diff --git a/infrastructure/dynamo_db.tf b/infrastructure/dynamo_db.tf index ec570da5..97a05065 100644 --- a/infrastructure/dynamo_db.tf +++ b/infrastructure/dynamo_db.tf @@ -590,6 +590,61 @@ module "bulk_upload_contact_lookup_table" { }, ] + environment = var.environment + owner = var.owner +} + +module "user_restriction_table" { + source = "./modules/dynamo_db" + table_name = var.user_restrictions_table_name + hash_key = "ID" + deletion_protection_enabled = var.deletion_protection_enabled + point_in_time_recovery_enabled = !local.is_sandbox + + attributes = [ + { + name = "ID" + type = "S" + }, + { + name = "RestrictedSmartcard" + type = "S" + }, + { + name = "NhsNumber" + type = "S" + }, + { + name = "Custodian" + type = "S" + }, + { + name = "Created" + type = "N" + }, + ] + + global_secondary_indexes = [ + { + name = "RestrictedSmartcardIndex" + hash_key = "RestrictedSmartcard" + range_key = "Created" + projection_type = "ALL" + }, + { + name = "NhsNumberIndex" + hash_key = "NhsNumber" + range_key = "Created" + projection_type = "ALL" + }, + { + name = "CustodianIndex" + hash_key = "Custodian" + range_key = "Created" + projection_type = "ALL" + } + ] + environment = var.environment owner = var.owner } \ No newline at end of file diff --git a/infrastructure/variable.tf b/infrastructure/variable.tf index 90a6a69f..bbf4eeea 100644 --- a/infrastructure/variable.tf +++ b/infrastructure/variable.tf @@ -202,6 +202,12 @@ variable "deletion_protection_enabled" { default = false } +variable "user_restrictions_table_name" { + description = "The DynamoDB table name for storing user restrictions" + type = string + default = "UserRestrictions" +} + # VPC Variables variable "standalone_vpc_tag" {