Package software.amazon.awscdk.services.dynamodb
Amazon DynamoDB Construct Library
The DynamoDB construct library has two table constructs -
Table
andTableV2
.TableV2
is the preferred construct for all use cases, including creating a single table or a table with multiplereplicas
.
Here is a minimal deployable DynamoDB table using TableV2
:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .build();
By default, TableV2
will create a single table in the main deployment region referred to as the primary table. The properties of the primary table are configurable via TableV2
properties. For example, consider the following DynamoDB table created using the TableV2
construct defined in a Stack
being deployed to us-west-2
:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .contributorInsights(true) .tableClass(TableClass.STANDARD_INFREQUENT_ACCESS) .pointInTimeRecovery(true) .build();
The above TableV2
definition will result in the provisioning of a single table in us-west-2
with properties that match the properties set on the TableV2
instance.
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GlobalTables.html
Replicas
The TableV2
construct can be configured with replica tables. This will enable you to work with your table as a global table. To do this, the TableV2
construct must be defined in a Stack
with a defined region. The main deployment region must not be given as a replica because this is created by default with the TableV2
construct. The following is a minimal example of defining TableV2
with replicas
. This TableV2
definition will provision three copies of the table - one in us-west-2
(primary deployment region), one in us-east-1
, and one in us-east-2
.
import software.amazon.awscdk.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build();
Alternatively, you can add new replicas
to an instance of the TableV2
construct using the addReplica
method:
import software.amazon.awscdk.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build())) .build(); globalTable.addReplica(ReplicaTableProps.builder().region("us-east-2").deletionProtection(true).build());
The following properties are configurable on a per-replica basis, but will be inherited from the TableV2
properties if not specified:
- contributorInsights
- deletionProtection
- pointInTimeRecovery
- tableClass
- readCapacity (only configurable if the
TableV2
billing mode isPROVISIONED
) - globalSecondaryIndexes (only
contributorInsights
andreadCapacity
)
The following example shows how to define properties on a per-replica basis:
import software.amazon.awscdk.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .contributorInsights(true) .pointInTimeRecovery(true) .replicas(List.of(ReplicaTableProps.builder() .region("us-east-1") .tableClass(TableClass.STANDARD_INFREQUENT_ACCESS) .pointInTimeRecovery(false) .build(), ReplicaTableProps.builder() .region("us-east-2") .contributorInsights(false) .build())) .build();
To obtain an ITableV2
reference to a specific replica table, call the replica
method on an instance of the TableV2
construct and pass the replica region as an argument:
import software.amazon.awscdk.*; User user; public class FooStack extends Stack { public final TableV2 globalTable; public FooStack(Construct scope, String id, StackProps props) { super(scope, id, props); this.globalTable = TableV2.Builder.create(this, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build(); } } public class BarStackProps extends StackProps { private ITableV2 replicaTable; public ITableV2 getReplicaTable() { return this.replicaTable; } public BarStackProps replicaTable(ITableV2 replicaTable) { this.replicaTable = replicaTable; return this; } } public class BarStack extends Stack { public BarStack(Construct scope, String id, BarStackProps props) { super(scope, id, props); // user is given grantWriteData permissions to replica in us-east-1 props.replicaTable.grantWriteData(user); } } App app = new App(); FooStack fooStack = FooStack.Builder.create(app, "FooStack").env(Environment.builder().region("us-west-2").build()).build(); BarStack barStack = new BarStack(app, "BarStack", new BarStackProps() .replicaTable(fooStack.globalTable.replica("us-east-1")) .env(Environment.builder().region("us-east-1").build()) );
Note: You can create an instance of the TableV2
construct with as many replicas
as needed as long as there is only one replica per region. After table creation you can add or remove replicas
, but you can only add or remove a single replica in each update.
Billing
The TableV2
construct can be configured with on-demand or provisioned billing:
- On-demand - The default option. This is a flexible billing option capable of serving requests without capacity planning. The billing mode will be
PAY_PER_REQUEST
. - You can optionally specify the
maxReadRequestUnits
ormaxWriteRequestUnits
on individual tables and associated global secondary indexes (GSIs). When you configure maximum throughput for an on-demand table, throughput requests that exceed the maximum amount specified will be throttled. - Provisioned - Specify the
readCapacity
andwriteCapacity
that you need for your application. The billing mode will bePROVISIONED
. Capacity can be configured using one of the following modes:- Fixed - provisioned throughput capacity is configured with a fixed number of I/O operations per second.
- Autoscaled - provisioned throughput capacity is dynamically adjusted on your behalf in response to actual traffic patterns.
Note: writeCapacity
can only be configured using autoscaled capacity.
