From 93e5a77e13e9adb350f96b49842e29090e3fed37 Mon Sep 17 00:00:00 2001
From: Prabhu Manchineella <prabhumanchineella@CA-PC22PM9DVP.local>
Date: Thu, 26 Oct 2023 19:04:27 -0400
Subject: [PATCH] Add dynamodb to perm boundary

---
 modules/account-sso/main.tf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/account-sso/main.tf b/modules/account-sso/main.tf
index 569d5ac..d3bfd2b 100644
--- a/modules/account-sso/main.tf
+++ b/modules/account-sso/main.tf
@@ -59,6 +59,12 @@ resource "aws_iam_policy" "bcgov_perm_boundary" {
         Resource = "*"
         Sid      = "DenyPermBoundaryBCGovIDPAlteration"
       },
+      {
+        Action   = "dynamodb:DeleteTable"
+        Effect   = "Deny"
+        Resource = "arn:aws:dynamodb:*:*:table/BCGOV_IAM_USER_TABLE"
+        Sid      = "DenyIAMUserTableDeletion"
+      },       
       {
         Action   = "elasticloadbalancing:DeleteLoadBalancer"
         Effect   = "Deny"