aws-lambda-dynamodb - AWS Solutions Constructs

aws-lambda-dynamodb

Language Package

                  Python Logo
                Python aws_solutions_constructs.aws_lambda_dynamodb

                  Typescript Logo
                Typescript @aws-solutions-constructs/aws-lambda-dynamodb

                  Java Logo
                Java software.amazon.awsconstructs.services.lambdadynamodb

Overview

This AWS Solutions Construct implements the AWS Lambda function and Amazon DynamoDB table with the least privileged permissions.

Here is a minimal deployable pattern definition:

Typescript
import { Construct } from 'constructs'; import { Stack, StackProps } from 'aws-cdk-lib'; import { LambdaToDynamoDBProps, LambdaToDynamoDB } from '@aws-solutions-constructs/aws-lambda-dynamodb'; import * as lambda from 'aws-cdk-lib/aws-lambda'; const constructProps: LambdaToDynamoDBProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset(`lambda`), runtime: lambda.Runtime.NODEJS_16_X, handler: 'index.handler' }, }; new LambdaToDynamoDB(this, 'test-lambda-dynamodb-stack', constructProps);
Python
from aws_solutions_constructs.aws_lambda_dynamodb import LambdaToDynamoDBProps, LambdaToDynamoDB from aws_cdk import ( aws_lambda as _lambda, Stack ) from constructs import Construct LambdaToDynamoDB(self, 'test_lambda_dynamodb_stack', lambda_function_props=_lambda.FunctionProps( code=_lambda.Code.from_asset( 'lambda'), runtime=_lambda.Runtime.PYTHON_3_9, handler='index.handler' ))
Java
import software.constructs.Construct; import software.amazon.awscdk.Stack; import software.amazon.awscdk.StackProps; import software.amazon.awscdk.services.lambda.*; import software.amazon.awscdk.services.lambda.Runtime; import software.amazon.awsconstructs.services.lambdadynamodb.*; new LambdaToDynamoDB(this, "test_lambda_dynamodb_stack", new LambdaToDynamoDBProps.Builder() .lambdaFunctionProps(new FunctionProps.Builder() .runtime(Runtime.NODEJS_16_X) .code(Code.fromAsset("lambda")) .handler("index.handler") .build()) .build());

Pattern Construct Props

Name Type Description
existingLambdaObj? lambda.Function Existing instance of Lambda Function object, providing both this and lambdaFunctionProps will cause an error.
lambdaFunctionProps? lambda.FunctionProps User provided props to override the default props for the Lambda function.
dynamoTableProps? dynamodb.TableProps Optional user provided props to override the default props for DynamoDB Table
existingTableObj? dynamodb.Table Existing instance of DynamoDB table object, providing both this and dynamoTableProps will cause an error.
tablePermissions? string Optional table permissions to grant to the Lambda function. One of the following may be specified: All, Read, ReadWrite, Write.
tableEnvironmentVariableName? string Optional Name for the Lambda function environment variable set to the name of the DynamoDB table. Default: DDB_TABLE_NAME
existingVpc? ec2.IVpc An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources and a Gateway Endpoint will be created in the VPC for Amazon DynamoDB. If an existing VPC is provided, the deployVpc property cannot be true. This uses ec2.IVpc to allow clients to supply VPCs that exist outside the stack using the ec2.Vpc.fromLookup() method.
vpcProps? ec2.VpcProps Optional user-provided properties to override the default properties for the new VPC. enableDnsHostnames, enableDnsSupport, natGateways and subnetConfiguration are set by the pattern, so any values for those properties supplied here will be overridden. If deployVpc is not true then this property will be ignored.
deployVpc? boolean Whether to create a new VPC based on vpcProps into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern:

Pattern Properties

Name Type Description
lambdaFunction lambda.Function Returns an instance of lambda.Function created by the construct
dynamoTable dynamodb.Table Returns an instance of dynamodb.Table created by the construct
vpc? ec2.IVpc Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

AWS Lambda Function

  • Configure limited privilege access IAM role for Lambda function

  • Enable reusing connections with Keep-Alive for NodeJs Lambda function

  • Enable X-Ray Tracing

  • Set Environment Variables

    • (default) DDB_TABLE_NAME

    • AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Amazon DynamoDB Table

  • Set the billing mode for DynamoDB Table to On-Demand (Pay per request)

  • Enable server-side encryption for DynamoDB Table using AWS managed KMS Key

  • Creates a partition key called "id" for DynamoDB Table

  • Retain the Table when deleting the CloudFormation stack

  • Enable continuous backups and point-in-time recovery

Architecture

GitHub

To view the code for this pattern, create/view issues and pull requests, and more:
@aws-solutions-constructs/aws-lambda-dynamodb