The following example shows how to configure TableV2
with on-demand billing:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .billing(Billing.onDemand()) .build();
The following example shows how to configure TableV2
with on-demand billing with optional maximum throughput configured:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .billing(Billing.onDemand(MaxThroughputProps.builder() .maxReadRequestUnits(100) .maxWriteRequestUnits(115) .build())) .build();
When using provisioned billing, you must also specify readCapacity
and writeCapacity
. You can choose to configure readCapacity
with fixed capacity or autoscaled capacity, but writeCapacity
can only be configured with autoscaled capacity. The following example shows how to configure TableV2
with provisioned billing:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .billing(Billing.provisioned(ThroughputProps.builder() .readCapacity(Capacity.fixed(10)) .writeCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().maxCapacity(15).build())) .build())) .build();
When using provisioned billing, you can configure the readCapacity
on a per-replica basis:
import software.amazon.awscdk.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .billing(Billing.provisioned(ThroughputProps.builder() .readCapacity(Capacity.fixed(10)) .writeCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().maxCapacity(15).build())) .build())) .replicas(List.of(ReplicaTableProps.builder() .region("us-east-1") .build(), ReplicaTableProps.builder() .region("us-east-2") .readCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().maxCapacity(20).targetUtilizationPercent(50).build())) .build())) .build();
When changing the billing for a table from provisioned to on-demand or from on-demand to provisioned, seedCapacity
must be configured for each autoscaled resource:
TableV2 globalTable = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .billing(Billing.provisioned(ThroughputProps.builder() .readCapacity(Capacity.fixed(10)) .writeCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().maxCapacity(10).seedCapacity(20).build())) .build())) .build();
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html
Encryption
All user data stored in a DynamoDB table is fully encrypted at rest. When creating an instance of the TableV2
construct, you can select the following table encryption options:
- AWS owned keys - Default encryption type. The keys are owned by DynamoDB (no additional charge).
- AWS managed keys - The keys are stored in your account and are managed by AWS KMS (AWS KMS charges apply).
- Customer managed keys - The keys are stored in your account and are created, owned, and managed by you. You have full control over the KMS keys (AWS KMS charges apply).
The following is an example of how to configure TableV2
with encryption using an AWS owned key:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .encryption(TableEncryptionV2.dynamoOwnedKey()) .build();
The following is an example of how to configure TableV2
with encryption using an AWS managed key:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .encryption(TableEncryptionV2.awsManagedKey()) .build();
When configuring TableV2
with encryption using customer managed keys, you must specify the KMS key for the primary table as the tableKey
. A map of replicaKeyArns
must be provided containing each replica region and the associated KMS key ARN:
import software.amazon.awscdk.*; import software.amazon.awscdk.services.kms.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); Key tableKey = new Key(stack, "Key"); Map<String, String> replicaKeyArns = Map.of( "us-east-1", "arn:aws:kms:us-east-1:123456789012:key/g24efbna-az9b-42ro-m3bp-cq249l94fca6", "us-east-2", "arn:aws:kms:us-east-2:123456789012:key/h90bkasj-bs1j-92wp-s2ka-bh857d60bkj8"); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .encryption(TableEncryptionV2.customerManagedKey(tableKey, replicaKeyArns)) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build();
Note: When encryption is configured with customer managed keys, you must have a key already created in each replica region.
Further reading: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt
Secondary Indexes
Secondary indexes allow efficient access to data with attributes other than the primaryKey
. DynamoDB supports two types of secondary indexes:
- Global secondary index - An index with a
partitionKey
and asortKey
that can be different from those on the base table. AglobalSecondaryIndex
is considered "global" because queries on the index can span all of the data in the base table, across all partitions. AglobalSecondaryIndex
is stored in its own partition space away from the base table and scales separately from the base table. - Local secondary index - An index that has the same
partitionKey
as the base table, but a differentsortKey
. AlocalSecondaryIndex
is "local" in the sense that every partition of alocalSecondaryIndex
is scoped to a base table partition that has the samepartitionKey
value.
