Update main.tf

Author: anajmi07

infra/modules/kb-stack/main.tf

@@ -12,6 +12,48 @@ resource "aws_s3_bucket_public_access_block" "kb_bucket_pab" {
   restrict_public_buckets = true
 }
 
+# Access logging bucket
+resource "aws_s3_bucket" "access_logs" {
+  bucket_prefix = "${var.name}-access-logs"
+}
+
+resource "aws_s3_bucket_public_access_block" "access_logs_pab" {
+  bucket = aws_s3_bucket.access_logs.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+# Enable access logging
+resource "aws_s3_bucket_logging" "kb_bucket_logging" {
+  bucket = aws_s3_bucket.kb_bucket.id
+
+  target_bucket = aws_s3_bucket.access_logs.id
+  target_prefix = "access-logs/"
+}
+
+# Lifecycle configuration
+resource "aws_s3_bucket_lifecycle_configuration" "kb_bucket_lifecycle" {
+  bucket = aws_s3_bucket.kb_bucket.id
+
+  rule {
+    id     = "knowledge_base_lifecycle"
+    status = "Enabled"
+
+    transition {
+      days          = 30
+      storage_class = "STANDARD_IA"
+    }
+
+    transition {
+      days          = 90
+      storage_class = "GLACIER"
+    }
+  }
+}
+
 # IAM Role for Bedrock
 resource "aws_iam_role" "bedrock_role" {
   name = "${var.name}-bedrock-role"