From fecb3a1467a92835ad2226b4d807046c60480623 Mon Sep 17 00:00:00 2001
From: liyin <ling_li_yin@tech.gov.sg>
Date: Mon, 25 Nov 2024 11:40:45 +0800
Subject: [PATCH 1/3] add delete protection

---
 main.tf      | 1 +
 variables.tf | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/main.tf b/main.tf
index 35b7a0c..c738f1b 100644
--- a/main.tf
+++ b/main.tf
@@ -15,6 +15,7 @@ resource "aws_networkfirewall_firewall" "main" {
   name                = local.dashed_name
   firewall_policy_arn = aws_networkfirewall_firewall_policy.main.arn
   vpc_id              = var.vpc_id
+  delete_protection   = var.delete_protection
 
   dynamic "subnet_mapping" {
     for_each = var.subnet_ids
diff --git a/variables.tf b/variables.tf
index 9340a30..d86ab97 100644
--- a/variables.tf
+++ b/variables.tf
@@ -87,3 +87,9 @@ variable "block_everything_capacity" {
   type        = number
   default     = 25
 }
+
+variable "delete_protection" {
+  description = "Toggle to enable or disable deletion protection"
+  type        = bool 
+  default     = false 
+}
\ No newline at end of file

From 275be3ef27d72a0d347d28c0d25999dbeeb15e16 Mon Sep 17 00:00:00 2001
From: liyin <ling_li_yin@tech.gov.sg>
Date: Mon, 25 Nov 2024 13:53:06 +0800
Subject: [PATCH 2/3] toggle deletion protection to true and add to readme

---
 README.md    | 1 +
 variables.tf | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 08518a4..cf26408 100644
--- a/README.md
+++ b/README.md
@@ -83,6 +83,7 @@ No modules.
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Subnets used to create network firewall. | `set(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(any)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | `""` | no |
+| <a name="input_delete_protection"></a> [delete\_protection](#input\_delete\_protection) | n/a | `bool` | true | no |
 
 ## Outputs
 
diff --git a/variables.tf b/variables.tf
index d86ab97..92048db 100644
--- a/variables.tf
+++ b/variables.tf
@@ -91,5 +91,5 @@ variable "block_everything_capacity" {
 variable "delete_protection" {
   description = "Toggle to enable or disable deletion protection"
   type        = bool 
-  default     = false 
+  default     = true  
 }
\ No newline at end of file

From 4d8889c193bf1ee0756e1da4b7d67d38561cb3c6 Mon Sep 17 00:00:00 2001
From: liyin <ling_li_yin@tech.gov.sg>
Date: Mon, 25 Nov 2024 13:55:02 +0800
Subject: [PATCH 3/3] add delete protection docs

---
 variables.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/variables.tf b/variables.tf
index 92048db..aed2c91 100644
--- a/variables.tf
+++ b/variables.tf
@@ -92,4 +92,5 @@ variable "delete_protection" {
   description = "Toggle to enable or disable deletion protection"
   type        = bool 
   default     = true  
+  # defaults to true to resolve https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-9
 }
\ No newline at end of file