Logging buckets should not get versioning by default. Versioned buckets should have a reasonable default lifecycle policy for old versions.

[mobri2a]

DefaultS3Props (solution constructs core) sets versioning on for logging buckets, but does not set a lifecycle policy. Versioning on logging buckets isn't useful, as objects are written once. Versioning without a minimal lifecycle policy run the risk of increasing storage (and cost) without bounds.

Reproduction Steps

const loggingBucket = new Bucket(this, "S3LoggingBucket", loggingBucketConfig)

Produces (uninteresting bits omitted):

S3LoggingBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: LogDeliveryWrite
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      LoggingConfiguration:
        LogFilePrefix: access-logs
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
      VersioningConfiguration:
        Status: Enabled

Error Log

No errors. But, versioning on logging buckets isn't useful, as objects are written once. Versioning without a minimal lifecycle policy run the risk of increasing storage (and cost) without bounds.

Environment

• CDK CLI Version : 1.56.0
• CDK Framework Version: 1.56.0
• AWS Solutions Constructs Version : 1.56.0
• OS : OS/X
• Language : Typescript

Other

---

This is 🐛 Bug Report

[hnishar]

mobri2a@ Makes sense to remove the versioning for Logging bucket.

Default life cycle policy of the versioned buckets can be to transition the older versions to Glacier in 90 days. Life cycle policy can always be overridden by the user via the Construct Props. Feel free to share your thoughts as well.

[hnishar]

This has been fixed in v1.64.0