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SecondaryIndexes.html
Global Secondary Indexes
TableV2
can be configured with globalSecondaryIndexes
by providing them as a TableV2
property:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .globalSecondaryIndexes(List.of(GlobalSecondaryIndexPropsV2.builder() .indexName("gsi") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .build())) .build();
Alternatively, you can add a globalSecondaryIndex
using the addGlobalSecondaryIndex
method:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .globalSecondaryIndexes(List.of(GlobalSecondaryIndexPropsV2.builder() .indexName("gsi1") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .build())) .build(); table.addGlobalSecondaryIndex(GlobalSecondaryIndexPropsV2.builder() .indexName("gsi2") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .build());
You can configure readCapacity
and writeCapacity
on a globalSecondaryIndex
when an TableV2
is configured with provisioned billing
. If TableV2
is configured with provisioned billing
but readCapacity
or writeCapacity
are not configured on a globalSecondaryIndex
, then they will be inherited from the capacity settings specified with the billing
configuration:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .billing(Billing.provisioned(ThroughputProps.builder() .readCapacity(Capacity.fixed(10)) .writeCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().maxCapacity(10).build())) .build())) .globalSecondaryIndexes(List.of(GlobalSecondaryIndexPropsV2.builder() .indexName("gsi1") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .readCapacity(Capacity.fixed(15)) .build(), GlobalSecondaryIndexPropsV2.builder() .indexName("gsi2") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .writeCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().minCapacity(5).maxCapacity(20).build())) .build())) .build();
All globalSecondaryIndexes
for replica tables are inherited from the primary table. You can configure contributorInsights
and readCapacity
for each globalSecondaryIndex
on a per-replica basis:
import software.amazon.awscdk.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .contributorInsights(true) .billing(Billing.provisioned(ThroughputProps.builder() .readCapacity(Capacity.fixed(10)) .writeCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().maxCapacity(10).build())) .build())) // each global secondary index will inherit contributor insights as true .globalSecondaryIndexes(List.of(GlobalSecondaryIndexPropsV2.builder() .indexName("gsi1") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .readCapacity(Capacity.fixed(15)) .build(), GlobalSecondaryIndexPropsV2.builder() .indexName("gsi2") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .writeCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().minCapacity(5).maxCapacity(20).build())) .build())) .replicas(List.of(ReplicaTableProps.builder() .region("us-east-1") .globalSecondaryIndexOptions(Map.of( "gsi1", ReplicaGlobalSecondaryIndexOptions.builder() .readCapacity(Capacity.autoscaled(AutoscaledCapacityOptions.builder().minCapacity(1).maxCapacity(10).build())) .build())) .build(), ReplicaTableProps.builder() .region("us-east-2") .globalSecondaryIndexOptions(Map.of( "gsi2", ReplicaGlobalSecondaryIndexOptions.builder() .contributorInsights(false) .build())) .build())) .build();
Local Secondary Indexes
TableV2
can only be configured with localSecondaryIndexes
when a sortKey
is defined as a TableV2
property.
You can provide localSecondaryIndexes
as a TableV2
property:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .sortKey(Attribute.builder().name("sk").type(AttributeType.NUMBER).build()) .localSecondaryIndexes(List.of(LocalSecondaryIndexProps.builder() .indexName("lsi") .sortKey(Attribute.builder().name("sk").type(AttributeType.NUMBER).build()) .build())) .build();
Alternatively, you can add a localSecondaryIndex
using the addLocalSecondaryIndex
method:
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .sortKey(Attribute.builder().name("sk").type(AttributeType.NUMBER).build()) .localSecondaryIndexes(List.of(LocalSecondaryIndexProps.builder() .indexName("lsi1") .sortKey(Attribute.builder().name("sk").type(AttributeType.NUMBER).build()) .build())) .build(); table.addLocalSecondaryIndex(LocalSecondaryIndexProps.builder() .indexName("lsi2") .sortKey(Attribute.builder().name("sk").type(AttributeType.NUMBER).build()) .build());
Streams
Each DynamoDB table produces an independent stream based on all its writes, regardless of the origination point for those writes. DynamoDB supports two stream types:
- DynamoDB streams - Capture item-level changes in your table, and push the changes to a DynamoDB stream. You then can access the change information through the DynamoDB Streams API.
- Kinesis streams - Amazon Kinesis Data Streams for DynamoDB captures item-level changes in your table, and replicates the changes to a Kinesis data stream. You then can consume and manage the change information from Kinesis.
DynamoDB Streams
A dynamoStream
can be configured as a TableV2
property. If the TableV2
instance has replica tables, then all replica tables will inherit the dynamoStream
setting from the primary table. If replicas are configured, but dynamoStream
is not configured, then the primary table and all replicas will be automatically configured with the NEW_AND_OLD_IMAGES
stream view type.
import software.amazon.awscdk.*; import software.amazon.awscdk.services.kinesis.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(this, "GlobalTable") .partitionKey(Attribute.builder().name("id").type(AttributeType.STRING).build()) .dynamoStream(StreamViewType.OLD_IMAGE) // tables in us-west-2, us-east-1, and us-east-2 all have dynamo stream type of OLD_IMAGES .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build();
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html
Kinesis Streams
A kinesisStream
can be configured as a TableV2
property. Replica tables will not inherit the kinesisStream
configured for the primary table and should added on a per-replica basis.
import software.amazon.awscdk.*; import software.amazon.awscdk.services.kinesis.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); Stream stream1 = new Stream(stack, "Stream1"); IStream stream2 = Stream.fromStreamArn(stack, "Stream2", "arn:aws:kinesis:us-east-2:123456789012:stream/my-stream"); TableV2 globalTable = TableV2.Builder.create(this, "GlobalTable") .partitionKey(Attribute.builder().name("id").type(AttributeType.STRING).build()) .kinesisStream(stream1) // for table in us-west-2 .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder() .region("us-east-2") .kinesisStream(stream2) .build())) .build();
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/kds.html
Keys
When an instance of the TableV2
construct is defined, you must define its schema using the partitionKey
(required) and sortKey
(optional) properties.
