Add archive transition

.github/workflows/test.yaml

@@ -0,0 +1,57 @@
+---
+###############
+## Run tests ##
+###############
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+name: Test
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+##########################
+# Prevent duplicate jobs #
+##########################
+concurrency:
+  group: ${{ github.repository }}
+  cancel-in-progress: false
+
+permissions:
+  id-token: write
+  contents: read
+
+###############
+# Run the job #
+###############
+jobs:
+  terraform-test:
+    name: Terraform Test
+    runs-on: ubuntu-latest
+    steps:
+      ############################
+      # Checkout the source code #
+      ############################
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      #############################
+      # Configure AWS credentials #
+      #############################
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::${{ vars.AWS_TESTING_ACCOUNT_ID }}:role/${{ vars.AWS_TESTING_ROLE }}
+          aws-region: ${{ vars.AWS_TESTING_REGION }}
+          mask-aws-account-id: false
+
+      #############
+      # Run tests #
+      #############
+      - name: Run Tests
+        timeout-minutes: 30
+        run: terraform init && terraform test

.tflint.hcl

@@ -5,6 +5,6 @@ plugin "terraform" {
 
 plugin "aws" {
   enabled = true
-  version = "0.18.0"
+  version = "0.30.0"
   source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }

README.md

@@ -61,7 +61,8 @@ Comment in these badges if they apply to the repository.
 | <a name="input_provisioned_throughput_in_mibps"></a> [provisioned\_throughput\_in\_mibps](#input\_provisioned\_throughput\_in\_mibps) | The throughput, measured in MiB/s, that you want to provision for the file system. | `number` | `0` | no |
 | <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | A list of security group IDs to associate with the file system. | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to all resources. | `map(string)` | `{}` | no |
-| <a name="input_throughput_mode"></a> [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Defaults to bursting. | `string` | `"bursting"` | no |
+| <a name="input_throughput_mode"></a> [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Valid values: `bursting`, `provisioned`, or `elastic`. | `string` | `"elastic"` | no |
+| <a name="input_transition_to_archive"></a> [transition\_to\_archive](#input\_transition\_to\_archive) | Indicates how long it takes to transition files to the archive storage class. Accepted values AFTER\_7\_DAYS, AFTER\_14\_DAYS, AFTER\_30\_DAYS, AFTER\_60\_DAYS, AFTER\_90\_DAYS. | `string` | `"AFTER_90_DAYS"` | no |
 | <a name="input_transition_to_ia"></a> [transition\_to\_ia](#input\_transition\_to\_ia) | Indicates how long it takes to transition files to the IA storage class. Accepted values AFTER\_7\_DAYS, AFTER\_14\_DAYS, AFTER\_30\_DAYS, AFTER\_60\_DAYS, AFTER\_90\_DAYS. | `string` | `"AFTER_30_DAYS"` | no |
 | <a name="input_transition_to_primary_storage_class"></a> [transition\_to\_primary\_storage\_class](#input\_transition\_to\_primary\_storage\_class) | Describes the policy used to transition a file from infequent access storage to primary storage. Only AFTER\_1\_ACCESS is accepted | `string` | `"AFTER_1_ACCESS"` | no |
 
@@ -82,15 +83,15 @@ Comment in these badges if they apply to the repository.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.36 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.35 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.4 |
 
 ## Resources
 
-- resource.aws_efs_access_point.main (main.tf#44)
+- resource.aws_efs_access_point.main (main.tf#48)
 - resource.aws_efs_file_system.main (main.tf#3)
-- resource.aws_efs_file_system_policy.main (main.tf#37)
-- resource.aws_efs_mount_target.main (main.tf#28)
+- resource.aws_efs_file_system_policy.main (main.tf#41)
+- resource.aws_efs_mount_target.main (main.tf#32)
 - resource.random_uuid.main (main.tf#1)
 - data source.aws_iam_policy_document.main (data.tf#1)
 

main.tf

@@ -16,6 +16,10 @@ resource "aws_efs_file_system" "main" {
     transition_to_ia = var.transition_to_ia
   }
 
+  lifecycle_policy {
+    transition_to_archive = var.transition_to_archive
+  }
+
   lifecycle_policy {
     transition_to_primary_storage_class = var.transition_to_primary_storage_class
   }

tests/basic.tftest.hcl

@@ -0,0 +1,52 @@
+run "setup" {
+  module {
+    source = "./tests/network"
+  }
+}
+
+run "basic_efs" {
+  variables {
+    name = "basic-efs-test"
+
+    private_subnets = run.setup.subnet_ids
+    security_groups = [run.setup.security_group_id]
+
+    throughput_mode       = "elastic"
+    transition_to_ia      = "AFTER_7_DAYS"
+    transition_to_archive = "AFTER_14_DAYS"
+
+    access_points = {
+      for dir in ["private", "public"] : dir => {
+        posix_user = {
+          gid = 1000
+          uid = 1000
+        }
+
+        root_directory = {
+          path = "/${dir}"
+
+          creation_info = {
+            owner_gid   = 1000
+            owner_uid   = 1000
+            permissions = "0755"
+          }
+        }
+      }
+    }
+
+    tags = {
+      SomeTag    = "foo"
+      AnotherTag = "bar"
+    }
+  }
+
+  assert {
+    condition     = length(output.arn) >= 0
+    error_message = "Expected EFS to be created."
+  }
+
+  assert {
+    condition     = length(output.access_point_ids) == 2
+    error_message = "Expected EFS to have 2 access points."
+  }
+}

tests/network/main.tf

@@ -0,0 +1,12 @@
+data "aws_availability_zones" "available" {}
+
+resource "aws_default_vpc" "default" {}
+
+resource "aws_default_security_group" "default" {
+  vpc_id = aws_default_vpc.default.id
+}
+
+data "aws_subnet" "default" {
+  availability_zone = data.aws_availability_zones.available.names[0]
+  default_for_az    = true
+}

tests/network/output.tf

@@ -0,0 +1,11 @@
+output "vpc_id" {
+  value = aws_default_vpc.default.id
+}
+
+output "security_group_id" {
+  value = aws_default_security_group.default.id
+}
+
+output "subnet_ids" {
+  value = [data.aws_subnet.default.id]
+}

tests/network/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.35"
+    }
+  }
+}

variables.tf

@@ -64,8 +64,8 @@ variable "security_groups" {
 }
 
 variable "throughput_mode" {
-  default     = "bursting"
-  description = "Throughput mode for the file system. Defaults to bursting."
+  default     = "elastic"
+  description = "Throughput mode for the file system. Valid values: `bursting`, `provisioned`, or `elastic`."
   type        = string
 }
 
@@ -81,6 +81,12 @@ variable "transition_to_primary_storage_class" {
   type        = string
 }
 
+variable "transition_to_archive" {
+  default     = "AFTER_90_DAYS"
+  description = "Indicates how long it takes to transition files to the archive storage class. Accepted values AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, AFTER_90_DAYS."
+  type        = string
+}
+
 variable "access_points" {
   default     = {}
   description = "List of access points to create."

versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.36"
+      version = ">= 5.35"
     }
     random = {
       source  = "hashicorp/random"