Merge pull request #82 from nationalarchives/DR2-2006-add-dynamo-reso…

…urce-policy-variable DR2-2006 Add dynamo resource policy variable.
nationalarchives · Dec 2, 2024 · 46ca1bc · 46ca1bc
2 parents 22e0f0c + 4080e14
commit 46ca1bc
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/dynamo/main.tf b/dynamo/main.tf
@@ -58,7 +58,26 @@ resource "aws_dynamodb_table" "table" {
   )
 }
 
-resource "aws_dynamodb_resource_policy" "require_ssl" {
+data "aws_iam_policy_document" "policy_document" {
+  source_policy_documents = var.resource_policy == "" ? [
+    templatefile(
+      "${path.module}/templates/dynamo_require_ssl.json.tpl",
+      {
+        table_arn = aws_dynamodb_table.table.arn
+      }
+    )
+    ] : [
+    var.resource_policy,
+    templatefile(
+      "${path.module}/templates/dynamo_require_ssl.json.tpl",
+      {
+        table_arn = aws_dynamodb_table.table.arn
+      }
+    )
+  ]
+}
+
+resource "aws_dynamodb_resource_policy" "resource_policy" {
   resource_arn = aws_dynamodb_table.table.arn
-  policy       = templatefile("${path.module}/templates/dynamo_require_ssl.json.tpl", { table_arn = aws_dynamodb_table.table.arn })
+  policy       = data.aws_iam_policy_document.policy_document.json
 }
diff --git a/dynamo/variables.tf b/dynamo/variables.tf
@@ -76,3 +76,7 @@ variable "stream_enabled" {
 variable "stream_view_type" {
   default = "NEW_IMAGE"
 }
+
+variable "resource_policy" {
+  default = ""
+}