aws-lambda-dynamodb - AWS Solutions Constructs


Note: To ensure proper functionality, the AWS Solutions Constructs packages and AWS CDK packages in your project must be the same version.

Language Package


This AWS Solutions Construct implements the AWS Lambda function and Amazon DynamoDB table with least-privilege permissions.

Here is a minimal deployable pattern definition in TypeScript:

import { LambdaToDynamoDBProps, LambdaToDynamoDB } from '@aws-solutions-constructs/aws-lambda-dynamodb'; const props: LambdaToDynamoDBProps = { lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_14_X, // This assumes a handler function in lib/lambda/index.js code: lambda.Code.fromAsset(`${__dirname}/lambda`), handler: 'index.handler' } }; new LambdaToDynamoDB(this, 'test-lambda-dynamodb-stack', props);


new LambdaToDynamoDB(scope: Construct, id: string, props: LambdaToDynamoDBProps);


Pattern Construct Props

Name Type Description
existingLambdaObj? lambda.Function Existing instance of Lambda Function object, providing both this and lambdaFunctionProps will cause an error.
lambdaFunctionProps? lambda.FunctionProps Optional user-provided properties to override the default properties for the Lambda function. Ignored if an existingLambdaObj is provided.
dynamoTableProps? dynamodb.TableProps Optional user provided props to override the default props for DynamoDB Table
existingTableObj? dynamodb.Table Existing instance of DynamoDB table object, providing both this and dynamoTableProps will cause an error.
tablePermissions? string Optional table permissions to be granted to the Lambda function. One of the following options may be specified: All, Read, ReadWrite, or Write.
tableEnvironmentVariableName? string Optional name for the DynamoDB table environment variable set for the Lambda function.
existingVpc? ec2.IVpc An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources and a Gateway Endpoint will be created in the VPC for Amazon DynamoDB. If an existing VPC is provided, the deployVpc property cannot be true. This uses ec2.IVpc to allow clients to supply VPCs that exist outside the stack using the ec2.Vpc.fromLookup() method.
vpcProps? ec2.VpcProps Optional user-provided properties to override the default properties for the new VPC. enableDnsHostnames, enableDnsSupport, natGateways, and subnetConfiguration are set by the pattern, so any values for those properties supplied here will be overrriden. If deployVpc is not true then this property will be ignored.
deployVpc? boolean Whether to create a new VPC based on vpcProps into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern:
  • One isolated subnet in each Availability Zone used by the CDK program

  • enableDnsHostnames and enableDnsSupport will both be set to true

If this property is true, then existingVpc cannot be specified. Defaults to false.

Pattern Properties

Name Type Description
dynamoTable dynamodb.Table Returns an instance of the DynamoDB table created by the pattern.
lambdaFunction lambda.Function Returns an instance of the Lambda function created by the pattern.
vpc? ec2.IVpc Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.

Default settings

Out-of-the-box implementation of this pattern without any overrides will set the following defaults:

AWS Lambda Function

  • Configure limited privilege access IAM role for Lambda function.

  • Enable reusing connections with Keep-Alive for NodeJs Lambda function.

  • Enable X-Ray tracing.

  • Set environment variables:

    • DDB_TABLE_NAME (default)

    • AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Amazon DynamoDB Table

  • Set the billing mode for DynamoDB Table to On-Demand (Pay per request).

  • Enable server-side encryption for DynamoDB Table using AWS managed KMS Key.

  • Creates a partition key called 'id' for DynamoDB Table.

  • Retain the Table when deleting the CloudFormation stack.

  • Enable continuous backups and point-in-time recovery.



To view the code for this pattern, create/view issues and pull requests, and more: