Add access log retention policy

Author: andrewmackett

modules/cloud-storage-static-website/main.tf

@@ -105,6 +105,14 @@ resource "google_storage_bucket" "access_logs" {
     }
   }
 
+  dynamic "retention_policy" {
+    for_each = var.access_logs_retention_policy == null ? [] : [var.access_logs_retention_policy]
+    content {
+      is_locked        = var.access_logs_retention_policy.is_locked
+      retention_period = var.access_logs_retention_policy.retention_period
+    }
+  }
+
   lifecycle_rule {
     action {
       type = "Delete"

modules/cloud-storage-static-website/variables.tf

@@ -143,3 +143,11 @@ variable "custom_labels" {
   default     = {}
 }
 
+variable "access_logs_retention_policy" {
+  description = "Configuration of the access logs bucket's data retention policy for how long access log objects in the bucket should be retained."
+  type = object({
+    is_locked        = bool
+    retention_period = number
+  })
+  default = null
+}