aws-lambda-dynamodb - AWS Solutions Constructs
OverviewPattern Construct PropsPattern PropertiesDefault settingsArchitectureExample Lambda Function ImplementationGithub

aws-lambda-dynamodb

Stability:Stable
Reference Documentation: https://docs.aws.amazon.com/solutions/latest/constructs/
Language Package

Python Logo Python

aws_solutions_constructs.aws_lambda_dynamodb

Typescript Logo Typescript

@aws-solutions-constructs/aws-lambda-dynamodb

Java Logo Java

software.amazon.awsconstructs.services.lambdadynamodb

Overview

This AWS Solutions Construct implements the AWS Lambda function and Amazon DynamoDB table with the least privileged permissions.

Here is a minimal deployable pattern definition:

Typescript
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { LambdaToDynamoDBProps, LambdaToDynamoDB } from '@aws-solutions-constructs/aws-lambda-dynamodb';
import * as lambda from 'aws-cdk-lib/aws-lambda';

const constructProps: LambdaToDynamoDBProps = {
  lambdaFunctionProps: {
    code: lambda.Code.fromAsset(`lambda`),
    runtime: lambda.Runtime.NODEJS_22_X,
    handler: 'index.handler'
  },
};

new LambdaToDynamoDB(this, 'test-lambda-dynamodb-stack', constructProps);
Python
from aws_solutions_constructs.aws_lambda_dynamodb import LambdaToDynamoDBProps, LambdaToDynamoDB
from aws_cdk import (
    aws_lambda as _lambda,
    Stack
)
from constructs import Construct

LambdaToDynamoDB(self, 'test_lambda_dynamodb_stack',
                    lambda_function_props=_lambda.FunctionProps(
                        code=_lambda.Code.from_asset(
                            'lambda'),
                        runtime=_lambda.Runtime.PYTHON_3_11,
                        handler='index.handler'
                    ))
Java
import software.constructs.Construct;

import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.services.lambda.*;
import software.amazon.awscdk.services.lambda.Runtime;
import software.amazon.awsconstructs.services.lambdadynamodb.*;

new LambdaToDynamoDB(this, "test_lambda_dynamodb_stack", new LambdaToDynamoDBProps.Builder()
        .lambdaFunctionProps(new FunctionProps.Builder()
                .runtime(Runtime.NODEJS_22_X)
                .code(Code.fromAsset("lambda"))
                .handler("index.handler")
                .build())
        .build());

Pattern Construct Props

Name Type Description

existingLambdaObj?

lambda.Function

Existing instance of Lambda Function object, providing both this and lambdaFunctionProps will cause an error.

lambdaFunctionProps?

lambda.FunctionProps

User provided props to override the default props for the Lambda function.

dynamoTableProps?

dynamodb.TableProps

Optional user provided props to override the default props for DynamoDB Table

existingTableObj?

dynamodb.Table

Existing instance of DynamoDB table object, providing both this and dynamoTableProps will cause an error.

tablePermissions?

string

Optional table permissions to grant to the Lambda function. One of the following may be specified: All, Read, ReadWrite, Write.

tableEnvironmentVariableName?

string

Optional Name for the Lambda function environment variable set to the name of the DynamoDB table. Default: DDB_TABLE_NAME

existingVpc?

ec2.IVpc

An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources and a Gateway Endpoint will be created in the VPC for Amazon DynamoDB. If an existing VPC is provided, the deployVpc property cannot be true. This uses ec2.IVpc to allow clients to supply VPCs that exist outside the stack using the ec2.Vpc.fromLookup() method.

vpcProps?

ec2.VpcProps

Optional user-provided properties to override the default properties for the new VPC. enableDnsHostnames, enableDnsSupport, natGateways and subnetConfiguration are set by the pattern, so any values for those properties supplied here will be overridden. If deployVpc is not true then this property will be ignored.

deployVpc?

boolean

Whether to create a new VPC based on vpcProps into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern:

Pattern Properties

Name Type Description

lambdaFunction

lambda.Function

Returns an instance of lambda.Function created by the construct

dynamoTable

dynamodb.Table

Returns an instance of dynamodb.Table created by the construct

vpc?

ec2.IVpc

Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

AWS Lambda Function

  • Configure limited privilege access IAM role for Lambda function

  • Enable reusing connections with Keep-Alive for NodeJs Lambda function

  • Enable X-Ray Tracing

  • Set Environment Variables

    • (default) DDB_TABLE_NAME

    • AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Amazon DynamoDB Table

  • Set the billing mode for DynamoDB Table to On-Demand (Pay per request)

  • Enable server-side encryption for DynamoDB Table using AWS managed KMS Key

  • Creates a partition key called "id" for DynamoDB Table

  • Retain the Table when deleting the CloudFormation stack

  • Enable continuous backups and point-in-time recovery

Architecture

Diagram showing the Lambda function, CloudWatch log group, DynamoDB table and IAM role created by the construct

Example Lambda Function Implementation

While Solutions Constructs does not publish code for the Lambda function to call DynamoDB, here is a DynamoDB example for CreateTableCommand, PutCommand, GetCommand, DeleteCommand, UpdateCommand, and more: 'example'. (this example is in JavaScript, but examples in other languages can also be found at this site)

Github

Go to the Github repo for this pattern to view the code, read/create issues and pull requests and more.