Add option to enable point in time recovery for DynamoDB tables (#35)

* Add option to enable point in time recovery for DynamoDB tables

* Updated README.md

* Update variables.tf

Co-Authored-By: Andriy Knysh <aknysh@users.noreply.github.com>

* Updated README.md

Co-authored-by: Maxim Mironenko <simixido@gmail.com>
Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>
Co-authored-by: Andriy Knysh <aknysh@users.noreply.github.com>

Author: 4 people

README.md

@@ -165,6 +165,7 @@ Available targets:
 | block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | string | `true` | no |
 | context | Default context to use for passing state between label invocations | object | `<map>` | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no |
+| enable_point_in_time_recovery | Enable DynamoDB point-in-time recovery | bool | `false` | no |
 | enable_server_side_encryption | Enable DynamoDB server-side encryption | bool | `true` | no |
 | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no |
 | force_destroy | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | bool | `false` | no |

docs/terraform.md

@@ -9,6 +9,7 @@
 | block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | string | `true` | no |
 | context | Default context to use for passing state between label invocations | object | `<map>` | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no |
+| enable_point_in_time_recovery | Enable DynamoDB point-in-time recovery | bool | `false` | no |
 | enable_server_side_encryption | Enable DynamoDB server-side encryption | bool | `true` | no |
 | environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | string | `` | no |
 | force_destroy | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | bool | `false` | no |

main.tf

@@ -143,6 +143,10 @@ resource "aws_dynamodb_table" "with_server_side_encryption" {
     enabled = true
   }
 
+  point_in_time_recovery {
+    enabled = var.enable_point_in_time_recovery
+  }
+
   lifecycle {
     ignore_changes = [
       read_capacity,
@@ -167,6 +171,10 @@ resource "aws_dynamodb_table" "without_server_side_encryption" {
   # https://www.terraform.io/docs/backends/types/s3.html#dynamodb_table
   hash_key = "LockID"
 
+  point_in_time_recovery {
+    enabled = var.enable_point_in_time_recovery
+  }
+
   lifecycle {
     ignore_changes = [
       read_capacity,

variables.tf

@@ -115,6 +115,12 @@ variable "mfa_delete" {
   default     = false
 }
 
+variable "enable_point_in_time_recovery" {
+  type        = bool
+  description = "Enable DynamoDB point-in-time recovery"
+  default     = false
+}
+
 variable "enable_server_side_encryption" {
   type        = bool
   description = "Enable DynamoDB server-side encryption"