diff --git a/build/automation/var/profile/demo.mk b/build/automation/var/profile/demo.mk index 25f73b604..a2526e085 100644 --- a/build/automation/var/profile/demo.mk +++ b/build/automation/var/profile/demo.mk @@ -40,6 +40,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status # WAF WAF_ENABLED := true +DDB_DELETE_PROTECTION :=false # ============================================================================== # Performance variables diff --git a/build/automation/var/profile/dev.mk b/build/automation/var/profile/dev.mk index eea5dd264..46d5fa531 100644 --- a/build/automation/var/profile/dev.mk +++ b/build/automation/var/profile/dev.mk @@ -39,6 +39,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status # WAF WAF_ENABLED := false +DDB_DELETE_PROTECTION :=true # ============================================================================== # Performance variables diff --git a/build/automation/var/profile/live.mk b/build/automation/var/profile/live.mk index 63c92b70a..687f41931 100644 --- a/build/automation/var/profile/live.mk +++ b/build/automation/var/profile/live.mk @@ -41,6 +41,7 @@ SLACK_ALERT_CHANNEL := dos-integration-live-status # WAF WAF_ENABLED := true +DDB_DELETE_PROTECTION :=true # ============================================================================== # Performance variables diff --git a/build/automation/var/profile/pen.mk b/build/automation/var/profile/pen.mk index ed7cf892d..a10263d52 100644 --- a/build/automation/var/profile/pen.mk +++ b/build/automation/var/profile/pen.mk @@ -2,3 +2,4 @@ # WAF WAF_ENABLED := true +DDB_DELETE_PROTECTION :=false diff --git a/build/automation/var/profile/perf.mk b/build/automation/var/profile/perf.mk index 1991331db..684c5b842 100644 --- a/build/automation/var/profile/perf.mk +++ b/build/automation/var/profile/perf.mk @@ -39,6 +39,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status # WAF WAF_ENABLED := true +DDB_DELETE_PROTECTION :=false # ============================================================================== # Performance variables diff --git a/build/automation/var/profile/perf2.mk b/build/automation/var/profile/perf2.mk index c2adce59e..c549fc222 100644 --- a/build/automation/var/profile/perf2.mk +++ b/build/automation/var/profile/perf2.mk @@ -39,6 +39,7 @@ SLACK_ALERT_CHANNEL := dos-integration-dev-status # WAF WAF_ENABLED := true +DDB_DELETE_PROTECTION :=false # ============================================================================== # Performance variables diff --git a/build/automation/var/project.mk b/build/automation/var/project.mk index f93125ba9..901bad8b1 100644 --- a/build/automation/var/project.mk +++ b/build/automation/var/project.mk @@ -128,6 +128,7 @@ TF_VAR_shared_resources_sns_topic_app_alerts_for_slack_route53_health_check_alar # WAF TF_VAR_waf_enabled := $(WAF_ENABLED) +TF_VAR_ddb_delete_protection :=$(DDB_DELETE_PROTECTION) TF_VAR_waf_acl_name := $(PROJECT_ID)-$(SHARED_ENVIRONMENT)-waf-acl TF_VAR_waf_log_group_name := aws-waf-logs-$(PROJECT_ID)-$(SHARED_ENVIRONMENT)-waf-log-group TF_VAR_waf_log_subscription_filter_name := $(PROJECT_ID)-$(SHARED_ENVIRONMENT)-waf-log-subscription-filter diff --git a/infrastructure/stacks/shared-resources/dynamodb.tf b/infrastructure/stacks/shared-resources/dynamodb.tf index f602babb3..2734b6f66 100644 --- a/infrastructure/stacks/shared-resources/dynamodb.tf +++ b/infrastructure/stacks/shared-resources/dynamodb.tf @@ -3,6 +3,7 @@ resource "aws_dynamodb_table" "message-history-table" { billing_mode = "PAY_PER_REQUEST" hash_key = "Id" range_key = "ODSCode" + deletion_protection_enabled = var.ddb_delete_protection server_side_encryption { enabled = true diff --git a/infrastructure/stacks/shared-resources/variables.tf b/infrastructure/stacks/shared-resources/variables.tf index 0f6ec6052..e9dceff19 100755 --- a/infrastructure/stacks/shared-resources/variables.tf +++ b/infrastructure/stacks/shared-resources/variables.tf @@ -158,6 +158,11 @@ variable "waf_enabled" { description = "Whether to enable WAF" } +variable "ddb_delete_protection" { + type = bool + description = "Whether to enable delete protection" +} + variable "waf_acl_name" { type = string description = "Name of the WAF ACL"