Enable encryption and do not request a specific role (#3)

darend · osterman · commit 059c0c52e4db · 2018-03-16T10:56:55.000-07:00
* Do not specify read/write target roles hashicorp/terraform-provider-aws#2844 [ch9409] * Enable encryption * Add variable for encryption flag
diff --git a/main.tf b/main.tf
@@ -17,6 +17,10 @@ resource "aws_dynamodb_table" "default" {
   hash_key       = "${var.hash_key}"
   range_key      = "${var.range_key}"
 
+  server_side_encryption {
+    enabled = "${var.enable_encryption}"
+  }
+
   lifecycle {
     ignore_changes = ["read_capacity", "write_capacity"]
   }
@@ -105,15 +109,10 @@ resource "aws_iam_role_policy" "autoscaler_cloudwatch" {
   policy = "${data.aws_iam_policy_document.autoscaler_cloudwatch.json}"
 }
 
-data "aws_iam_role" "autoscale_service" {
-  name = "AWSServiceRoleForApplicationAutoScaling_DynamoDBTable"
-}
-
 resource "aws_appautoscaling_target" "read_target" {
   max_capacity       = "${var.autoscale_max_read_capacity}"
   min_capacity       = "${var.autoscale_min_read_capacity}"
   resource_id        = "table/${module.default.id}"
-  role_arn           = "${data.aws_iam_role.autoscale_service.arn}"
   scalable_dimension = "dynamodb:table:ReadCapacityUnits"
   service_namespace  = "dynamodb"
 }
@@ -138,7 +137,6 @@ resource "aws_appautoscaling_target" "write_target" {
   max_capacity       = "${var.autoscale_max_write_capacity}"
   min_capacity       = "${var.autoscale_min_write_capacity}"
   resource_id        = "table/${module.default.id}"
-  role_arn           = "${data.aws_iam_role.autoscale_service.arn}"
   scalable_dimension = "dynamodb:table:WriteCapacityUnits"
   service_namespace  = "dynamodb"
 }
diff --git a/variables.tf b/variables.tf
@@ -10,6 +10,10 @@ variable "stage" {
   type = "string"
 }
 
+variable "enable_encryption" {
+  default = "true"
+}
+
 variable "attributes" {
   type    = "list"
   default = []
