AWS DynamoDB Table
This page shows how to write Terraform and CloudFormation for DynamoDB Table and write them securely.
aws_dynamodb_table (Terraform)
The Table in DynamoDB can be configured in Terraform with the resource name aws_dynamodb_table. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_dynamodb_table" "class-hours-table" {
name = "classHours"
read_capacity = 2
write_capacity = 2
hash_key = "CRN"
attribute {
resource "aws_dynamodb_table" "sans_website_folders" {
name = "sans-folders"
billing_mode = "PROVISIONED"
read_capacity = 1
write_capacity = 1
hash_key = "userId"
resource "aws_dynamodb_table" "Music" {
name = "Music"
read_capacity = 5
write_capacity = 5
hash_key = "Artist"
range_key = "SongTitle"
resource "aws_dynamodb_table" "Music" {
name = "Music"
read_capacity = 5
write_capacity = 5
hash_key = "Artist"
range_key = "SongTitle"
resource "aws_dynamodb_table" "dragon_bonus_attack" {
name = "dragon_bonus_attack"
read_capacity = 0
write_capacity = 0
hash_key = "breath_attack"
range_key = "range"
Security Best Practices for aws_dynamodb_table
There are 2 settings in aws_dynamodb_table that should be taken care of for security reasons. The following section explain an overview and example code.
Ensure to enable point-in-time recovery of DynamoDB table
It is better to enable point-in-time recovery of DynamoDB table. It may help you restore data that is modified or deleted maliciously or accidentally.
Ensure to use a customer-managed key for the encryption of DynamoDB tables
It is better to use a customer-managed key for the encryption of DynamoDB tables. The DynamoDB tables use at rest encryption with AWS-managed keys by default. It can be gain more control over the encryption by using customer-managed keys (CMK).
Parameters
-
arnoptional computed - string -
billing_modeoptional - string -
hash_keyrequired - string -
idoptional computed - string -
namerequired - string -
range_keyoptional - string -
read_capacityoptional - number -
stream_arnoptional computed - string -
stream_enabledoptional - bool -
stream_labeloptional computed - string -
stream_view_typeoptional computed - string -
tagsoptional - map from string to string -
write_capacityoptional - number -
attributeset block -
global_secondary_indexset block-
hash_keyrequired - string -
namerequired - string -
non_key_attributesoptional - set of string -
projection_typerequired - string -
range_keyoptional - string -
read_capacityoptional - number -
write_capacityoptional - number
-
-
local_secondary_indexset block-
namerequired - string -
non_key_attributesoptional - list of string -
projection_typerequired - string -
range_keyrequired - string
-
-
point_in_time_recoverylist block-
enabledrequired - bool
-
-
replicaset block-
kms_key_arnoptional computed - string -
region_namerequired - string
-
-
server_side_encryptionlist block-
enabledrequired - bool -
kms_key_arnoptional computed - string
-
-
timeoutssingle block -
ttllist block-
attribute_namerequired - string -
enabledoptional - bool
-
Explanation in Terraform Registry
Provides a DynamoDB table resource
Note: It is recommended to use
lifecycleignore_changesforread_capacityand/orwrite_capacityif there's autoscaling policy attached to the table.
AWS::DynamoDB::Table (CloudFormation)
The Table in DynamoDB can be configured in CloudFormation with the resource name AWS::DynamoDB::Table. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
AttributeDefinitionsoptional - List of AttributeDefinition -
BillingModeoptional - String -
ContributorInsightsSpecificationoptional - ContributorInsightsSpecification -
GlobalSecondaryIndexesoptional - List of GlobalSecondaryIndex -
KeySchemarequired - List of KeySchema -
KinesisStreamSpecificationoptional - KinesisStreamSpecification -
LocalSecondaryIndexesoptional - List of LocalSecondaryIndex -
PointInTimeRecoverySpecificationoptional - PointInTimeRecoverySpecification -
ProvisionedThroughputoptional - ProvisionedThroughput -
SSESpecificationoptional - SSESpecification -
StreamSpecificationoptional - StreamSpecification -
TableNameoptional - String -
Tagsoptional - List of Tag -
TimeToLiveSpecificationoptional - TimeToLiveSpecification
Explanation in CloudFormation Registry
The
AWS::DynamoDB::Tableresource creates a DynamoDB table. For more information, see CreateTable in the Amazon DynamoDB API Reference.You should be aware of the following behaviors when working with DynamoDB tables:+ AWS CloudFormation typically creates DynamoDB tables in parallel. However, if your template includes multiple DynamoDB tables with indexes, you must declare dependencies so that the tables are created sequentially. Amazon DynamoDB limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DynamoDB returns an error and the stack operation fails. For an example, see DynamoDB Table with a DependsOn Attribute.
Frequently asked questions
What is AWS DynamoDB Table?
AWS DynamoDB Table is a resource for DynamoDB of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS DynamoDB Table?
For Terraform, the RPISDD/DeployScripts, DaveButland/sans-terraform and palerique/dynamodb-studies source code examples are useful. See the Terraform Example section for further details.
