Enable trailing delete in production

terraform/modules/dandiset_bucket/main.tf

@@ -283,7 +283,7 @@ data "aws_iam_policy_document" "dandiset_bucket_policy" {
   }
 
   dynamic "statement" {
-    for_each = var.trailing_delete ? [1] : []
+    for_each = var.versioning ? [1] : []
 
     content {
       sid = "PreventDeletionOfObjectVersions"
@@ -313,7 +313,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "expire_deleted_objects" {
   # Must have bucket versioning enabled first
   depends_on = [aws_s3_bucket_versioning.dandiset_bucket]
 
-  count = var.trailing_delete ? 1 : 0
+  count = var.versioning ? 1 : 0
 
   bucket = aws_s3_bucket.dandiset_bucket.id
 

terraform/modules/dandiset_bucket/variables.tf

@@ -34,10 +34,3 @@ variable "log_bucket_name" {
   type        = string
   description = "The name of the log bucket."
 }
-
-# TODO: this can be inferred from the "versioning" variable once we're ready
-# to deploy this to the production bucket as well.
-variable "trailing_delete" {
-  type        = bool
-  description = "Whether or not trailing delete should be enabled on the bucket."
-}

terraform/sponsored_bucket.tf

@@ -3,7 +3,6 @@ module "sponsored_dandiset_bucket" {
   bucket_name                           = "dandiarchive"
   public                                = true
   versioning                            = true
-  trailing_delete                       = false
   allow_cross_account_heroku_put_object = true
   heroku_user                           = data.aws_iam_user.api
   log_bucket_name                       = "dandiarchive-logs"
@@ -17,7 +16,6 @@ module "sponsored_embargo_bucket" {
   source          = "./modules/dandiset_bucket"
   bucket_name     = "dandiarchive-embargo"
   versioning      = false
-  trailing_delete = false
   heroku_user     = data.aws_iam_user.api
   log_bucket_name = "dandiarchive-embargo-logs"
   providers = {

terraform/staging_bucket.tf

@@ -3,7 +3,6 @@ module "staging_dandiset_bucket" {
   bucket_name             = "dandi-api-staging-dandisets"
   public                  = true
   versioning              = true
-  trailing_delete         = true
   allow_heroku_put_object = true
   heroku_user             = data.aws_iam_user.api_staging
   log_bucket_name         = "dandi-api-staging-dandiset-logs"
@@ -17,7 +16,6 @@ module "staging_embargo_bucket" {
   source          = "./modules/dandiset_bucket"
   bucket_name     = "dandi-api-staging-embargo-dandisets"
   versioning      = false
-  trailing_delete = false
   heroku_user     = data.aws_iam_user.api_staging
   log_bucket_name = "dandi-api-staging-embargo-dandisets-logs"
   providers = {