fix(core): z113 Local account S3 buckets wrong retention

reference-artifacts/config.ALZ.json

@@ -3,8 +3,7 @@
     "alz-minimum-version": "v2.3.1",
     "alz-baseline": true,
     "ct-baseline": false,
-    "central-log-retention": 730,
-    "default-log-retention": 90,
+    "default-s3-retention": 90,
     "central-bucket": "AWSDOC-EXAMPLE-BUCKET",
     "organization-admin-role": "AWSCloudFormationStackSetExecutionRole",
     "default-cwl-retention": 731,
@@ -59,6 +58,7 @@
     "central-log-services": {
       "account": "log-archive",
       "region": "ca-central-1",
+      "s3-retention": 730,
       "cwl-glbl-exclusions": [],
       "cwl-exclusions": [],
       "ssm-to-s3": true,
@@ -1483,7 +1483,7 @@
           }
         ]
       },
-      "log-retention": 180,
+      "s3-retention": 180,
       "limits": {},
       "iam": {
         "users": [

reference-artifacts/config.example.json

@@ -3,8 +3,7 @@
     "alz-minimum-version": "v2.3.1",
     "alz-baseline": false,
     "ct-baseline": false,
-    "central-log-retention": 730,
-    "default-log-retention": 90,
+    "default-s3-retention": 90,
     "central-bucket": "AWSDOC-EXAMPLE-BUCKET",
     "organization-admin-role": "AWSCloudFormationStackSetExecutionRole",
     "default-cwl-retention": 731,
@@ -59,6 +58,7 @@
     "central-log-services": {
       "account": "log-archive",
       "region": "ca-central-1",
+      "s3-retention": 730,
       "cwl-glbl-exclusions": [],
       "cwl-exclusions": [],
       "ssm-to-s3": true,
@@ -1482,7 +1482,7 @@
           }
         ]
       },
-      "log-retention": 180,
+      "s3-retention": 180,
       "limits": {},
       "iam": {
         "users": [

src/deployments/cdk/src/deployments/defaults/shared.ts

@@ -2,7 +2,6 @@ import * as cdk from '@aws-cdk/core';
 import * as iam from '@aws-cdk/aws-iam';
 import * as kms from '@aws-cdk/aws-kms';
 import { Bucket } from '@aws-accelerator/cdk-constructs/src/s3';
-import { AcceleratorConfig } from '@aws-accelerator/common-config/src';
 import { createEncryptionKeyName } from '@aws-accelerator/cdk-accelerator/src/core/accelerator-name-generator';
 import { AccountStack } from '../../common/account-stacks';
 import { overrideLogicalId } from '../../utils/cdk';
@@ -30,15 +29,10 @@ export function createDefaultS3Key(props: { accountStack: AccountStack }): kms.K
  */
 export function createDefaultS3Bucket(props: {
   accountStack: AccountStack;
-  config: AcceleratorConfig;
   encryptionKey: kms.Key;
+  logRetention: number;
 }): Bucket {
-  const { accountStack, config, encryptionKey } = props;
-
-  const defaultLogRetention = config['global-options']['central-log-retention'];
-
-  const accountConfig = config.getAccountByKey(accountStack.accountKey);
-  const logRetention = accountConfig['log-retention'] ?? defaultLogRetention;
+  const { accountStack, encryptionKey, logRetention } = props;
 
   // Generate fixed bucket name so we can do initialize cross-account bucket replication
   const bucket = new Bucket(accountStack, 'DefaultBucket', {

src/deployments/cdk/src/deployments/defaults/step-1.ts

@@ -158,10 +158,12 @@ function createCentralLogBucket(props: DefaultsStep1Props) {
     accountStack: logAccountStack,
   });
 
+  const defaultLogRetention = config['global-options']['central-log-services']['s3-retention'];
+
   const logBucket = createDefaultS3Bucket({
     accountStack: logAccountStack,
-    config,
     encryptionKey: logKey,
+    logRetention: defaultLogRetention!,
   });
 
   // Allow replication from all Accelerator accounts

src/deployments/cdk/src/deployments/defaults/step-2.ts

@@ -46,10 +46,15 @@ function createDefaultS3Buckets(props: DefaultsStep2Props) {
       accountStack,
     });
 
+    const defaultLogRetention = config['global-options']['default-s3-retention'];
+
+    const accountConfig = config.getAccountByKey(accountStack.accountKey);
+    const logRetention = accountConfig['s3-retention'] ?? defaultLogRetention;
+
     const bucket = createDefaultS3Bucket({
       accountStack,
-      config,
       encryptionKey: key,
+      logRetention,
     });
     bucket.replicateTo({
       destinationBucket: centralLogBucket,

src/lib/common-config/src/index.ts

@@ -546,7 +546,7 @@ export const MandatoryAccountConfigType = t.interface({
   vpc: optional(t.array(VpcConfigType)),
   deployments: optional(DeploymentConfigType),
   alb: optional(t.array(AlbConfigType)),
-  'log-retention': optional(t.number),
+  's3-retention': optional(t.number),
   budget: optional(BudgetConfigType),
   'account-warming-required': optional(t.boolean),
   'cwl-retention': optional(t.number),
@@ -660,6 +660,7 @@ export const CentralServicesConfigType = t.interface({
   'config-aggr-excl-regions': optional(t.array(t.string)),
   'sns-excl-regions': optional(t.array(t.string)),
   'sns-subscription-emails': fromNullable(t.record(t.string, t.array(t.string)), {}),
+  's3-retention': optional(t.number),
 });
 
 export const ScpsConfigType = t.interface({
@@ -740,8 +741,7 @@ export const CloudWatchAlarmsConfigType = t.interface({
 export const GlobalOptionsConfigType = t.interface({
   'alz-baseline': t.boolean,
   'ct-baseline': t.boolean,
-  'central-log-retention': t.number,
-  'default-log-retention': t.number,
+  'default-s3-retention': t.number,
   'central-bucket': NonEmptyString,
   reports: ReportsConfigType,
   zones: GlobalOptionsZonesConfigType,