[terraform] add PITR to dynamodb tables

Summary: enabled point in time recovery for all tables except identity workflows and nonces. wasn't sure which tables for other services should have this feature so enabled for all of them Test Plan: confirmed with terraform plan that these changes would enable PITR in production only Reviewers: bartek, kamil Reviewed By: bartek Subscribers: ashoat, tomek Differential Revision: https://phab.comm.dev/D13203
CommE2E · Sep 3, 2024 · 30e894e · 30e894e
1 parent 1d31bb5
commit 30e894e
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/services/terraform/modules/shared/dynamodb.tf b/services/terraform/modules/shared/dynamodb.tf
@@ -1,3 +1,7 @@
+locals {
+  pitr_enabled = terraform.workspace == "production" ? true : false
+}
+
 resource "aws_dynamodb_table" "backup-service-backup" {
   name         = "backup-service-backup"
   hash_key     = "userID"
@@ -26,6 +30,10 @@ resource "aws_dynamodb_table" "backup-service-backup" {
     projection_type    = "INCLUDE"
     non_key_attributes = ["userKeys", "siweBackupMsg"]
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "backup-service-log" {
@@ -43,6 +51,10 @@ resource "aws_dynamodb_table" "backup-service-log" {
     name = "logID"
     type = "N"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "blob-service-blobs" {
@@ -77,6 +89,10 @@ resource "aws_dynamodb_table" "blob-service-blobs" {
     range_key       = "last_modified"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "tunnelbroker-undelivered-messages" {
@@ -94,6 +110,10 @@ resource "aws_dynamodb_table" "tunnelbroker-undelivered-messages" {
     name = "messageID"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "tunnelbroker-device-tokens" {
@@ -116,6 +136,10 @@ resource "aws_dynamodb_table" "tunnelbroker-device-tokens" {
     hash_key        = "deviceToken"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-users" {
@@ -174,6 +198,10 @@ resource "aws_dynamodb_table" "identity-users" {
     hash_key        = "usernameLower"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-devices" {
@@ -219,6 +247,10 @@ resource "aws_dynamodb_table" "identity-devices" {
     range_key       = "loginTime"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-tokens" {
@@ -236,6 +268,10 @@ resource "aws_dynamodb_table" "identity-tokens" {
     name = "signingPublicKey"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-nonces" {
@@ -304,6 +340,10 @@ resource "aws_dynamodb_table" "identity-reserved-usernames" {
     hash_key        = "userID"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-one-time-keys" {
@@ -321,6 +361,10 @@ resource "aws_dynamodb_table" "identity-one-time-keys" {
     name = "timestamp#keyNumber"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "feature-flags" {
@@ -338,6 +382,10 @@ resource "aws_dynamodb_table" "feature-flags" {
     name = "feature"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "reports-service-reports" {
@@ -349,4 +397,8 @@ resource "aws_dynamodb_table" "reports-service-reports" {
     name = "reportID"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }