rds: Serverless cluster enableHttpEndpoint renamed to enableDataApi
stepfunctions-tasks: type of outputLocation in the experimental Athena StartQueryExecution has been changed to s3.Location from string

Features

apigatewayv2: http api - endpoint url (#11092) (c200413), closes #10651
apigatewayv2: vpc link and private integrations (#11198) (e87a6a3), closes #10531 #10119 aws/jsii#1947
appmesh: add Virtual Gateways and Gateway Routes (#10879) (79200e7)
appsync: add RDS datasource (#9258) (23d0943), closes #9152
appsync: support custom cloudWatchLogsRoleArn for GraphqlApi (#10357) (bed89a5), closes #9441
ec2: Add Lambda interface endpoint (#11260) (9d0c935), closes #11259
intro "Names.uniqueId()" instead of the deprecated "node.uniqueId" (#11166) (5e433b1), closes aws/constructs#314
ecs-patterns: add option to create cname instead of alias record (#10812) (89a5055)
ecs-service-extensions: create an Environment from attributes (#10932) (d395b5e), closes #10931
rds: add grant method for Data API (#10748) (884539b), closes #10744

Bug Fixes

apigateway: changes to gateway response does not trigger auto deployment (#11068) (0c8264a), closes #10963
cfnspec: incorrect Route 53 health check configuration properties in CloudFormation specification (#11280) (f3c8b50), closes #issuecomment-717435271 #11096
cli: --no-previous-parameters incorrectly skips updates (#11288) (1bfc649)
core: many nested stacks make NodeJS run out of memory (#11250) (c124886)
core: multiple library copies lead to 'Assets must be defined within Stage or App' error (#11113) (fcfed39), closes #10314
core: support docker engine v20.10.0-beta1 (#11124) (87887a3)
dynamodb: Misconfigured metrics causing empty graphs (#11283) (9968669)
ecs: redirect config should honor openListener flag (#11115) (ed6e7ed)
event-targets: circular dependency when the lambda target is in a different stack (#11217) (e21f249), closes #10942
pipelines: asset stage can't support more than 50 assets (#11284) (5db8e80), closes #9353
secretsmanager: can't export secret name from Secret (#11202) (5dcdecb), closes #10914
secretsmanager: Secret.fromSecretName doesn't work with ECS (#11042) (fe1ce73), closes #10309 #10519
stepfunctions: stack overflow when referenced json path finding encounters a circular object graph (#11225) (f14d823), closes #9319
stepfunctions-tasks: Athena* APIs have incorrect supported integration patterns (#11188) (0f66833), closes #11045 #11246
stepfunctions-tasks: incorrect S3 permissions for AthenaStartQueryExecution (#11203) (b35c423)
explicitly set the 'ImagePullPrincipalType' of image (#11264) (29aa223), closes #10569

Readme

Source

Amazon DynamoDB Construct Library

Here is a minimal deployable DynamoDB table definition:

import * as dynamodb from '@aws-cdk/aws-dynamodb';

const table = new dynamodb.Table(this, 'Table', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING }
});

Importing existing tables

To import an existing table into your CDK application, use the Table.fromTableName, Table.fromTableArn or Table.fromTableAttributes factory method. This method accepts table name or table ARN which describes the properties of an already existing table:

const table = Table.fromTableArn(this, 'ImportedTable', 'arn:aws:dynamodb:us-east-1:111111111:table/my-table');
// now you can just call methods on the table
table.grantReadWriteData(user);

If you intend to use the tableStreamArn (including indirectly, for example by creating an @aws-cdk/aws-lambda-event-source.DynamoEventSource on the imported table), you must use the Table.fromTableAttributes method and the tableStreamArn property must be populated.

Keys

When a table is defined, you must define it's schema using the partitionKey (required) and sortKey (optional) properties.

Billing Mode

DynamoDB supports two billing modes:

PROVISIONED - the default mode where the table and global secondary indexes have configured read and write capacity.
PAY_PER_REQUEST - on-demand pricing and scaling. You only pay for what you use and there is no read and write capacity for the table or its global secondary indexes.

import * as dynamodb from '@aws-cdk/aws-dynamodb';

const table = new dynamodb.Table(this, 'Table', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  billingMode: dynamodb.BillingMode.PAY_PER_REQUEST
});

Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.

Configure AutoScaling for your table

You can have DynamoDB automatically raise and lower the read and write capacities of your table by setting up autoscaling. You can use this to either keep your tables at a desired utilization level, or by scaling up and down at preconfigured times of the day:

Auto-scaling is only relevant for tables with the billing mode, PROVISIONED.

Example of configuring autoscaling

Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html https://aws.amazon.com/blogs/database/how-to-use-aws-cloudformation-to-configure-auto-scaling-for-amazon-dynamodb-tables-and-indexes/

Amazon DynamoDB Global Tables

You can create DynamoDB Global Tables by setting the replicationRegions property on a Table:

import * as dynamodb from '@aws-cdk/aws-dynamodb';

const globalTable = new dynamodb.Table(this, 'Table', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  replicationRegions: ['us-east-1', 'us-east-2', 'us-west-2'],
});

When doing so, a CloudFormation Custom Resource will be added to the stack in order to create the replica tables in the selected regions.

Encryption

All user data stored in Amazon DynamoDB is fully encrypted at rest. When creating a new table, you can choose to encrypt using the following customer master keys (CMK) to encrypt your table:

AWS owned CMK - By default, all tables are encrypted under an AWS owned customer master key (CMK) in the DynamoDB service account (no additional charges apply).
AWS managed CMK - AWS KMS keys (one per region) are created in your account, managed, and used on your behalf by AWS DynamoDB (AWS KMS chages apply).
Customer managed CMK - You have full control over the KMS key used to encrypt the DynamoDB Table (AWS KMS charges apply).

Creating a Table encrypted with a customer managed CMK:

import dynamodb = require('@aws-cdk/aws-dynamodb');

const table = new dynamodb.Table(stack, 'MyTable', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  encryption: TableEncryption.CUSTOMER_MANAGED,
});

// You can access the CMK that was added to the stack on your behalf by the Table construct via:
const tableEncryptionKey = table.encryptionKey;

You can also supply your own key:

import dynamodb = require('@aws-cdk/aws-dynamodb');
import kms = require('@aws-cdk/aws-kms');

const encryptionKey = new kms.Key(stack, 'Key', {
  enableKeyRotation: true
});
const table = new dynamodb.Table(stack, 'MyTable', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  encryption: TableEncryption.CUSTOMER_MANAGED,
  encryptionKey, // This will be exposed as table.encryptionKey
});

In order to use the AWS managed CMK instead, change the code to:

import dynamodb = require('@aws-cdk/aws-dynamodb');

const table = new dynamodb.Table(stack, 'MyTable', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  encryption: TableEncryption.AWS_MANAGED,
});

// In this case, the CMK _cannot_ be accessed through table.encryptionKey.

Keywords

FAQs

What is @aws-cdk/aws-dynamodb?

Is @aws-cdk/aws-dynamodb popular?

Is @aws-cdk/aws-dynamodb well maintained?

Last updated on 06 Nov 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install