AWSTemplateFormatVersion: "2010-09-09" Description: Amazon S3 Find and Forget DDB Tables Metadata: cfn-lint: config: ignore_checks: - W1001 Parameters: EnableBackups: Type: String RetainTables: Type: String Conditions: ShouldNotRetainTables: !Equals [!Ref RetainTables, "false"] ShouldRetainTables: !Equals [!Ref RetainTables, "true"] Resources: # DeletionPolicy and UpdateReplacePolicy need a String # https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/162 DeletionQueueTableNotRetain: Type: AWS::DynamoDB::Table Condition: ShouldNotRetainTables DeletionPolicy: Delete UpdateReplacePolicy: Delete Properties: StreamSpecification: StreamViewType: NEW_IMAGE AttributeDefinitions: - AttributeName: DeletionQueueItemId AttributeType: S KeySchema: - AttributeName: DeletionQueueItemId KeyType: HASH BillingMode: PAY_PER_REQUEST PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: !Ref EnableBackups SSESpecification: KMSMasterKeyId: alias/aws/dynamodb SSEEnabled: true SSEType: KMS DeletionQueueTableRetain: Type: AWS::DynamoDB::Table Condition: ShouldRetainTables DeletionPolicy: Retain UpdateReplacePolicy: Retain Properties: StreamSpecification: StreamViewType: NEW_IMAGE AttributeDefinitions: - AttributeName: DeletionQueueItemId AttributeType: S KeySchema: - AttributeName: DeletionQueueItemId KeyType: HASH BillingMode: PAY_PER_REQUEST PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: !Ref EnableBackups SSESpecification: KMSMasterKeyId: alias/aws/dynamodb SSEEnabled: true SSEType: KMS DataMapperTableNotRetain: Type: AWS::DynamoDB::Table Condition: ShouldNotRetainTables DeletionPolicy: Delete UpdateReplacePolicy: Delete Properties: AttributeDefinitions: - AttributeName: DataMapperId AttributeType: S KeySchema: - AttributeName: DataMapperId KeyType: HASH BillingMode: PAY_PER_REQUEST PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: !Ref EnableBackups SSESpecification: KMSMasterKeyId: alias/aws/dynamodb SSEEnabled: true SSEType: KMS DataMapperTableRetain: Type: AWS::DynamoDB::Table Condition: ShouldRetainTables DeletionPolicy: Retain UpdateReplacePolicy: Retain Properties: AttributeDefinitions: - AttributeName: DataMapperId AttributeType: S KeySchema: - AttributeName: DataMapperId KeyType: HASH BillingMode: PAY_PER_REQUEST PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: !Ref EnableBackups SSESpecification: KMSMasterKeyId: alias/aws/dynamodb SSEEnabled: true SSEType: KMS JobTableNotRetain: Type: AWS::DynamoDB::Table Condition: ShouldNotRetainTables DeletionPolicy: Delete UpdateReplacePolicy: Delete Properties: TimeToLiveSpecification: AttributeName: Expires Enabled: true StreamSpecification: StreamViewType: NEW_AND_OLD_IMAGES AttributeDefinitions: - AttributeName: Id AttributeType: S - AttributeName: Sk AttributeType: S - AttributeName: GSIBucket AttributeType: S - AttributeName: CreatedAt AttributeType: N KeySchema: - AttributeName: Id KeyType: HASH - AttributeName: Sk KeyType: RANGE BillingMode: PAY_PER_REQUEST GlobalSecondaryIndexes: - IndexName: Date-GSI KeySchema: - AttributeName: GSIBucket KeyType: HASH - AttributeName: CreatedAt KeyType: RANGE Projection: ProjectionType: ALL PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: !Ref EnableBackups SSESpecification: KMSMasterKeyId: alias/aws/dynamodb SSEEnabled: true SSEType: KMS JobTableRetain: Type: AWS::DynamoDB::Table Condition: ShouldRetainTables DeletionPolicy: Retain UpdateReplacePolicy: Retain Properties: TimeToLiveSpecification: AttributeName: Expires Enabled: true StreamSpecification: StreamViewType: NEW_AND_OLD_IMAGES AttributeDefinitions: - AttributeName: Id AttributeType: S - AttributeName: Sk AttributeType: S - AttributeName: GSIBucket AttributeType: S - AttributeName: CreatedAt AttributeType: N KeySchema: - AttributeName: Id KeyType: HASH - AttributeName: Sk KeyType: RANGE BillingMode: PAY_PER_REQUEST GlobalSecondaryIndexes: - IndexName: Date-GSI KeySchema: - AttributeName: GSIBucket KeyType: HASH - AttributeName: CreatedAt KeyType: RANGE Projection: ProjectionType: ALL PointInTimeRecoverySpecification: PointInTimeRecoveryEnabled: !Ref EnableBackups SSESpecification: KMSMasterKeyId: alias/aws/dynamodb SSEEnabled: true SSEType: KMS Outputs: DeletionQueueTable: Value: !If - ShouldRetainTables - !Ref DeletionQueueTableRetain - !Ref DeletionQueueTableNotRetain DeletionQueueTableStreamArn: Value: !If - ShouldRetainTables - !GetAtt DeletionQueueTableRetain.StreamArn - !GetAtt DeletionQueueTableNotRetain.StreamArn DataMapperTable: Value: !If - ShouldRetainTables - !Ref DataMapperTableRetain - !Ref DataMapperTableNotRetain JobTable: Value: !If - ShouldRetainTables - !Ref JobTableRetain - !Ref JobTableNotRetain JobTableDateGSI: Value: Date-GSI JobTableStreamArn: Value: !If - ShouldRetainTables - !GetAtt JobTableRetain.StreamArn - !GetAtt JobTableNotRetain.StreamArn