File tree 5 files changed +27
-19
lines changed
5 files changed +27
-19
lines changed Original file line number Diff line number Diff line change 11data "aws_iam_policy_document" "read" {
2+ count = . output_policies ? 1 : 0
23 statement {
34 effect = " Allow"
45 resources =
@@ -15,6 +16,7 @@ data "aws_iam_policy_document" "read" {
1516}
1617
1718data "aws_iam_policy_document" "scan" {
19+ count = . output_policies ? 1 : 0
1820 statement {
1921 effect = " Allow"
2022 resources =
@@ -28,6 +30,7 @@ data "aws_iam_policy_document" "scan" {
2830}
2931
3032data "aws_iam_policy_document" "write" {
33+ count = . output_policies ? 1 : 0
3134 statement {
3235 effect = " Allow"
3336 resources = aws_dynamodb_table . this . arn ]
@@ -40,6 +43,7 @@ data "aws_iam_policy_document" "write" {
4043}
4144
4245data "aws_iam_policy_document" "delete" {
46+ count = . output_policies ? 1 : 0
4347 statement {
4448 effect = " Allow"
4549 resources = aws_dynamodb_table . this . arn ]
Original file line number Diff line number Diff line change @@ -19,6 +19,8 @@ resource "aws_dynamodb_table" "this" {
1919 hash_key = . hash_key . name
2020 range_key = try (var. range_key . name , null )
2121
22+ deletion_protection_enabled = . deletion_protection_enabled
23+
2224 dynamic "ttl" {
2325 for_each = . ttl_attribute != null ? [var . ttl_attribute ] : []
2426 content {
@@ -88,10 +90,6 @@ resource "aws_dynamodb_table" "this" {
8890 stream_view_type = . stream_settings . enabled && var. stream_settings . kinesis == null ? var. stream_settings . view_type : null
8991
9092 tags = . tags
91-
92- lifecycle {
93- prevent_destroy = true
94- }
9593}
9694
9795resource "aws_dynamodb_kinesis_streaming_destination" "this" {
Original file line number Diff line number Diff line change @@ -3,10 +3,10 @@ output "table" {
33}
44
55output "policies" {
6- value =
7- read = data.aws_iam_policy_document.read,
8- scan = data.aws_iam_policy_document.scan,
9- write = data.aws_iam_policy_document.write,
10- delete = data.aws_iam_policy_document.delete,
11- }
6+ value = var . output_policies ? {
7+ read = data.aws_iam_policy_document.read[ 0 ] ,
8+ scan = data.aws_iam_policy_document.scan[ 0 ] ,
9+ write = data.aws_iam_policy_document.write[ 0 ] ,
10+ delete = data.aws_iam_policy_document.delete[ 0 ] ,
11+ } : null
1212}
Original file line number Diff line number Diff line change @@ -2,13 +2,15 @@ variable "name" {
22 description = " Name of the DynamoDB Table"
33 type = string
44}
5+
56variable "hash_key" {
67 description = " Hash key configuration."
78 type = object ({
89 name = string
910 type = optional (string , " S"
1011 })
1112}
13+
1214variable "range_key" {
1315 description = " Range key configuration"
1416 type = object ({
@@ -68,6 +70,12 @@ variable "local_secondary_indexes" {
6870 default =
6971}
7072
73+ variable "deletion_protection_enabled" {
74+ description = " Enable deletion protection"
75+ type = bool
76+ default = true
77+ }
78+
7179variable "point_in_time_recovery_enabled" {
7280 description = " Enable point-in-time recovery (recommended)"
7381 type = bool
@@ -110,4 +118,10 @@ variable "tags" {
110118 description = " Resource tags for the table"
111119 type = map (string )
112120 default = null
113- }
121+ }
122+
123+ variable "output_policies" {
124+ description = " Generate default set of policies for the table"
125+ type = bool
126+ default = false
127+ }
Load Diff This file was deleted.
You can’t perform that action at this time.
0 commit comments