@aws-cdk/aws-dynamodb

Amazon DynamoDB Construct Library

---

---

Here is a minimal deployable DynamoDB table definition:

import * as dynamodb from '@aws-cdk/aws-dynamodb';

const table = new dynamodb.Table(this, 'Table', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING }
});

Importing existing tables

To import an existing table into your CDK application, use the Table.fromTableName, Table.fromTableArn or Table.fromTableAttributes factory method. This method accepts table name or table ARN which describes the properties of an already existing table:

const table = Table.fromTableArn(this, 'ImportedTable', 'arn:aws:dynamodb:us-east-1:111111111:table/my-table');
// now you can just call methods on the table
table.grantReadWriteData(user);

If you intend to use the tableStreamArn (including indirectly, for example by creating an @aws-cdk/aws-lambda-event-source.DynamoEventSource on the imported table), you must use the Table.fromTableAttributes method and the tableStreamArn property must be populated.

Keys

When a table is defined, you must define it's schema using the partitionKey (required) and sortKey (optional) properties.

Billing Mode

DynamoDB supports two billing modes:

• PROVISIONED - the default mode where the table and global secondary indexes have configured read and write capacity.
• PAY_PER_REQUEST - on-demand pricing and scaling. You only pay for what you use and there is no read and write capacity for the table or its global secondary indexes.

import * as dynamodb from '@aws-cdk/aws-dynamodb';

const table = new dynamodb.Table(this, 'Table', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  billingMode: dynamodb.BillingMode.PAY_PER_REQUEST
});

Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.

Configure AutoScaling for your table

You can have DynamoDB automatically raise and lower the read and write capacities of your table by setting up autoscaling. You can use this to either keep your tables at a desired utilization level, or by scaling up and down at preconfigured times of the day:

Auto-scaling is only relevant for tables with the billing mode, PROVISIONED.

Example of configuring autoscaling

Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html https://aws.amazon.com/blogs/database/how-to-use-aws-cloudformation-to-configure-auto-scaling-for-amazon-dynamodb-tables-and-indexes/

Amazon DynamoDB Global Tables

You can create DynamoDB Global Tables by setting the replicationRegions property on a Table:

import * as dynamodb from '@aws-cdk/aws-dynamodb';

const globalTable = new dynamodb.Table(this, 'Table', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  replicationRegions: ['us-east-1', 'us-east-2', 'us-west-2'],
});

When doing so, a CloudFormation Custom Resource will be added to the stack in order to create the replica tables in the selected regions.

Encryption

All user data stored in Amazon DynamoDB is fully encrypted at rest. When creating a new table, you can choose to encrypt using the following customer master keys (CMK) to encrypt your table:

• AWS owned CMK - By default, all tables are encrypted under an AWS owned customer master key (CMK) in the DynamoDB service account (no additional charges apply).
• AWS managed CMK - AWS KMS keys (one per region) are created in your account, managed, and used on your behalf by AWS DynamoDB (AWS KMS chages apply).
• Customer managed CMK - You have full control over the KMS key used to encrypt the DynamoDB Table (AWS KMS charges apply).

Creating a Table encrypted with a customer managed CMK:

import dynamodb = require('@aws-cdk/aws-dynamodb');

const table = new dynamodb.Table(stack, 'MyTable', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  encryption: TableEncryption.CUSTOMER_MANAGED,
});

// You can access the CMK that was added to the stack on your behalf by the Table construct via:
const tableEncryptionKey = table.encryptionKey;

You can also supply your own key:

import dynamodb = require('@aws-cdk/aws-dynamodb');
import kms = require('@aws-cdk/aws-kms');

const encryptionKey = new kms.Key(stack, 'Key', {
  enableKeyRotation: true
});
const table = new dynamodb.Table(stack, 'MyTable', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  encryption: TableEncryption.CUSTOMER_MANAGED,
  encryptionKey, // This will be exposed as table.encryptionKey
});

In order to use the AWS managed CMK instead, change the code to:

import dynamodb = require('@aws-cdk/aws-dynamodb');

const table = new dynamodb.Table(stack, 'MyTable', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  encryption: TableEncryption.AWS_MANAGED,
});

// In this case, the CMK _cannot_ be accessed through table.encryptionKey.

Changelog

1.62.0 (2020-09-03)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• eks: when importing EKS clusters using eks.Cluster.fromClusterAttributes, the clusterArn attribute is not supported anymore, and will always be derived from clusterName.
• eks: Only a single eks.Cluster is allowed per CloudFormation stack.
• eks: The securityGroups attribute of ClusterAttributes is now securityGroupIds.
• cli: --qualifier must be alphanumeric and not longer than 10 characters when bootstrapping using newStyleStackSynthesis.