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .sortKey(Attribute.builder().name("sk").type(AttributeType.NUMBER).build()) .build();
Contributor Insights
Enabling contributorInsights
for TableV2
will provide information about the most accessed and throttled items in a table or globalSecondaryIndex
. DynamoDB delivers this information to you via CloudWatch Contributor Insights rules, reports, and graphs of report data.
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .contributorInsights(true) .build();
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/contributorinsights_HowItWorks.html
Deletion Protection
deletionProtection
determines if your DynamoDB table is protected from deletion and is configurable as a TableV2
property. When enabled, the table cannot be deleted by any user or process.
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .deletionProtection(true) .build();
You can also specify the removalPolicy
as a property of the TableV2
construct. This property allows you to control what happens to tables provisioned using TableV2
during stack
deletion. By default, the removalPolicy
is RETAIN
which will cause all tables provisioned using TableV2
to be retained in the account, but orphaned from the stack
they were created in. You can also set the removalPolicy
to DESTROY
which will delete all tables created using TableV2
during stack
deletion:
import software.amazon.awscdk.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) // applys to all replicas, i.e., us-west-2, us-east-1, us-east-2 .removalPolicy(RemovalPolicy.DESTROY) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build();
deletionProtection
is configurable on a per-replica basis. If the removalPolicy
is set to DESTROY
, but some replicas
have deletionProtection
enabled, then only the replicas
without deletionProtection
will be deleted during stack
deletion:
import software.amazon.awscdk.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .removalPolicy(RemovalPolicy.DESTROY) .deletionProtection(true) // only the replica in us-east-1 will be deleted during stack deletion .replicas(List.of(ReplicaTableProps.builder() .region("us-east-1") .deletionProtection(false) .build(), ReplicaTableProps.builder() .region("us-east-2") .deletionProtection(true) .build())) .build();
Point-in-Time Recovery
pointInTimeRecovery
provides automatic backups of your DynamoDB table data which helps protect your tables from accidental write or delete operations.
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .pointInTimeRecovery(true) .build();
Table Class
You can configure a TableV2
instance with table classes:
- STANDARD - the default mode, and is recommended for the vast majority of workloads.
- STANDARD_INFREQUENT_ACCESS - optimized for tables where storage is the dominant cost.
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .tableClass(TableClass.STANDARD_INFREQUENT_ACCESS) .build();
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.TableClasses.html
Tags
You can add tags to a TableV2
in several ways. By adding the tags to the construct itself it will apply the tags to the
primary table.
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .tags(List.of(CfnTag.builder().key("primaryTableTagKey").value("primaryTableTagValue").build())) .build();
You can also add tags to replica tables by specifying them within the replica table properties.
TableV2 table = TableV2.Builder.create(this, "Table") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .replicas(List.of(ReplicaTableProps.builder() .region("us-west-1") .tags(List.of(CfnTag.builder().key("replicaTableTagKey").value("replicaTableTagValue").build())) .build())) .build();
Referencing Existing Global Tables
To reference an existing DynamoDB table in your CDK application, use the TableV2.fromTableName
, TableV2.fromTableArn
, or TableV2.fromTableAttributes
factory methods:
User user; ITableV2 table = TableV2.fromTableArn(this, "ImportedTable", "arn:aws:dynamodb:us-east-1:123456789012:table/my-table"); // now you can call methods on the referenced table table.grantReadWriteData(user);
If you intend to use the tableStreamArn
(including indirectly, for example by creating an
aws-cdk-lib/aws-lambda-event-sources.DynamoEventSource
on the referenced table), you must use the
TableV2.fromTableAttributes
method and the tableStreamArn
property must be populated.
To grant permissions to indexes for a referenced table you can either set grantIndexPermissions
to true
, or you can provide the indexes via the globalIndexes
or localIndexes
properties. This will enable grant*
methods to also grant permissions to all table indexes.
