From 64fb49300eec21ca8f72998b6e87eea1e268cbdf Mon Sep 17 00:00:00 2001
From: Mike VanDenburgh <michael.vandenburgh@kitware.com>
Date: Tue, 22 Oct 2024 13:47:34 -0400
Subject: [PATCH] Scope trailing delete policy to `blobs` prefix only

---
 terraform/modules/dandiset_bucket/main.tf | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/terraform/modules/dandiset_bucket/main.tf b/terraform/modules/dandiset_bucket/main.tf
index 1ef7067..3143fc1 100644
--- a/terraform/modules/dandiset_bucket/main.tf
+++ b/terraform/modules/dandiset_bucket/main.tf
@@ -308,7 +308,7 @@ data "aws_iam_policy_document" "dandiset_bucket_policy" {
 
 
 # S3 lifecycle policy that permanently deletes objects with delete markers
-# after 30 days.
+# after 30 days. Note, this only applies to objects with the `blobs/` prefix.
 resource "aws_s3_bucket_lifecycle_configuration" "expire_deleted_objects" {
   # Must have bucket versioning enabled first
   depends_on = [aws_s3_bucket_versioning.dandiset_bucket]
@@ -320,7 +320,11 @@ resource "aws_s3_bucket_lifecycle_configuration" "expire_deleted_objects" {
   # Based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lifecycle-config-conceptual-ex7
   rule {
     id = "ExpireOldDeleteMarkers"
-    filter {}
+    filter {
+      # We only want to expire objects with the `blobs/` prefix, i.e. Asset Blobs.
+      # Other objects in this bucket are not subject to this lifecycle policy.
+      prefix = "blobs/"
+    }
 
     # Expire objects with delete markers after 30 days
     noncurrent_version_expiration {