Add dynamodb to perm boundary

BCDevOps · Oct 26, 2023 · 93e5a77 · 93e5a77
1 parent 032eba7
commit 93e5a77
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/modules/account-sso/main.tf b/modules/account-sso/main.tf
@@ -59,6 +59,12 @@ resource "aws_iam_policy" "bcgov_perm_boundary" {
         Resource = "*"
         Sid      = "DenyPermBoundaryBCGovIDPAlteration"
       },
+      {
+        Action   = "dynamodb:DeleteTable"
+        Effect   = "Deny"
+        Resource = "arn:aws:dynamodb:*:*:table/BCGOV_IAM_USER_TABLE"
+        Sid      = "DenyIAMUserTableDeletion"
+      },       
       {
         Action   = "elasticloadbalancing:DeleteLoadBalancer"
         Effect   = "Deny"