Resource Policy
Using resourcePolicy
you can add a resource policy to a table in the form of a PolicyDocument
:
// resource policy document const policy = new iam.PolicyDocument({ statements: [ new iam.PolicyStatement({ actions: ['dynamodb:GetItem'], principals: [new iam.AccountRootPrincipal()], resources: ['*'], }), ], }); // table with resource policy new dynamodb.TableV2(this, 'TableTestV2-1', { partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING, }, removalPolicy: RemovalPolicy.DESTROY, resourcePolicy: policy, });
TableV2 doesn’t support creating a replica and adding a resource-based policy to that replica in the same stack update in Regions other than the Region where you deploy the stack update. To incorporate a resource-based policy into a replica, you'll need to initially deploy the replica without the policy, followed by a subsequent update to include the desired policy.
Grants
Using any of the grant*
methods on an instance of the TableV2
construct will only apply to the primary table, its indexes, and any associated encryptionKey
. As an example, grantReadData
used below will only apply the table in us-west-2
:
import software.amazon.awscdk.*; import software.amazon.awscdk.services.kms.*; User user; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); Key tableKey = new Key(stack, "Key"); Map<String, String> replicaKeyArns = Map.of( "us-east-1", "arn:aws:kms:us-east-1:123456789012:key/g24efbna-az9b-42ro-m3bp-cq249l94fca6", "us-east-2", "arn:aws:kms:us-east-2:123456789012:key/g24efbna-az9b-42ro-m3bp-cq249l94fca6"); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .encryption(TableEncryptionV2.customerManagedKey(tableKey, replicaKeyArns)) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build(); // grantReadData only applys to the table in us-west-2 and the tableKey globalTable.grantReadData(user);
The replica
method can be used to grant to a specific replica table:
import software.amazon.awscdk.*; import software.amazon.awscdk.services.kms.*; User user; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); Key tableKey = new Key(stack, "Key"); Map<String, String> replicaKeyArns = Map.of( "us-east-1", "arn:aws:kms:us-east-1:123456789012:key/g24efbna-az9b-42ro-m3bp-cq249l94fca6", "us-east-2", "arn:aws:kms:us-east-2:123456789012:key/g24efbna-az9b-42ro-m3bp-cq249l94fca6"); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .encryption(TableEncryptionV2.customerManagedKey(tableKey, replicaKeyArns)) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build(); // grantReadData applys to the table in us-east-2 and the key arn for the key in us-east-2 globalTable.replica("us-east-2").grantReadData(user);
Metrics
You can use metric*
methods to generate metrics for a table that can be used when configuring an Alarm
or Graphs
. The metric*
methods only apply to the primary table provisioned using the TableV2
construct. As an example, metricConsumedReadCapacityUnits
used below is only for the table in us-west-2
:
import software.amazon.awscdk.*; import software.amazon.awscdk.services.cloudwatch.*; App app = new App(); Stack stack = Stack.Builder.create(app, "Stack").env(Environment.builder().region("us-west-2").build()).build(); TableV2 globalTable = TableV2.Builder.create(stack, "GlobalTable") .partitionKey(Attribute.builder().name("pk").type(AttributeType.STRING).build()) .replicas(List.of(ReplicaTableProps.builder().region("us-east-1").build(), ReplicaTableProps.builder().region("us-east-2").build())) .build(); // metric is only for the table in us-west-2 Metric metric = globalTable.metricConsumedReadCapacityUnits(); Alarm.Builder.create(this, "Alarm") .metric(metric) .evaluationPeriods(1) .threshold(1) .build();
The replica
method can be used to generate a metric for a specific replica table:
import * as cdk form 'aws-cdk-lib'; import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; class FooStack extends cdk.Stack { public readonly globalTable: dynamodb.TableV2; public constructor(scope: Construct, id: string, props: cdk.StackProps) { super(scope, id, props); this.globalTable = new dynamodb.Tablev2(this, 'GlobalTable', { partitionKey: { name: 'pk', type: dynamodb.AttributeType.STRING }, replicas: [ { region: 'us-east-1' }, { region: 'us-east-2' }, ], }); } } interface BarStack extends cdk.StackProps { readonly replicaTable: dynamodb.ITableV2; } class BarStack extends cdk.Stack { public constructor(scope: Construct, id: string, props: BarStackProps) { super(scope, id, props); // metric is only for the table in us-east-1 const metric = props.replicaTable.metricConsumedReadCapacityUnits(); new cloudwatch.Alarm(this, 'Alarm', { metric: metric, evaluationPeriods: 1, threshold: 1, }); } } const app = new cdk.App(); const fooStack = new FooStack(app, 'FooStack', { env: { region: 'us-west-2' } }); const barStack = new BarStack(app, 'BarStack', { replicaTable: fooStack.globalTable.replica('us-east-1'), env: { region: 'us-east-1' }, });
import from S3 Bucket
You can import data in S3 when creating a Table using the Table
construct.
