Merge pull request #249 from NHSDigital/feature/eja-eli-343-adding-deletion-protection-and-IG-public-access-block

eddalmond1 · web-flow · commit 50cf2009d270 · 2025-07-22T15:23:51.000+01:00
Feature/eja eli 343 adding deletion protection and ig public access block
diff --git a/infrastructure/modules/dynamodb/dynamodb.tf b/infrastructure/modules/dynamodb/dynamodb.tf
@@ -2,6 +2,7 @@ resource "aws_dynamodb_table" "dynamodb_table" {
   name         = "${terraform.workspace == "default" ? "" : "${terraform.workspace}-"}${var.project_name}-${var.environment}-${var.table_name_suffix}"
   billing_mode = "PAY_PER_REQUEST"
   hash_key     = var.partition_key
+  deletion_protection_enabled = var.environment == "prod"
 
   attribute {
     name = var.partition_key
diff --git a/infrastructure/stacks/networking/vpc.tf b/infrastructure/stacks/networking/vpc.tf
@@ -21,3 +21,8 @@ resource "aws_default_security_group" "default_vpc" {
     }
   )
 }
+
+# EC2.172 - block internet gateway access at the account level
+resource "aws_vpc_block_public_access_options" "default_vpc" {
+  internet_gateway_block_mode = "block-bidirectional"
+}

Original file line number	Diff line number	Diff line change
`@@ -21,3 +21,8 @@ resource "aws_default_security_group" "default_vpc" {`
`21`	`21`	`}`
`22`	`22`	`)`
`23`	`23`	`}`
	`24`	`+`
	`25`	`+# EC2.172 - block internet gateway access at the account level`
	`26`	`+resource "aws_vpc_block_public_access_options" "default_vpc" {`
	`27`	`+ internet_gateway_block_mode = "block-bidirectional"`
	`28`	`+}`