enhancement: Set dynamoDB deletion protection to true to solve securi…

…ty hub finding (#30)

enhancement: Set dynamoDB deletion protection to true to solve security hub finding

examples/basic/main.tf

@@ -16,7 +16,7 @@ resource "random_string" "random" {
 module "security_hub_manager" {
   source = "../../"
 
-  kms_key_arn    = aws_kms_key.default.arn
-  s3_bucket_name = "securityhub-suppressor-artifacts-${random_string.random.result}"
-  tags           = { Terraform = true }
+  kms_key_arn                 = aws_kms_key.default.arn
+  s3_bucket_name              = "securityhub-suppressor-artifacts-${random_string.random.result}"
+  tags                        = { Terraform = true }
 }

suppressor.tf

@@ -1,10 +1,11 @@
 # DynamoDB table for storing suppressions list
 resource "aws_dynamodb_table" "suppressor_dynamodb_table" {
-  name             = var.dynamodb_table
-  billing_mode     = "PAY_PER_REQUEST"
-  hash_key         = "controlId"
-  stream_enabled   = true
-  stream_view_type = "KEYS_ONLY"
+  name                        = var.dynamodb_table
+  billing_mode                = "PAY_PER_REQUEST"
+  deletion_protection_enabled = var.dynamodb_deletion_protection
+  hash_key                    = "controlId"
+  stream_enabled              = true
+  stream_view_type            = "KEYS_ONLY"
 
   attribute {
     name = "controlId"

variables.tf

@@ -1,3 +1,9 @@
+variable "dynamodb_deletion_protection" {
+  type        = bool
+  default     = true
+  description = "The DynamoDB table deletion protection option."
+}
+
 variable "dynamodb_table" {
   type        = string
   default     = "securityhub-suppression-list"