To import data into DynamoDB, it is required that your data is in a CSV, DynamoDB JSON, or Amazon Ion format within an Amazon S3 bucket.
The data may be compressed using ZSTD or GZIP formats, or you may choose to import it without compression.
The data source can be a single S3 object or multiple S3 objects sharing a common prefix.
Further reading: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/S3DataImport.HowItWorks.html
use CSV format
The InputFormat.csv
method accepts delimiter
and headerList
options as arguments.
If delimiter
is not specified, ,
is used by default.
And if headerList
is specified, the first line of CSV is treated as data instead of header.
import software.amazon.awscdk.*; import software.amazon.awscdk.services.s3.*; IBucket bucket; App app = new App(); Stack stack = new Stack(app, "Stack"); Table.Builder.create(stack, "Table") .partitionKey(Attribute.builder() .name("id") .type(AttributeType.STRING) .build()) .importSource(ImportSourceSpecification.builder() .compressionType(InputCompressionType.GZIP) .inputFormat(InputFormat.csv(CsvOptions.builder() .delimiter(",") .headerList(List.of("id", "name")) .build())) .bucket(bucket) .keyPrefix("prefix") .build()) .build();
use DynamoDB JSON format
Use the InputFormat.dynamoDBJson()
method to specify the inputFormat
property.
There are currently no options available.
import software.amazon.awscdk.*; import software.amazon.awscdk.services.s3.*; IBucket bucket; App app = new App(); Stack stack = new Stack(app, "Stack"); Table.Builder.create(stack, "Table") .partitionKey(Attribute.builder() .name("id") .type(AttributeType.STRING) .build()) .importSource(ImportSourceSpecification.builder() .compressionType(InputCompressionType.GZIP) .inputFormat(InputFormat.dynamoDBJson()) .bucket(bucket) .keyPrefix("prefix") .build()) .build();
use Amazon Ion format
Use the InputFormat.ion()
method to specify the inputFormat
property.
There are currently no options available.
import software.amazon.awscdk.*; import software.amazon.awscdk.services.s3.*; IBucket bucket; App app = new App(); Stack stack = new Stack(app, "Stack"); Table.Builder.create(stack, "Table") .partitionKey(Attribute.builder() .name("id") .type(AttributeType.STRING) .build()) .importSource(ImportSourceSpecification.builder() .compressionType(InputCompressionType.GZIP) .inputFormat(InputFormat.ion()) .bucket(bucket) .keyPrefix("prefix") .build()) .build();
-
ClassDescriptionRepresents an attribute for describing the key schema for the table and indexes.A builder for
Attribute
An implementation forAttribute
Data types for attributes within a table.Options used to configure autoscaled capacity.A builder forAutoscaledCapacityOptions
An implementation forAutoscaledCapacityOptions
Represents how capacity is managed and how you are charged for read and write throughput for a DynamoDB table.DynamoDB's Read/Write capacity modes.Represents the amount of read and write operations supported by a DynamoDB table.Capacity modes.TheAWS::DynamoDB::GlobalTable
resource enables you to create and manage a Version 2019.11.21 global table.Represents an attribute for describing the schema for the table and indexes.A builder forCfnGlobalTable.AttributeDefinitionProperty
An implementation forCfnGlobalTable.AttributeDefinitionProperty
A fluent builder forCfnGlobalTable
.Configures a scalable target and an autoscaling policy for a table or global secondary index's read or write capacity.A builder forCfnGlobalTable.CapacityAutoScalingSettingsProperty
An implementation forCfnGlobalTable.CapacityAutoScalingSettingsProperty
Configures contributor insights settings for a replica or one of its indexes.A builder forCfnGlobalTable.ContributorInsightsSpecificationProperty
An implementation forCfnGlobalTable.ContributorInsightsSpecificationProperty
Allows you to specify a global secondary index for the global table.A builder forCfnGlobalTable.GlobalSecondaryIndexProperty
An implementation forCfnGlobalTable.GlobalSecondaryIndexProperty
Represents a single element of a key schema.A builder forCfnGlobalTable.KeySchemaProperty
An implementation forCfnGlobalTable.KeySchemaProperty
The Kinesis Data Streams configuration for the specified global table replica.A builder forCfnGlobalTable.KinesisStreamSpecificationProperty
An implementation forCfnGlobalTable.KinesisStreamSpecificationProperty
Represents the properties of a local secondary index.A builder forCfnGlobalTable.LocalSecondaryIndexProperty
An implementation forCfnGlobalTable.LocalSecondaryIndexProperty
Represents the settings used to enable point in time recovery.A builder forCfnGlobalTable.PointInTimeRecoverySpecificationProperty
An implementation forCfnGlobalTable.PointInTimeRecoverySpecificationProperty
Represents attributes that are copied (projected) from the table into an index.A builder forCfnGlobalTable.ProjectionProperty
