From b29628534c2a96c1455c0051547fed7b353c1e0e Mon Sep 17 00:00:00 2001
From: "scott.fullerton1" <scott.fullerton1@nhs.net>
Date: Mon, 27 Apr 2026 15:40:57 +0100
Subject: [PATCH 1/2] CCM-16439: Initial commit

---
 .../terraform/components/dl/README.md         |  2 +-
 .../components/dl/module_s3bucket_pii_data.tf | 25 +++++++++++++++++++
 .../terraform/components/dl/variables.tf      |  2 +-
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/infrastructure/terraform/components/dl/README.md b/infrastructure/terraform/components/dl/README.md
index 43435531b..2c63a999d 100644
--- a/infrastructure/terraform/components/dl/README.md
+++ b/infrastructure/terraform/components/dl/README.md
@@ -45,7 +45,7 @@ No requirements.
 | <a name="input_metadata_refresh_schedule"></a> [metadata\_refresh\_schedule](#input\_metadata\_refresh\_schedule) | Schedule for refreshing reporting metadata. | `string` | `"cron(10 6-22 * * ? *)"` | no |
 | <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments | `string` | `"main"` | no |
 | <a name="input_pii_data_retention_non_current_days"></a> [pii\_data\_retention\_non\_current\_days](#input\_pii\_data\_retention\_non\_current\_days) | The number of non current days for data retention policy for PII | `number` | `14` | no |
-| <a name="input_pii_data_retention_policy_days"></a> [pii\_data\_retention\_policy\_days](#input\_pii\_data\_retention\_policy\_days) | The number of days for data retention policy for PII | `number` | `534` | no |
+| <a name="input_pii_data_retention_policy_days"></a> [pii\_data\_retention\_policy\_days](#input\_pii\_data\_retention\_policy\_days) | The number of days for data retention policy for PII | `number` | `90` | no |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_queue_batch_size"></a> [queue\_batch\_size](#input\_queue\_batch\_size) | maximum number of queue items to process | `number` | `10` | no |
 | <a name="input_queue_batch_window_seconds"></a> [queue\_batch\_window\_seconds](#input\_queue\_batch\_window\_seconds) | maximum time in seconds between processing events | `number` | `1` | no |
diff --git a/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf b/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf
index c9c729426..861050945 100644
--- a/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf
+++ b/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf
@@ -15,6 +15,31 @@ module "s3bucket_pii_data" {
 
   force_destroy = var.force_destroy
 
+  lifecycle_rules = [
+    {
+      enabled = true
+
+      expiration = {
+        days = var.pii_data_retention_policy_days
+      }
+
+      noncurrent_version_transition = [
+        {
+          noncurrent_days = "30"
+          storage_class   = "STANDARD_IA"
+        }
+      ]
+
+      noncurrent_version_expiration = {
+        noncurrent_days = var.pii_data_retention_non_current_days
+      }
+
+      abort_incomplete_multipart_upload = {
+        days = "1"
+      }
+    }
+  ]
+
   default_tags = {
     NHSE-Enable-S3-Backup-Acct = "True"
   }
diff --git a/infrastructure/terraform/components/dl/variables.tf b/infrastructure/terraform/components/dl/variables.tf
index 96a186827..8c1446de8 100644
--- a/infrastructure/terraform/components/dl/variables.tf
+++ b/infrastructure/terraform/components/dl/variables.tf
@@ -204,7 +204,7 @@ variable "report_scheduler_schedule" {
 variable "pii_data_retention_policy_days" {
   type        = number
   description = "The number of days for data retention policy for PII"
-  default     = 534
+  default     = 90
 }
 
 variable "pii_data_retention_non_current_days" {

From 4d44402127cb4ed5e6fb5d0e7843df3ca63a8e65 Mon Sep 17 00:00:00 2001
From: "scott.fullerton1" <scott.fullerton1@nhs.net>
Date: Tue, 28 Apr 2026 09:25:46 +0100
Subject: [PATCH 2/2] CCM-16439: Fix deploy error

---
 .../terraform/components/dl/module_s3bucket_pii_data.tf    | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf b/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf
index 861050945..921121b1e 100644
--- a/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf
+++ b/infrastructure/terraform/components/dl/module_s3bucket_pii_data.tf
@@ -23,13 +23,6 @@ module "s3bucket_pii_data" {
         days = var.pii_data_retention_policy_days
       }
 
-      noncurrent_version_transition = [
-        {
-          noncurrent_days = "30"
-          storage_class   = "STANDARD_IA"
-        }
-      ]
-
       noncurrent_version_expiration = {
         noncurrent_days = var.pii_data_retention_non_current_days
       }