diff --git a/modules/account-sso/main.tf b/modules/account-sso/main.tf index 569d5ac..d3bfd2b 100644 --- a/modules/account-sso/main.tf +++ b/modules/account-sso/main.tf @@ -59,6 +59,12 @@ resource "aws_iam_policy" "bcgov_perm_boundary" { Resource = "*" Sid = "DenyPermBoundaryBCGovIDPAlteration" }, + { + Action = "dynamodb:DeleteTable" + Effect = "Deny" + Resource = "arn:aws:dynamodb:*:*:table/BCGOV_IAM_USER_TABLE" + Sid = "DenyIAMUserTableDeletion" + }, { Action = "elasticloadbalancing:DeleteLoadBalancer" Effect = "Deny"