AWS DynamoDB Table
This page shows how to write Terraform and CloudFormation for DynamoDB Table and write them securely.
aws_dynamodb_table (Terraform)
The Table in DynamoDB can be configured in Terraform with the resource name aws_dynamodb_table
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_dynamodb_table" "class-hours-table" {
name = "classHours"
read_capacity = 2
write_capacity = 2
hash_key = "CRN"
attribute {
resource "aws_dynamodb_table" "sans_website_folders" {
name = "sans-folders"
billing_mode = "PROVISIONED"
read_capacity = 1
write_capacity = 1
hash_key = "userId"
resource "aws_dynamodb_table" "Music" {
name = "Music"
read_capacity = 5
write_capacity = 5
hash_key = "Artist"
range_key = "SongTitle"
resource "aws_dynamodb_table" "Music" {
name = "Music"
read_capacity = 5
write_capacity = 5
hash_key = "Artist"
range_key = "SongTitle"
resource "aws_dynamodb_table" "dragon_bonus_attack" {
name = "dragon_bonus_attack"
read_capacity = 0
write_capacity = 0
hash_key = "breath_attack"
range_key = "range"
Security Best Practices for aws_dynamodb_table
There are 2 settings in aws_dynamodb_table that should be taken care of for security reasons. The following section explain an overview and example code.
Ensure to enable point-in-time recovery of DynamoDB table
It is better to enable point-in-time recovery of DynamoDB table. It may help you restore data that is modified or deleted maliciously or accidentally.
Ensure to use a customer-managed key for the encryption of DynamoDB tables
It is better to use a customer-managed key for the encryption of DynamoDB tables. The DynamoDB tables use at rest encryption with AWS-managed keys by default. It can be gain more control over the encryption by using customer-managed keys (CMK).
Parameters
-
arn
optional computed - string -
billing_mode
optional - string -
hash_key
required - string -
id
optional computed - string -
name
required - string -
range_key
optional - string -
read_capacity
optional - number -
stream_arn
optional computed - string -
stream_enabled
optional - bool -
stream_label
optional computed - string -
stream_view_type
optional computed - string -
tags
optional - map from string to string -
write_capacity
optional - number -
attribute
set block -
global_secondary_index
set block-
hash_key
required - string -
name
required - string -
non_key_attributes
optional - set of string -
projection_type
required - string -
range_key
optional - string -
read_capacity
optional - number -
write_capacity
optional - number
-
-
local_secondary_index
set block-
name
required - string -
non_key_attributes
optional - list of string -
projection_type
required - string -
range_key
required - string
-
-
point_in_time_recovery
list block-
enabled
required - bool
-
-
replica
set block-
kms_key_arn
optional computed - string -
region_name
required - string
-
-
server_side_encryption
list block-
enabled
required - bool -
kms_key_arn
optional computed - string
-
-
timeouts
single block -
ttl
list block-
attribute_name
required - string -
enabled
optional - bool
-
Explanation in Terraform Registry
Provides a DynamoDB table resource
Note: It is recommended to use
lifecycle
ignore_changes
forread_capacity
and/orwrite_capacity
if there's autoscaling policy attached to the table.
AWS::DynamoDB::Table (CloudFormation)
The Table in DynamoDB can be configured in CloudFormation with the resource name AWS::DynamoDB::Table
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
AttributeDefinitions
optional - List of AttributeDefinition -
BillingMode
optional - String -
ContributorInsightsSpecification
optional - ContributorInsightsSpecification -
GlobalSecondaryIndexes
optional - List of GlobalSecondaryIndex -
KeySchema
required - List of KeySchema -
KinesisStreamSpecification
optional - KinesisStreamSpecification -
LocalSecondaryIndexes
optional - List of LocalSecondaryIndex -
PointInTimeRecoverySpecification
optional - PointInTimeRecoverySpecification -
ProvisionedThroughput
optional - ProvisionedThroughput -
SSESpecification
optional - SSESpecification -
StreamSpecification
optional - StreamSpecification -
TableName
optional - String -
Tags
optional - List of Tag -
TimeToLiveSpecification
optional - TimeToLiveSpecification
Explanation in CloudFormation Registry
The
AWS::DynamoDB::Table
resource creates a DynamoDB table. For more information, see CreateTable in the Amazon DynamoDB API Reference.You should be aware of the following behaviors when working with DynamoDB tables:+ AWS CloudFormation typically creates DynamoDB tables in parallel. However, if your template includes multiple DynamoDB tables with indexes, you must declare dependencies so that the tables are created sequentially. Amazon DynamoDB limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DynamoDB returns an error and the stack operation fails. For an example, see DynamoDB Table with a DependsOn Attribute.
Frequently asked questions
What is AWS DynamoDB Table?
AWS DynamoDB Table is a resource for DynamoDB of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS DynamoDB Table?
For Terraform, the RPISDD/DeployScripts, DaveButland/sans-terraform and palerique/dynamodb-studies source code examples are useful. See the Terraform Example section for further details.