Add option to enable point in time recovery for DynamoDB tables (#35)

* Add option to enable point in time recovery for DynamoDB tables * Updated README.md * Update variables.tf Co-Authored-By: Andriy Knysh <aknysh@users.noreply.github.com> * Updated README.md Co-authored-by: Maxim Mironenko <simixido@gmail.com> Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> Co-authored-by: Andriy Knysh <aknysh@users.noreply.github.com>
cloudposse · Feb 19, 2020 · d28ccb2 · d28ccb2
1 parent 6c3353f
commit d28ccb2
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -165,6 +165,7 @@ Available targets:
 | block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | string | `true` | no |
 | context | Default context to use for passing state between label invocations | object | `<map>` | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no |
+| enable_point_in_time_recovery | Enable DynamoDB point-in-time recovery | bool | `false` | no |
 | enable_server_side_encryption | Enable DynamoDB server-side encryption | bool | `true` | no |
 | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no |
 | force_destroy | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | bool | `false` | no |

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -9,6 +9,7 @@
 | block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | string | `true` | no |
 | context | Default context to use for passing state between label invocations | object | `<map>` | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no |
+| enable_point_in_time_recovery | Enable DynamoDB point-in-time recovery | bool | `false` | no |
 | enable_server_side_encryption | Enable DynamoDB server-side encryption | bool | `true` | no |
 | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no |
 | force_destroy | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | bool | `false` | no |

diff --git a/main.tf b/main.tf
@@ -143,6 +143,10 @@ resource "aws_dynamodb_table" "with_server_side_encryption" {
     enabled = true
   }
 
+  point_in_time_recovery {
+    enabled = var.enable_point_in_time_recovery
+  }
+
   lifecycle {
     ignore_changes = [
       read_capacity,
@@ -167,6 +171,10 @@ resource "aws_dynamodb_table" "without_server_side_encryption" {
   # https://www.terraform.io/docs/backends/types/s3.html#dynamodb_table
   hash_key = "LockID"
 
+  point_in_time_recovery {
+    enabled = var.enable_point_in_time_recovery
+  }
+
   lifecycle {
     ignore_changes = [
       read_capacity,

diff --git a/variables.tf b/variables.tf
@@ -115,6 +115,12 @@ variable "mfa_delete" {
   default     = false
 }
 
+variable "enable_point_in_time_recovery" {
+  type        = bool
+  description = "Enable DynamoDB point-in-time recovery"
+  default     = false
+}
+
 variable "enable_server_side_encryption" {
   type        = bool
   description = "Enable DynamoDB server-side encryption"