Add policy for S3 buckets

[sfisher]

===========================================================
---Account: cdl-uc3-dev---
--------No ICMU Rule in Lifecycle Policy(6):--------
demo-bucket-671846987296  ??????
ezid-n2t-dev-s3-logs

--------No Lifecyle Policy (11):--------
ezid-n2t-dev-s3-private
jing-s3-bucket-dev-bucket

Colin says:

As we discussed in Tech Council, I'm going through all of the S3 buckets in all of our accounts and checking to make sure they have a Lifecycle Policy with a rule to delete incomplete multi-part uploads, because 1) they are completely useless, 2) they are invisible, and 3) AWS bills us for them.
For buckets that aren't managed by cloudformation, I am going to create this rule manually, either in a new lifecycle policy if the bucket doesn't already have one, or at the end of the bucket's existing lifecycle policy.
For buckets managed by cloudformation in the program accounts, I'm asking ya'll to apply your own rules, ideally with the following cloudformation snippet so that subsequent stack updates don't clobber the rule.

  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: {{sceptre_user_data.bucketName}}
      LifecycleConfiguration:
        Rules:
          - Id: ICMU
            Status: Enabled
            AbortIncompleteMultipartUpload:
              DaysAfterInitiation: 5

Eventually, I'm planning to make housekeeper report on buckets that don't have this type of rule (or don't have a lifecycle policy at all), but I'm procrastinating on that until the list of such buckets becomes much shorter. Let me know if you have any questions!

[sfisher]

@ashleygould Do you know if any of the EZID services use cloudformation for setup?

I'd put this ticket in a while back to remind me to check on this. There are 2 n2t s3 buckets and a "jing" one that Colin mentioned. It sounds like he was applying the policy and was just worried in case cloudformation was resetting the policies.

So I think I can consider this done, right?