diff --git a/README.md b/README.md index 29f412d..d717db1 100644 --- a/README.md +++ b/README.md @@ -165,6 +165,7 @@ Available targets: | block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | string | `true` | no | | context | Default context to use for passing state between label invocations | object | `` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | +| enable_point_in_time_recovery | Enable DynamoDB point-in-time recovery | bool | `false` | no | | enable_server_side_encryption | Enable DynamoDB server-side encryption | bool | `true` | no | | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | | force_destroy | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | bool | `false` | no | diff --git a/docs/terraform.md b/docs/terraform.md index fd20768..985434e 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -9,6 +9,7 @@ | block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | string | `true` | no | | context | Default context to use for passing state between label invocations | object | `` | no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no | +| enable_point_in_time_recovery | Enable DynamoDB point-in-time recovery | bool | `false` | no | | enable_server_side_encryption | Enable DynamoDB server-side encryption | bool | `true` | no | | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no | | force_destroy | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | bool | `false` | no | diff --git a/main.tf b/main.tf index e587a78..f2d6f1a 100644 --- a/main.tf +++ b/main.tf @@ -143,6 +143,10 @@ resource "aws_dynamodb_table" "with_server_side_encryption" { enabled = true } + point_in_time_recovery { + enabled = var.enable_point_in_time_recovery + } + lifecycle { ignore_changes = [ read_capacity, @@ -167,6 +171,10 @@ resource "aws_dynamodb_table" "without_server_side_encryption" { # https://www.terraform.io/docs/backends/types/s3.html#dynamodb_table hash_key = "LockID" + point_in_time_recovery { + enabled = var.enable_point_in_time_recovery + } + lifecycle { ignore_changes = [ read_capacity, diff --git a/variables.tf b/variables.tf index 6aa65c3..ced6ef6 100644 --- a/variables.tf +++ b/variables.tf @@ -115,6 +115,12 @@ variable "mfa_delete" { default = false } +variable "enable_point_in_time_recovery" { + type = bool + description = "Enable DynamoDB point-in-time recovery" + default = false +} + variable "enable_server_side_encryption" { type = bool description = "Enable DynamoDB server-side encryption"