AWS DynamoDB Tag
This page shows how to write Terraform and CloudFormation for DynamoDB Tag and write them securely.
aws_dynamodb_tag (Terraform)
The Tag in DynamoDB can be configured in Terraform with the resource name aws_dynamodb_tag
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
resource_arn
- (Required) Amazon Resource Name (ARN) of the DynamoDB resource to tag.key
- (Required) Tag name.value
- (Required) Tag value.
In addition to all arguments above, the following attributes are exported:
id
- DynamoDB resource identifier and key, separated by a comma (,
)
Explanation in Terraform Registry
Manages an individual DynamoDB resource tag. This resource should only be used in cases where DynamoDB resources are created outside Terraform (e.g., Table replicas in other regions).
NOTE: This tagging resource should not be combined with the Terraform resource for managing the parent resource. For example, using
aws_dynamodb_table
andaws_dynamodb_tag
to manage tags of the same DynamoDB Table in the same region will cause a perpetual difference where theaws_dynamodb_cluster
resource will try to remove the tag being added by theaws_dynamodb_tag
resource. NOTE: This tagging resource does not use the providerignore_tags
configuration.
Tips: Best Practices for The Other AWS DynamoDB Resources
In addition to the aws_dynamodb_table, AWS DynamoDB has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_dynamodb_table
Ensure to enable point-in-time recovery of DynamoDB table
It is better to enable point-in-time recovery of DynamoDB table. It may help you restore data that is modified or deleted maliciously or accidentally.
AWS::DynamoDB::Table (CloudFormation)
The Table in DynamoDB can be configured in CloudFormation with the resource name AWS::DynamoDB::Table
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
AttributeDefinitions
optional - List of AttributeDefinition -
BillingMode
optional - String -
ContributorInsightsSpecification
optional - ContributorInsightsSpecification -
GlobalSecondaryIndexes
optional - List of GlobalSecondaryIndex -
KeySchema
required - List of KeySchema -
KinesisStreamSpecification
optional - KinesisStreamSpecification -
LocalSecondaryIndexes
optional - List of LocalSecondaryIndex -
PointInTimeRecoverySpecification
optional - PointInTimeRecoverySpecification -
ProvisionedThroughput
optional - ProvisionedThroughput -
SSESpecification
optional - SSESpecification -
StreamSpecification
optional - StreamSpecification -
TableName
optional - String -
Tags
optional - List of Tag -
TimeToLiveSpecification
optional - TimeToLiveSpecification
Explanation in CloudFormation Registry
The
AWS::DynamoDB::Table
resource creates a DynamoDB table. For more information, see CreateTable in the Amazon DynamoDB API Reference.You should be aware of the following behaviors when working with DynamoDB tables:+ AWS CloudFormation typically creates DynamoDB tables in parallel. However, if your template includes multiple DynamoDB tables with indexes, you must declare dependencies so that the tables are created sequentially. Amazon DynamoDB limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DynamoDB returns an error and the stack operation fails. For an example, see DynamoDB Table with a DependsOn Attribute.