An implementation forCfnGlobalTable.ProjectionProperty
Sets the read request settings for a replica table or a replica global secondary index.A builder forCfnGlobalTable.ReadOnDemandThroughputSettingsProperty
An implementation forCfnGlobalTable.ReadOnDemandThroughputSettingsProperty
Allows you to specify the read capacity settings for a replica table or a replica global secondary index when theBillingMode
is set toPROVISIONED
.A builder forCfnGlobalTable.ReadProvisionedThroughputSettingsProperty
An implementation forCfnGlobalTable.ReadProvisionedThroughputSettingsProperty
Represents the properties of a global secondary index that can be set on a per-replica basis.An implementation forCfnGlobalTable.ReplicaGlobalSecondaryIndexSpecificationProperty
Defines settings specific to a single replica of a global table.A builder forCfnGlobalTable.ReplicaSpecificationProperty
An implementation forCfnGlobalTable.ReplicaSpecificationProperty
Allows you to specify a KMS key identifier to be used for server-side encryption.A builder forCfnGlobalTable.ReplicaSSESpecificationProperty
An implementation forCfnGlobalTable.ReplicaSSESpecificationProperty
Represents the DynamoDB Streams configuration for a global table replica.A builder forCfnGlobalTable.ReplicaStreamSpecificationProperty
An implementation forCfnGlobalTable.ReplicaStreamSpecificationProperty
Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream.A builder forCfnGlobalTable.ResourcePolicyProperty
An implementation forCfnGlobalTable.ResourcePolicyProperty
Represents the settings used to enable server-side encryption.A builder forCfnGlobalTable.SSESpecificationProperty
An implementation forCfnGlobalTable.SSESpecificationProperty
Represents the DynamoDB Streams configuration for a table in DynamoDB.A builder forCfnGlobalTable.StreamSpecificationProperty
An implementation forCfnGlobalTable.StreamSpecificationProperty
Defines a target tracking scaling policy.An implementation forCfnGlobalTable.TargetTrackingScalingPolicyConfigurationProperty
Represents the settings used to enable or disable Time to Live (TTL) for the specified table.A builder forCfnGlobalTable.TimeToLiveSpecificationProperty
An implementation forCfnGlobalTable.TimeToLiveSpecificationProperty
Sets the write request settings for a global table or a global secondary index.A builder forCfnGlobalTable.WriteOnDemandThroughputSettingsProperty
An implementation forCfnGlobalTable.WriteOnDemandThroughputSettingsProperty
Specifies an auto scaling policy for write capacity.An implementation forCfnGlobalTable.WriteProvisionedThroughputSettingsProperty
Properties for defining aCfnGlobalTable
.A builder forCfnGlobalTableProps
An implementation forCfnGlobalTableProps
TheAWS::DynamoDB::Table
resource creates a DynamoDB table.Represents an attribute for describing the schema for the table and indexes.A builder forCfnTable.AttributeDefinitionProperty
An implementation forCfnTable.AttributeDefinitionProperty
A fluent builder forCfnTable
.The settings used to enable or disable CloudWatch Contributor Insights.A builder forCfnTable.ContributorInsightsSpecificationProperty
An implementation forCfnTable.ContributorInsightsSpecificationProperty
The options for imported source files in CSV format.A builder forCfnTable.CsvProperty
An implementation forCfnTable.CsvProperty
Represents the properties of a global secondary index.A builder forCfnTable.GlobalSecondaryIndexProperty
An implementation forCfnTable.GlobalSecondaryIndexProperty
Specifies the properties of data being imported from the S3 bucket source to the table.A builder forCfnTable.ImportSourceSpecificationProperty
An implementation forCfnTable.ImportSourceSpecificationProperty
The format options for the data that was imported into the target table.A builder forCfnTable.InputFormatOptionsProperty
An implementation forCfnTable.InputFormatOptionsProperty
Represents a single element of a key schema.A builder forCfnTable.KeySchemaProperty
An implementation forCfnTable.KeySchemaProperty
The Kinesis Data Streams configuration for the specified table.A builder forCfnTable.KinesisStreamSpecificationProperty
An implementation forCfnTable.KinesisStreamSpecificationProperty
Represents the properties of a local secondary index.A builder forCfnTable.LocalSecondaryIndexProperty
An implementation forCfnTable.LocalSecondaryIndexProperty
Sets the maximum number of read and write units for the specified on-demand table.A builder forCfnTable.OnDemandThroughputProperty
An implementation forCfnTable.OnDemandThroughputProperty
The settings used to enable point in time recovery.A builder forCfnTable.PointInTimeRecoverySpecificationProperty
An implementation forCfnTable.PointInTimeRecoverySpecificationProperty
Represents attributes that are copied (projected) from the table into an index.A builder forCfnTable.ProjectionProperty
An implementation forCfnTable.ProjectionProperty
