Indicates the lifetime of the objects that are subject to the rule by the date they will expire. The value must be ISO-8601 format, the time must be midnight and a GMT timezone must be specified.
expiration_days
no
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
name
yes
Name of the s3 bucket
prefix
no
Prefix identifying one or more objects to which the rule applies. If no prefix is specified, the rule will apply to the whole bucket.
profile
(added in 1.6)
no
Uses a boto profile. Only works with boto >= 2.24.0.
region
no
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region

aliases: aws_region, ec2_region
rule_id
no
Unique identifier for the rule. The value cannot be longer than 255 characters. A unique value for the rule will be generated if no value is provided.
security_token
(added in 1.6)
no
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.

aliases: access_token
state
no present
  • present
  • absent
Create or remove the lifecycle rule
status
no enabled
  • enabled
  • disabled
If 'enabled', the rule is currently being applied. If 'disabled', the rule is not currently being applied.
storage_class
no glacier
  • glacier
  • standard_ia
The storage class to transition to. Currently there are two supported values - 'glacier' or 'standard_ia'.
The 'standard_ia' class is only being available from Ansible version 2.2.
transition_date
no
Indicates the lifetime of the objects that are subject to the rule by the date they will transition to a different storage class. The value must be ISO-8601 format, the time must be midnight and a GMT timezone must be specified. If transition_days is not specified, this parameter is required.
transition_days
no
Indicates when, in days, an object transitions to a different storage class. If transition_date is not specified, this parameter is required.
validate_certs
(added in 1.5)
no yes
  • yes
  • no
When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.

Examples

# Note: These examples do not set authentication details, see the AWS Guide for details.

# Configure a lifecycle rule on a bucket to expire (delete) items with a prefix of /logs/ after 30 days
- s3_lifecycle:
    name: mybucket
    expiration_days: 30
    prefix: /logs/
    status: enabled
    state: present

# Configure a lifecycle rule to transition all items with a prefix of /logs/ to glacier after 7 days and then delete after 90 days
- s3_lifecycle:
    name: mybucket
    transition_days: 7
    expiration_days: 90
    prefix: /logs/
    status: enabled
    state: present

# Configure a lifecycle rule to transition all items with a prefix of /logs/ to glacier on 31 Dec 2020 and then delete on 31 Dec 2030. Note that midnight GMT must be specified.
# Be sure to quote your date strings
- s3_lifecycle:
    name: mybucket
    transition_date: "2020-12-30T00:00:00.000Z"
    expiration_date: "2030-12-30T00:00:00.000Z"
    prefix: /logs/
    status: enabled
    state: present

# Disable the rule created above
- s3_lifecycle:
    name: mybucket
    prefix: /logs/
    status: disabled
    state: present

# Delete the lifecycle rule created above
- s3_lifecycle:
    name: mybucket
    prefix: /logs/
    state: absent

# Configure a lifecycle rule to transition all backup files older than 31 days in /backups/ to standard infrequent access class.
- s3_lifecycle:
    name: mybucket
    prefix: /backups/
    storage_class: standard_ia
    transition_days: 31
    state: present
    status: enabled

Notes

Note

  • If specifying expiration time as days then transition time must also be specified in days
  • If specifying expiration time as a date then transition time must also be specified as a date
  • If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence AWS_URL or EC2_URL, AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY or EC2_ACCESS_KEY, AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY or EC2_SECRET_KEY, AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN, AWS_REGION or EC2_REGION
  • Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See http://boto.readthedocs.org/en/latest/boto_config_tut.html
  • AWS_REGION or EC2_REGION can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file

Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Support

This module is supported mainly by the community and is curated by core committers.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.