feat: add a deletion protection flag for DynamoDB table (#122)

nozaq · Dec 21, 2023 · 41ab8a9 · 41ab8a9
1 parent b2fc891
commit 41ab8a9
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 23 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,21 +1,22 @@
 {
-	"name": "Terraform",
-	"build": {
-		"dockerfile": "./Dockerfile",
-		"context": "."
-	},
-	"features": {
-		"ghcr.io/devcontainers/features/terraform:1": {
-			"version": "latest",
-			"installTerraformDocs": true
-		}
-	},
-	"customizations": {
-		"vscode": {
-			"extensions": [
-				"EditorConfig.EditorConfig"
-			]
-		}
-	},
-	"postCreateCommand": "pre-commit install"
-}
+  "name": "Terraform",
+  "build": {
+    "dockerfile": "./Dockerfile",
+    "context": "."
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/terraform:1": {
+      "version": "latest",
+      "installTerraformDocs": true
+    }
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "EditorConfig.EditorConfig",
+        "GitHub.copilot"
+      ]
+    }
+  },
+  "postCreateCommand": "pre-commit install"
+}
diff --git a/README.md b/README.md
@@ -96,6 +96,7 @@ See [the official document](https://www.terraform.io/docs/backends/types/s3.html
 
 | Name | Description | Type | Required |
 |------|-------------|------|:--------:|
+| <a name="input_dynamodb_deletion_protection_enabled"></a> [dynamodb\_deletion\_protection\_enabled](#input\_dynamodb\_deletion\_protection\_enabled) | Whether or not to enable deletion protection on the DynamoDB table | `bool` | no |
 | <a name="input_dynamodb_enable_server_side_encryption"></a> [dynamodb\_enable\_server\_side\_encryption](#input\_dynamodb\_enable\_server\_side\_encryption) | Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK) | `bool` | no |
 | <a name="input_dynamodb_table_billing_mode"></a> [dynamodb\_table\_billing\_mode](#input\_dynamodb\_table\_billing\_mode) | Controls how you are charged for read and write throughput and how you manage capacity. | `string` | no |
 | <a name="input_dynamodb_table_name"></a> [dynamodb\_table\_name](#input\_dynamodb\_table\_name) | The name of the DynamoDB table to use for state locking. | `string` | no |

diff --git a/dynamo.tf b/dynamo.tf
@@ -10,9 +10,10 @@ locals {
 }
 
 resource "aws_dynamodb_table" "lock" {
-  name         = var.dynamodb_table_name
-  billing_mode = var.dynamodb_table_billing_mode
-  hash_key     = local.lock_key_id
+  name                        = var.dynamodb_table_name
+  billing_mode                = var.dynamodb_table_billing_mode
+  hash_key                    = local.lock_key_id
+  deletion_protection_enabled = var.dynamodb_deletion_protection_enabled
 
   attribute {
     name = local.lock_key_id

diff --git a/variables.tf b/variables.tf
@@ -172,6 +172,12 @@ variable "dynamodb_enable_server_side_encryption" {
   default     = false
 }
 
+variable "dynamodb_deletion_protection_enabled" {
+  description = "Whether or not to enable deletion protection on the DynamoDB table"
+  type        = bool
+  default     = true
+}
+
 #---------------------------------------------------------------------------------------------------
 # Optionally specifying a fixed bucket name
 #---------------------------------------------------------------------------------------------------