Throughput for the specified table, which consists of values forReadCapacityUnits
andWriteCapacityUnits
.A builder forCfnTable.ProvisionedThroughputProperty
An implementation forCfnTable.ProvisionedThroughputProperty
Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream.A builder forCfnTable.ResourcePolicyProperty
An implementation forCfnTable.ResourcePolicyProperty
The S3 bucket that is being imported from.A builder forCfnTable.S3BucketSourceProperty
An implementation forCfnTable.S3BucketSourceProperty
Represents the settings used to enable server-side encryption.A builder forCfnTable.SSESpecificationProperty
An implementation forCfnTable.SSESpecificationProperty
Represents the DynamoDB Streams configuration for a table in DynamoDB.A builder forCfnTable.StreamSpecificationProperty
An implementation forCfnTable.StreamSpecificationProperty
Represents the settings used to enable or disable Time to Live (TTL) for the specified table.A builder forCfnTable.TimeToLiveSpecificationProperty
An implementation forCfnTable.TimeToLiveSpecificationProperty
Properties for defining aCfnTable
.A builder forCfnTableProps
An implementation forCfnTableProps
The options for imported source files in CSV format.A builder forCsvOptions
An implementation forCsvOptions
Properties for enabling DynamoDB capacity scaling.A builder forEnableScalingProps
An implementation forEnableScalingProps
Properties for a global secondary index.A builder forGlobalSecondaryIndexProps
An implementation forGlobalSecondaryIndexProps
Properties used to configure a global secondary index.A builder forGlobalSecondaryIndexPropsV2
An implementation forGlobalSecondaryIndexPropsV2
Properties for importing data from the S3.A builder forImportSourceSpecification
An implementation forImportSourceSpecification
Type of compression to use for imported data.The format of the source data.Interface for scalable attributes.Internal default implementation forIScalableTableAttribute
.A proxy class which represents a concrete javascript instance of this type.An interface that represents a DynamoDB Table - either created with the CDK, or an existing one.Internal default implementation forITable
.A proxy class which represents a concrete javascript instance of this type.Represents an instance of a DynamoDB table.Internal default implementation forITableV2
.A proxy class which represents a concrete javascript instance of this type.Properties for a local secondary index.A builder forLocalSecondaryIndexProps
An implementation forLocalSecondaryIndexProps
Properties used to configure maximum throughput for an on-demand table.A builder forMaxThroughputProps
An implementation forMaxThroughputProps
Supported DynamoDB table operations.Options for configuring metrics that considers multiple operations.A builder forOperationsMetricOptions
An implementation forOperationsMetricOptions
The set of attributes that are projected into the index.Options used to configure global secondary indexes on a replica table.A builder forReplicaGlobalSecondaryIndexOptions
An implementation forReplicaGlobalSecondaryIndexOptions
Properties used to configure a replica table.A builder forReplicaTableProps
An implementation forReplicaTableProps
Represents the table schema attributes.A builder forSchemaOptions
An implementation forSchemaOptions
Properties for a secondary index.A builder forSecondaryIndexProps
An implementation forSecondaryIndexProps
When an item in the table is modified, StreamViewType determines what information is written to the stream for this table.Options for configuring a system errors metric that considers multiple operations.A builder forSystemErrorsForOperationsMetricOptions
An implementation forSystemErrorsForOperationsMetricOptions
Provides a DynamoDB table.A fluent builder forTable
.Reference to a dynamodb table.A builder forTableAttributes
An implementation forTableAttributes
Attributes of a DynamoDB table.A builder forTableAttributesV2
An implementation forTableAttributesV2
Base class for a DynamoDB table.DynamoDB's table class.What kind of server-side encryption to apply to this table.Represents server-side encryption for a DynamoDB table.Properties of a DynamoDB Table.A builder forTableOptions
An implementation forTableOptions
Options used to configure a DynamoDB table.A builder forTableOptionsV2
An implementation forTableOptionsV2
Properties for a DynamoDB Table.A builder forTableProps
An implementation forTableProps
Properties used to configure a DynamoDB table.A builder forTablePropsV2
An implementation forTablePropsV2
A DynamoDB Table.A fluent builder forTableV2
.Properties used to configure provisioned throughput for a DynamoDB table.A builder forThroughputProps
An implementation forThroughputProps
Properties for enabling DynamoDB utilization tracking.A builder forUtilizationScalingProps
An implementation forUtilizationScalingProps