| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 | /* Configuration of S3 bucket for backupsUses server side encryption to securedata.*/// S3 bucket for cluster storageresource "aws_s3_bucket" "storage" {  bucket        = "xdr-${var.environment}-vmray-backups"  force_destroy = var.instance_termination_protection ? false : true # reverse of termination protection, destroy if no termination protection}resource "aws_s3_bucket_acl" "s3_acl_storage" {  bucket = aws_s3_bucket.storage.id  acl    = "private"}resource "aws_s3_bucket_server_side_encryption_configuration" "s3_sse_storage" {  bucket = aws_s3_bucket.storage.id  rule {    apply_server_side_encryption_by_default {      kms_master_key_id = aws_kms_key.s3.arn      sse_algorithm     = "aws:kms"    }  }}resource "aws_s3_bucket_lifecycle_configuration" "s3_lifecyle_storage" {  bucket = aws_s3_bucket.storage.id  rule {    id     = "DeleteAfter90Days"    status = "Enabled"    abort_incomplete_multipart_upload {      days_after_initiation = 7    }    expiration {      days = 90    }    noncurrent_version_expiration {      noncurrent_days = 93 # If they've expired and not been synced back, be able to rescue them    }    noncurrent_version_transition {      noncurrent_days = 30      storage_class   = "STANDARD_IA"    }  }}resource "aws_s3_bucket_public_access_block" "awsconfig_bucket_block_public_access" {  block_public_acls       = true  block_public_policy     = true  bucket                  = aws_s3_bucket.storage.id  ignore_public_acls      = true  restrict_public_buckets = true}resource "aws_s3_bucket_versioning" "versioning" {  bucket = aws_s3_bucket.storage.id  versioning_configuration {    status = "Enabled"  }}
 |