Skip to content

aws.dynamodb-table resource

Description

Table manages a DynamoDB table and the settings DynamoDB reconciles through follow-on calls, the way CloudFormation models AWS::DynamoDB::Table. The name, the table key (hash and range), and the local secondary indexes are fixed at creation, so a change to any of them replaces the table; everything else reconciles in place. The primary key and the index keys are decomposed into hash-key, range-key, and the per-index blocks rather than a raw key schema, and read-capacity and write-capacity into a provisioned-throughput pair, to match how a table is described. Time-to-live and point-in-time recovery are separate DynamoDB operations with no create-time field, so they are blocks reconciled after the table exists. An unset billing-mode is treated by DynamoDB as PROVISIONED, which then requires capacity; it is sent only when set so an omitted value does not read as drift.

Source: internal/service/dynamodb/table_rsrc.go:37

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.dynamodb-table {
    # Set input fields here.
  }
}

Inputs

name

string

required

billing-mode

optional(string)

hash-key

string

required

range-key

optional(string)

attribute

list(object) 
list(
  object({
    name: string
    type: string
  })
)

read-capacity

optional(integer)

write-capacity

optional(integer)

local-secondary-index

list(object) 
list(
  object({
    name: string
    range-key: string
    projection-type: string
    non-key-attributes: list(string)
  })
)

global-secondary-index

list(object) 
list(
  object({
    name: string
    hash-key: string
    range-key: optional(string)
    projection-type: string
    non-key-attributes: list(string)
    read-capacity: optional(integer)
    write-capacity: optional(integer)
    on-demand-throughput: optional(
      object({
        max-read-request-units: optional(integer)
        max-write-request-units: optional(integer)
      })
    )
    warm-throughput: optional(
      object({
        read-units-per-second: optional(integer)
        write-units-per-second: optional(integer)
      })
    )
  })
)

on-demand-throughput

optional(object) 
optional(
  object({
    max-read-request-units: optional(integer)
    max-write-request-units: optional(integer)
  })
)

stream-enabled

optional(boolean)

stream-view-type

optional(string)

server-side-encryption

optional(object) 
optional(
  object({
    enabled: optional(boolean)
    kms-key-id: optional(string)
  })
)

table-class

optional(string)

warm-throughput

optional(object) 
optional(
  object({
    read-units-per-second: optional(integer)
    write-units-per-second: optional(integer)
  })
)

ttl

optional(object) 
optional(
  object({
    enabled: optional(boolean)
    attribute-name: optional(string)
  })
)

point-in-time-recovery

optional(object) 
optional(
  object({
    enabled: optional(boolean)
    recovery-period-in-days: optional(integer)
  })
)

deletion-protection-enabled

optional(boolean)

tags

map(string)

Input Constraints

Field combinations

At most one of read-capacity or on-demand-throughput.

At most one of write-capacity or on-demand-throughput.

Required together: stream-view-type and stream-enabled.

Billing mode rules

read-capacity and write-capacity are required and at least 1 when billing-mode is PROVISIONED.

Rule logic
When
input.billing-mode == 'PROVISIONED'
Require
input.read-capacity != null
&& (input.read-capacity == null || input.read-capacity >= 1)
&& input.write-capacity != null
&& (input.write-capacity == null || input.write-capacity >= 1)

read-capacity and write-capacity must be unset when billing-mode is PAY_PER_REQUEST.

Rule logic
When
input.billing-mode == 'PAY_PER_REQUEST'
Require
input.read-capacity == null
&& input.write-capacity == null

billing-mode must be PROVISIONED or PAY_PER_REQUEST.

Rule logic
When
input.billing-mode != null
Require
input.billing-mode == 'PROVISIONED'
|| input.billing-mode == 'PAY_PER_REQUEST'

Table class rules

table-class must be STANDARD or STANDARD_INFREQUENT_ACCESS.

Rule logic
When
input.table-class != null
Require
input.table-class == 'STANDARD'
|| input.table-class == 'STANDARD_INFREQUENT_ACCESS'

Stream enabled rules

stream-view-type is required when stream-enabled is true.

Rule logic
When
input.stream-enabled == true
Require
input.stream-view-type != null

stream-view-type must be unset when stream-enabled is false.

Rule logic
When
input.stream-enabled == false
Require
input.stream-view-type == null

Stream view type rules

stream-view-type must be a valid DynamoDB stream view type.

Rule logic
When
input.stream-view-type != null
Require
input.stream-view-type == 'NEW_IMAGE'
|| input.stream-view-type == 'OLD_IMAGE'
|| input.stream-view-type == 'NEW_AND_OLD_IMAGES'
|| input.stream-view-type == 'KEYS_ONLY'

Ttl rules

ttl attribute-name is required when ttl is enabled.

Rule logic
When
input.ttl.enabled == true
Require
input.ttl.attribute-name != null
&& @core.length(input.ttl.attribute-name) >= 1

Point in time recovery rules

point-in-time-recovery recovery-period-in-days must be between 1 and 35.

Rule logic
When
input.point-in-time-recovery.recovery-period-in-days != null
Require
(input.point-in-time-recovery.recovery-period-in-days == null || input.point-in-time-recovery.recovery-period-in-days >= 1)
&& (input.point-in-time-recovery.recovery-period-in-days == null || input.point-in-time-recovery.recovery-period-in-days <= 35)

Attribute rules

attribute type must be S, N, or B.

Rule logic
For each
input.attribute
Require
@each.value.type == 'S'
|| @each.value.type == 'N'
|| @each.value.type == 'B'

Local secondary index rules

local-secondary-index projection-type must be ALL, INCLUDE, or KEYS_ONLY.

Rule logic
For each
input.local-secondary-index
Require
@each.value.projection-type == 'ALL'
|| @each.value.projection-type == 'INCLUDE'
|| @each.value.projection-type == 'KEYS_ONLY'

Global secondary index rules

global-secondary-index projection-type must be ALL, INCLUDE, or KEYS_ONLY.

Rule logic
For each
input.global-secondary-index
Require
@each.value.projection-type == 'ALL'
|| @each.value.projection-type == 'INCLUDE'
|| @each.value.projection-type == 'KEYS_ONLY'

At most one of global-secondary-index[*].read-capacity or global-secondary-index[*].on-demand-throughput.

At most one of global-secondary-index[*].write-capacity or global-secondary-index[*].on-demand-throughput.

global-secondary-index read-capacity and write-capacity are required and at least 1 when billing-mode is PROVISIONED.

Rule logic
For each
input.global-secondary-index
When
input.billing-mode == 'PROVISIONED'
Require
@each.value.read-capacity != null
&& (@each.value.read-capacity == null || @each.value.read-capacity >= 1)
&& @each.value.write-capacity != null
&& (@each.value.write-capacity == null || @each.value.write-capacity >= 1)

global-secondary-index read-capacity and write-capacity must be unset when billing-mode is PAY_PER_REQUEST.

Rule logic
For each
input.global-secondary-index
When
input.billing-mode == 'PAY_PER_REQUEST'
Require
@each.value.read-capacity == null
&& @each.value.write-capacity == null

Outputs

arn

string

stream-arn

string

stream-label

string