From a927bd1abd1c0cfda8a263b3025242d8909e8828 Mon Sep 17 00:00:00 2001
From: Ernesto <evogel@toogoodtogo.com>
Date: Wed, 12 Mar 2025 10:33:56 +0100
Subject: [PATCH 1/4] Add optional versioning for s3 buckets

---
 modules/datastore/s3.tf        | 8 ++++++++
 modules/datastore/variables.tf | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/modules/datastore/s3.tf b/modules/datastore/s3.tf
index b5ba180..19e3dcf 100644
--- a/modules/datastore/s3.tf
+++ b/modules/datastore/s3.tf
@@ -19,6 +19,14 @@ resource "aws_s3_bucket" "this" {
   )
 }
 
+resource "aws_s3_bucket_versioning" "this" {
+  count  = var.enable_versioning ? 1 : 0
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "this" {
   bucket = aws_s3_bucket.this.id
 
diff --git a/modules/datastore/variables.tf b/modules/datastore/variables.tf
index e294391..5689a98 100644
--- a/modules/datastore/variables.tf
+++ b/modules/datastore/variables.tf
@@ -71,3 +71,9 @@ variable "enable_key_rotation" {
   description = "Enable key rotation for KMS keys"
   default     = false
 }
+
+variable "enable_versioning" {
+  type        = bool
+  description = "Enable versioning for S3 bucket"
+  default     = false
+}

From b58395e8d0648941957ab1b089dd1e08b6d2360c Mon Sep 17 00:00:00 2001
From: Ernesto <evogel@toogoodtogo.com>
Date: Wed, 12 Mar 2025 10:34:30 +0100
Subject: [PATCH 2/4] Add optional backup window to database

---
 modules/datastore/rds.tf       |  3 +++
 modules/datastore/variables.tf | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/modules/datastore/rds.tf b/modules/datastore/rds.tf
index cddfa76..71cc3b4 100644
--- a/modules/datastore/rds.tf
+++ b/modules/datastore/rds.tf
@@ -71,6 +71,9 @@ resource "aws_rds_cluster" "this" {
   engine_version    = var.db_engine_version
   storage_encrypted = true
 
+  backup_retention_period = var.backup_retention_period
+  preferred_backup_window = var.preferred_backup_window
+
   final_snapshot_identifier = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete
   vpc_security_group_ids    = [aws_security_group.rds_security_group.id]
 
diff --git a/modules/datastore/variables.tf b/modules/datastore/variables.tf
index 5689a98..a238d9f 100644
--- a/modules/datastore/variables.tf
+++ b/modules/datastore/variables.tf
@@ -77,3 +77,15 @@ variable "enable_versioning" {
   description = "Enable versioning for S3 bucket"
   default     = false
 }
+
+variable "backup_retention_period" {
+  description = "The days to retain backups for"
+  type        = number
+  default     = null
+}
+
+variable "preferred_backup_window" {
+  description = "The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC"
+  type        = string
+  default     = "02:00-03:00"
+}

From ec32a089d21d77263482d98de0600f32276459dd Mon Sep 17 00:00:00 2001
From: Ernesto <evogel@toogoodtogo.com>
Date: Wed, 12 Mar 2025 10:43:46 +0100
Subject: [PATCH 3/4] Add parameters to the root of the project

---
 main.tf      |  4 ++++
 variables.tf | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/main.tf b/main.tf
index 9b2aaee..38316dd 100644
--- a/main.tf
+++ b/main.tf
@@ -12,6 +12,10 @@ module "metaflow-datastore" {
   subnet1_id                         = var.subnet1_id
   subnet2_id                         = var.subnet2_id
 
+  enable_versioning       = var.enable_s3_versioning
+  backup_retention_period = var.rds_backup_retention_period
+  preferred_backup_window = var.rds_preferred_backup_window
+
   db_instance_type  = var.db_instance_type
   db_engine_version = var.db_engine_version
 
diff --git a/variables.tf b/variables.tf
index 1738c0b..2a3d49f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -199,3 +199,21 @@ variable "enable_key_rotation" {
   description = "Enable key rotation for KMS keys"
   default     = false
 }
+
+variable "enable_s3_versioning" {
+  type        = bool
+  description = "Enable versioning for S3 bucket"
+  default     = false
+}
+
+variable "rds_backup_retention_period" {
+  description = "The days to retain backups for"
+  type        = number
+  default     = null
+}
+
+variable "rds_preferred_backup_window" {
+  description = "The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC"
+  type        = string
+  default     = "02:00-03:00"
+}

From 30a90bf909d48bb8d7384a780a40b2d4976bf312 Mon Sep 17 00:00:00 2001
From: Ernesto <evogel@toogoodtogo.com>
Date: Wed, 12 Mar 2025 11:14:10 +0100
Subject: [PATCH 4/4] Add parameters to db_instance

---
 modules/datastore/rds.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/datastore/rds.tf b/modules/datastore/rds.tf
index 71cc3b4..9d1c226 100644
--- a/modules/datastore/rds.tf
+++ b/modules/datastore/rds.tf
@@ -117,6 +117,7 @@ resource "aws_db_instance" "this" {
   multi_az                  = true                                                                                                           # Multiple availability zone?
   final_snapshot_identifier = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete
   vpc_security_group_ids    = [aws_security_group.rds_security_group.id]
+  backup_retention_period   = var.backup_retention_period
 
   tags = merge(
     var.standard_tags,