chore: Add Postgres instance deletion protection set to true by defau…

…lt (#127)
uktrade · May 21, 2024 · 979c92e · 979c92e
1 parent 2da6d2e
commit 979c92e
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/postgres/locals.tf b/postgres/locals.tf
@@ -23,6 +23,7 @@ locals {
   final_snapshot_identifier = !local.skip_final_snapshot ? "${local.name}-${random_string.suffix.result}" : null
   snapshot_id               = var.config.snapshot_id
   volume_size               = coalesce(var.config.volume_size, 100)
+  deletion_protection       = coalesce(var.config.deletion_protection, true)
 
   instance_class = coalesce(var.config.instance, "db.t3.micro")
   storage_type   = coalesce(var.config.storage_type, "gp3")

diff --git a/postgres/rds.tf b/postgres/rds.tf
@@ -67,6 +67,7 @@ resource "aws_db_instance" "default" {
 
   backup_retention_period = 7
   backup_window           = "07:00-09:00"
+  deletion_protection     = local.deletion_protection
 
   vpc_security_group_ids              = [aws_security_group.default.id]
   publicly_accessible                 = false

diff --git a/postgres/tests/unit.tftest.hcl b/postgres/tests/unit.tftest.hcl
@@ -224,6 +224,11 @@ run "aws_db_instance_unit_test" {
     error_message = "Should be: true"
   }
 
+  assert {
+    condition     = aws_db_instance.default.deletion_protection == true
+    error_message = "Should be: true"
+  }
+
   # Test aws_db_instance.default resource monitoring
   assert {
     condition     = aws_db_instance.default.performance_insights_enabled == true