From 020d945b8264033ddc0018fbbd2ad406872c7506 Mon Sep 17 00:00:00 2001
From: Andrew Pearce <andrew.pearce@digital.justice.gov.uk>
Date: Thu, 5 Oct 2023 14:13:57 +0100
Subject: [PATCH] create a gateway endpoint for dynamodb

---
 terraform/account/region/vpc_endpoints.tf | 24 +++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/terraform/account/region/vpc_endpoints.tf b/terraform/account/region/vpc_endpoints.tf
index e92c97e336..30b23f5fd0 100644
--- a/terraform/account/region/vpc_endpoints.tf
+++ b/terraform/account/region/vpc_endpoints.tf
@@ -104,3 +104,27 @@ data "aws_iam_policy_document" "s3_vpc_endpoint" {
     }
   }
 }
+
+resource "aws_vpc_endpoint" "dynamodb" {
+  provider          = aws.region
+  count             = 3
+  vpc_id            = module.network.vpc.id
+  service_name      = "com.amazonaws.${data.aws_region.current.name}.dynamodb"
+  route_table_ids   = tolist(data.aws_route_tables.public.ids)
+  vpc_endpoint_type = "Gateway"
+  policy            = data.aws_iam_policy_document.dynamodb_vpc_endpoint.json
+  tags              = { "Name" = "public.${data.aws_default_tags.current.tags.account-name}" }
+}
+
+data "aws_iam_policy_document" "dynamodb_vpc_endpoint" {
+  provider = aws.region
+  statement {
+    sid       = "DynamoDBVpcEndpointPolicy"
+    actions   = ["*"]
+    resources = ["*"]
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+  }
+}