How do I specify a lifecycle rule that applies to the whole bucket? the saga continues...

[grimm26]

Terraform and AWS Provider Version

Terraform v1.9.8
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v5.94.0

Affected Resource(s) or Data Source(s)

aws_s3_bucket_lifecycle_configuration

Expected Behavior

per the docs, specifying no filter in a rule configuration is the deprecated way of affecting the whole bucket. The supported way specified in the docs says that a literal filter {} is how to make a lifecycle rule apply to all objects.

Therefore, no filter should give me a warning, and filter {} should just work.

Actual Behavior

Specifying filter {} throws a warning.

╷
│ Warning: Invalid Attribute Combination
│ 
│   with aws_s3_bucket_lifecycle_configuration.whole,
│   on main.tf line 18, in resource "aws_s3_bucket_lifecycle_configuration" "whole":
│   18:     filter {}
│ 
│ No attribute specified when one (and only one) of [rule[0].filter[0].prefix.<.object_size_greater_than,rule[0].filter[0].prefix.<.object_size_less_than,rule[0].filter[0].prefix.<.and,rule[0].filter[0].prefix.<.tag] is required
│ 
│ This will be an error in a future version of the provider
│ 

Specifying filter { prefix = "" } quiets the warning.

Relevant Error/Panic Output

Sample Terraform Configuration

Click to expand configuration

provider "aws" {}

resource "aws_s3_bucket" "example" {
  bucket = "my-example-bucket"

  tags = {
    Name = "MyExampleBucket"
  }
}

resource "aws_s3_bucket_lifecycle_configuration" "whole" {
  bucket = aws_s3_bucket.example.id

  rule {
    id     = "whole"
    status = "Enabled"

    filter {}

    expiration {
      days = 3
    }
  }
}

Steps to Reproduce

Using the configuration above, init and then plan.

Debug Logging

Click to expand log output

GenAI / LLM Assisted Development

n/a

Important Facts and References

Either the provider documentation is wrong or the implementation is wrong. Pls also see

• https://github.com/hashicorp/terraform-provider-aws/pull/41662
• https://github.com/hashicorp/terraform-provider-aws/issues/41710
• https://github.com/hashicorp/terraform-provider-aws/pull/42036

Would you like to implement a fix?

No

[github-actions[bot]]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! :rocket:

Voting for Prioritization

• Please vote on this Issue by adding a :+1: reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.

[grimm26]

Also, https://docs.aws.amazon.com/AmazonS3/latest/API/API_LifecycleRule.html states that filter is not required in a rule so I'm not sure why we need to supply it.

edit: upon further review, I think filter is not required because either it or prefix need to be there, but prefix is deprecated.

[EugenKon]

Yeah, this is what my issue was about: https://github.com/hashicorp/terraform-provider-aws/issues/42089

[fcuello-fudo]

Also, https://docs.aws.amazon.com/AmazonS3/latest/API/API_LifecycleRule.html states that filter is not required in a rule so I'm not sure why we need to supply it.

edit: upon further review, I think filter is not required because either it or prefix need to be there, but prefix is deprecated.

The problem is that the documentation contradicts itself:

From https://docs.aws.amazon.com/AmazonS3/latest/API/API_LifecycleRule.html "A Filter must have exactly one of Prefix, Tag, or And specified. Filter is required if the LifecycleRule does not contain a Prefix element."

From https://docs.aws.amazon.com/AmazonS3/latest/API/API_LifecycleRuleFilter.html "A Filter can have exactly one of Prefix, Tag, ObjectSizeGreaterThan, ObjectSizeLessThan, or And specified. If the Filter element is left empty, the Lifecycle Rule applies to all objects in the bucket."

[dimaman2001]

The problem is that the documentation contradicts itself:

From https://docs.aws.amazon.com/AmazonS3/latest/API/API_LifecycleRule.html "A Filter must have exactly one of Prefix, Tag, or And specified. Filter is required if the LifecycleRule does not contain a Prefix element."

From https://docs.aws.amazon.com/AmazonS3/latest/API/API_LifecycleRuleFilter.html "A Filter can have exactly one of Prefix, Tag, ObjectSizeGreaterThan, ObjectSizeLessThan, or And specified. If the Filter element is left empty, the Lifecycle Rule applies to all objects in the bucket."

This seem to be wording specifically because Prefix on the root is deprecated.

The aws_s3_bucket_lifecycle_configuration resource also has a deprecated prefix attribute. I would assume in the present state anyone using aws_s3_bucket_lifecycle_configuration would have to either set prefix or set a filter block with a prefix, tag, or and set.

In my opinion, having a lifecycle rule for the entire bucket should be the following in either v6 or v7 of the provider.

resource "aws_s3_bucket_lifecycle_configuration" "example" {
  bucket = aws_s3_bucket.bucket.id

  rule {
    ...

    filter {
     prefix = ""
    }
  }
}

In the meantime, can the warning and documentation simply be updated to say something similar for practitioners to understand what the final state should be?

[johannes-gehrs]

@dimaman2001 's suggestion (which I am sure is well intentioned) contradicts with the advice given here by @justinretzolk .

With the v5.86.0 update, we are finding it necessary to revert to the original behavior, where the filter block should be omitted to apply no filtering. Unfortunately, this creates a breaking change for users who previously added empty filter blocks in response to the v4.2.0 requirement.

[PT-GD]

This seems really straightforward:

1. If prefix is specified, use it (with the deprecation warning)
2. If filter {} is specified, then the "optional with default" prefix value of "" should be applied -- no warning
3. if filter is specified with values, validate and apply them
4. if filter and prefix are specified, that's an error

All of the following would then be treated equally:

• Neither filter nor prefix specified
• filter {} specified
• specfifying:

filter {
  prefix = ""
}

[johannes-gehrs]

In our setup we are currently not updating beyond provider version v5.85.0. We have prepared everything according to the maintainers' suggestions but we now cannot roll out newer versions without getting the warnings regarding the missing filter block.

It would be great to get a resolution here and I am wondering what we can do to help out.

[github-actions[bot]]

[!WARNING] This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[bitchecker]

filter {
  prefix = ""
}

Hi, if I try to apply this code, I still see the warning:

No attribute specified when one (and only one) of

[rule[0].filter,rule[0].prefix] is required

If I try, only filter {} I see:

No attribute specified when one (and only one) of

[rule[0].filter[0].prefix.<.object_size_greater_than,rule[0].filter[0].prefix.<.object_size_less_than,rule[0].filter[0].prefix.<.and,rule[0].filter[0].prefix.<.tag]

is required

So from my POV, nothing changed also with v5.98.0.

[pschneider86]

I don't see aws_s3_bucket_lifecycle_configuration in the changelog of 5.98 - is it even in there?

[fcuello-fudo]

I don't see aws_s3_bucket_lifecycle_configuration in the changelog of 5.98 - is it even in there?

It seems it was merged after the release

[github-actions[bot]]

This functionality has been released in v5.98.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[freddo256]

Please look into this again, using filter {} still returns the deprecation warning.

[grimm26]

Please look into this again, using filter {} still returns the deprecation warning.

@freddo256 https://github.com/hashicorp/terraform-provider-aws/issues/42112#issuecomment-2885900961

[github-actions[bot]]

This functionality has been released in v5.99.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.