Enabling DDB delete protection in dev env to validate

nhsd-exeter · Jan 7, 2025 · 8d70730 · 8d70730
1 parent 1e79e55
commit 8d70730
Show file tree

Hide file tree

Showing 9 changed files with 13 additions and 0 deletions.
diff --git a/build/automation/var/profile/demo.mk b/build/automation/var/profile/demo.mk
@@ -40,6 +40,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status
 
 # WAF
 WAF_ENABLED := true
+DDB_DELETE_PROTECTION :=false
 
 # ==============================================================================
 # Performance variables

diff --git a/build/automation/var/profile/dev.mk b/build/automation/var/profile/dev.mk
@@ -39,6 +39,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status
 
 # WAF
 WAF_ENABLED := false
+DDB_DELETE_PROTECTION :=true
 
 # ==============================================================================
 # Performance variables

diff --git a/build/automation/var/profile/live.mk b/build/automation/var/profile/live.mk
@@ -41,6 +41,7 @@ SLACK_ALERT_CHANNEL := dos-integration-live-status
 
 # WAF
 WAF_ENABLED := true
+DDB_DELETE_PROTECTION :=true
 
 # ==============================================================================
 # Performance variables

diff --git a/build/automation/var/profile/pen.mk b/build/automation/var/profile/pen.mk
@@ -2,3 +2,4 @@
 
 # WAF
 WAF_ENABLED := true
+DDB_DELETE_PROTECTION :=false
diff --git a/build/automation/var/profile/perf.mk b/build/automation/var/profile/perf.mk
@@ -39,6 +39,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status
 
 # WAF
 WAF_ENABLED := true
+DDB_DELETE_PROTECTION :=false
 
 # ==============================================================================
 # Performance variables

diff --git a/build/automation/var/profile/perf2.mk b/build/automation/var/profile/perf2.mk
@@ -39,6 +39,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status
 
 # WAF
 WAF_ENABLED := true
+DDB_DELETE_PROTECTION :=false
 
 # ==============================================================================
 # Performance variables

diff --git a/build/automation/var/project.mk b/build/automation/var/project.mk
@@ -128,6 +128,7 @@ TF_VAR_shared_resources_sns_topic_app_alerts_for_slack_route53_health_check_alar
 
 # WAF
 TF_VAR_waf_enabled := $(WAF_ENABLED)
+TF_VAR_ddb_delete_protection :=$(DDB_DELETE_PROTECTION)
 TF_VAR_waf_acl_name := $(PROJECT_ID)-$(SHARED_ENVIRONMENT)-waf-acl
 TF_VAR_waf_log_group_name := aws-waf-logs-$(PROJECT_ID)-$(SHARED_ENVIRONMENT)-waf-log-group
 TF_VAR_waf_log_subscription_filter_name := $(PROJECT_ID)-$(SHARED_ENVIRONMENT)-waf-log-subscription-filter

diff --git a/infrastructure/stacks/shared-resources/dynamodb.tf b/infrastructure/stacks/shared-resources/dynamodb.tf
@@ -3,6 +3,7 @@ resource "aws_dynamodb_table" "message-history-table" {
   billing_mode = "PAY_PER_REQUEST"
   hash_key     = "Id"
   range_key    = "ODSCode"
+  deletion_protection_enabled = var.ddb_delete_protection
 
   server_side_encryption {
     enabled     = true

diff --git a/infrastructure/stacks/shared-resources/variables.tf b/infrastructure/stacks/shared-resources/variables.tf
@@ -158,6 +158,11 @@ variable "waf_enabled" {
   description = "Whether to enable WAF"
 }
 
+variable "ddb_delete_protection" {
+  type        = bool
+  description = "Whether to enable delete protection"
+}
+
 variable "waf_acl_name" {
   type        = string
   description = "Name of the WAF ACL"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,3 +2,4 @@

		# WAF
		WAF_ENABLED := true
		DDB_DELETE_PROTECTION :=false