Features

• appsync: support Input Types for code-first approach (#10024) (3f80ae6)
• appsync: support query & mutation generation for code-first approach (#9992) (1ed119e), closes #9308 #9310
• aws-chatbot: Support L2 construct for SlackChannelConfiguration of chatbot. (#9702) (05f5e62), closes #9679
• bootstrap: customizable bootstrap template (#9886) (2596ef7), closes #9256 #8724 #3684 #1528 #9681
• cli: control progress output style with --progress=bar|events (#9623) (56de5e1), closes #8696
• cloudfront: import existing CloudFrontWebDistributions (#10007) (ff33b54), closes #5607
• cloudfront: support includeBody for Lambda@Edge (#10008) (9ffb268), closes #7085
• ecs: bottlerocket support (#10097) (088abec), closes #10085
• eks: kubectl layer customization (#10090) (0aa7ada), closes #7992
• eks: support adding k8s resources to imported clusters (#9802) (4439481), closes #5383
• logs: specify log group's region for LogRetention (#9804) (0ccbc5d)
• pipelines: SimpleSynthAction takes array of build commands (#10152) (44fcb4e), closes #9357
• pipelines: add control over underlying CodePipeline (#10148) (41531b5), closes #9021
• rds: add support for joining instance to domain (#9943) (f2d77d1), closes #9869
• rds: custom security groups for OptionGroups (ea1072d), closes #9240
• rds: custom security groups for OptionGroups (#10011) (5738dc1), closes #9240
• rds: performance insights for DatabaseCluster instances (#10092) (9c1b0c1), closes #7957
• rds: rename DatabaseInstanceNewProps.vpcPlacement to vpcSubnets (#10093) (ec423ef), closes #9776
• elasticloadbalancingv2: convenience method for ALB redirects (#9913) (5bed08a)

Bug Fixes

• apigateway: burst and rate limits are set to unlimited when configured to 0 (#10088) (96f1772), closes #10071
• appsync: GraphQLApi.UserPoolConfig requires DefaultAction (#10031) (6114045), closes #10028
• aws-elasticloadbalancingv2: fix load balancer deletion protection to properly update when set to false (#9986) (a65dd19)
• aws-sns: enable topic encryption with cross account keys (#10056) (327b72a), closes #10055
• aws-stepfunctions-tasks: missing permission to get build status (#10081) (cbdd084), closes #8043
• aws-stepfunctions-tasks: SageMaker create training job has incorrect property name for AttributeNames (#10026) (ba51ea3), closes #10014
• cfn-include: allow Conditions to reference Mappings in their definitions (#10105) (aa2068f), closes #10099
• cfn-include: allow parameters to be replaced across nested stacks (#9842) (9ea8d5c), closes #9838
• cli: AssumeRole profiles require a [default] profile (#10032) (95c0332), closes #9937
• cli: bootstrapping qualifier length not validated (#10121) (e069263), closes #9255
• cli: Linux browser not supported for cdk docs (#9549) (663913f), closes #2847
• cli: re-bootstrapping loses previous configuration (#10120) (4e5829a), closes #10091
• cli: unable to upgrade new style bootstrap to version (#10030) (c5bb55c), closes #10016
• cloudfront: Distribution does not add edgelambda trust policy (#10006) (9098e29), closes #9998
• custom-resources: buffers returned by AwsCustomResource are unusable (#9977) (7f351ff), closes #9969 #10017
• eks: creating a ServiceAccount in a different stack than the Cluster creates circular dependency between the two stacks (#9701) (1e96ebc), closes 40aws-cdk/aws-eks/lib/service-account.ts#L81-L95 40aws-cdk/aws-eks/lib/cluster.ts#L914-L923 40aws-cdk/aws-eks/lib/cluster.ts#L907-L909
• eks: README.md grammar (#10072) (454cdc6)
• elbv2: add protocol to AddNetworkTargetsProps (#10054) (c7c00e7), closes aws/aws-cdk#10044
• elbv2: consider default protocol when validating redirectHTTP (#10100) (9e4c6d2)
• glue: tables not including classification (#9923) (61b45f3), closes #9902
• lamba: Add Java 8 Corretto Runtime support (77f9703)
• lambda: grantInvoke fails for imported IAM identities (#9957) (d748f44), closes #9883
• lambda-nodejs: cannot stat error with jsx/tsx handler (#9958) (25cfc18)
• lambda-python: allowPublicSubnet and filesystem not supported (#10022) (745922a), closes #10018 #10027
• redshift: single-node clusters fail with node count error (#9961) (2cd3ea2), closes #9856
• route53: value is too long error for TXT records (#9984) (fd4be21), closes #8244