AWS DynamoDB Tag

This page shows how to write Terraform and CloudFormation for DynamoDB Tag and write them securely.

aws_dynamodb_tag (Terraform)

The Tag in DynamoDB can be configured in Terraform with the resource name aws_dynamodb_tag. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


The following arguments are supported:

  • resource_arn - (Required) Amazon Resource Name (ARN) of the DynamoDB resource to tag.
  • key - (Required) Tag name.
  • value - (Required) Tag value.

In addition to all arguments above, the following attributes are exported:

  • id - DynamoDB resource identifier and key, separated by a comma (,)

Explanation in Terraform Registry

Manages an individual DynamoDB resource tag. This resource should only be used in cases where DynamoDB resources are created outside Terraform (e.g., Table replicas in other regions).

NOTE: This tagging resource should not be combined with the Terraform resource for managing the parent resource. For example, using aws_dynamodb_table and aws_dynamodb_tag to manage tags of the same DynamoDB Table in the same region will cause a perpetual difference where the aws_dynamodb_cluster resource will try to remove the tag being added by the aws_dynamodb_tag resource. NOTE: This tagging resource does not use the provider ignore_tags configuration.

Tips: Best Practices for The Other AWS DynamoDB Resources

In addition to the aws_dynamodb_table, AWS DynamoDB has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.



Ensure to enable point-in-time recovery of DynamoDB table

It is better to enable point-in-time recovery of DynamoDB table. It may help you restore data that is modified or deleted maliciously or accidentally.

Review your AWS DynamoDB settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::DynamoDB::Table (CloudFormation)

The Table in DynamoDB can be configured in CloudFormation with the resource name AWS::DynamoDB::Table. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.


Explanation in CloudFormation Registry

The AWS::DynamoDB::Table resource creates a DynamoDB table. For more information, see CreateTable in the Amazon DynamoDB API Reference.

You should be aware of the following behaviors when working with DynamoDB tables:+ AWS CloudFormation typically creates DynamoDB tables in parallel. However, if your template includes multiple DynamoDB tables with indexes, you must declare dependencies so that the tables are created sequentially. Amazon DynamoDB limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DynamoDB returns an error and the stack operation fails. For an example, see DynamoDB Table with a DependsOn Attribute.

Frequently asked questions

What is AWS DynamoDB Tag?

AWS DynamoDB Tag is a resource for DynamoDB of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.