Share via


Microsoft.AwsConnector dynamoDBTables 2024-12-01

Bicep resource definition

The dynamoDBTables resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.AwsConnector/dynamoDBTables resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.AwsConnector/dynamoDBTables@2024-12-01' = {
  location: 'string'
  name: 'string'
  properties: {
    arn: 'string'
    awsAccountId: 'string'
    awsProperties: {
      arn: 'string'
      attributeDefinitions: [
        {
          attributeName: 'string'
          attributeType: 'string'
        }
      ]
      billingMode: 'string'
      contributorInsightsSpecification: {
        enabled: bool
      }
      deletionProtectionEnabled: bool
      globalSecondaryIndexes: [
        {
          contributorInsightsSpecification: {
            enabled: bool
          }
          indexName: 'string'
          keySchema: [
            {
              attributeName: 'string'
              keyType: 'string'
            }
          ]
          projection: {
            nonKeyAttributes: [
              'string'
            ]
            projectionType: 'string'
          }
          provisionedThroughput: {
            readCapacityUnits: int
            writeCapacityUnits: int
          }
        }
      ]
      importSourceSpecification: {
        inputCompressionType: 'string'
        inputFormat: 'string'
        inputFormatOptions: {
          csv: {
            delimiter: 'string'
            headerList: [
              'string'
            ]
          }
        }
        s3BucketSource: {
          s3Bucket: 'string'
          s3BucketOwner: 'string'
          s3KeyPrefix: 'string'
        }
      }
      keySchema: [
        {
          attributeName: 'string'
          keyType: 'string'
        }
      ]
      kinesisStreamSpecification: {
        approximateCreationDateTimePrecision: 'string'
        streamArn: 'string'
      }
      localSecondaryIndexes: [
        {
          indexName: 'string'
          keySchema: [
            {
              attributeName: 'string'
              keyType: 'string'
            }
          ]
          projection: {
            nonKeyAttributes: [
              'string'
            ]
            projectionType: 'string'
          }
        }
      ]
      pointInTimeRecoverySpecification: {
        pointInTimeRecoveryEnabled: bool
      }
      provisionedThroughput: {
        readCapacityUnits: int
        writeCapacityUnits: int
      }
      resourcePolicy: {
        policyDocument: any(...)
      }
      sseSpecification: {
        kmsMasterKeyId: 'string'
        sseEnabled: bool
        sseType: 'string'
      }
      streamArn: 'string'
      streamSpecification: {
        resourcePolicy: {
          policyDocument: any(...)
        }
        streamViewType: 'string'
      }
      tableClass: 'string'
      tableName: 'string'
      tags: [
        {
          key: 'string'
          value: 'string'
        }
      ]
      timeToLiveSpecification: {
        attributeName: 'string'
        enabled: bool
      }
    }
    awsRegion: 'string'
    awsSourceSchema: 'string'
    awsTags: {
      {customized property}: 'string'
    }
    publicCloudConnectorsResourceId: 'string'
    publicCloudResourceName: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.AwsConnector/dynamoDBTables

Name Description Value
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required)
properties The resource-specific properties for this resource. DynamoDBTableProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

AttributeDefinition

Name Description Value
attributeName A name for the attribute. string
attributeType The data type for the attribute, where: + S - the attribute is of type String + N - the attribute is of type Number + B - the attribute is of type Binary string

AwsDynamoDBTableProperties

Name Description Value
arn Property arn string
attributeDefinitions A list of attributes that describe the key schema for the table and indexes. This property is required to create a DDB table. Update requires: Some interruptions. Replacement if you edit an existing AttributeDefinition. AttributeDefinition[]
billingMode Specify how you are charged for read and write throughput and how you manage capacity. Valid values include: + PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode. + PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode. If not specified, the default is PROVISIONED. string
contributorInsightsSpecification The settings used to enable or disable CloudWatch Contributor Insights for the specified table. The settings used to enable or disable CloudWatch Contributor Insights. ContributorInsightsSpecification
deletionProtectionEnabled Determines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see Using deletion protection in the Developer Guide. bool
globalSecondaryIndexes Global secondary indexes to be created on the table. You can create up to 20 global secondary indexes. If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE. You can track its status by using the DynamoDB DescribeTable command. If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. Updates are not supported. The following are exceptions: + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. GlobalSecondaryIndex[]
importSourceSpecification Specifies the properties of data being imported from the S3 bucket source to the table. If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification, the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. Specifies the properties of data being imported from the S3 bucket source to the table. ImportSourceSpecification
keySchema Specifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property. KeySchema[]
kinesisStreamSpecification The Kinesis Data Streams configuration for the specified table. The Kinesis Data Streams configuration for the specified table. KinesisStreamSpecification
localSecondaryIndexes Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. LocalSecondaryIndex[]
pointInTimeRecoverySpecification The settings used to enable point in time recovery. The settings used to enable point in time recovery. PointInTimeRecoverySpecification
provisionedThroughput Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Amazon DynamoDB Table ProvisionedThroughput. If you set BillingMode as PROVISIONED, you must specify this property. If you set BillingMode as PAY_PER_REQUEST, you cannot specify this property. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. ProvisionedThroughput
resourcePolicy A resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. When you attach a resource-based policy while creating a table, the policy creation is strongly consistent. For information about the considerations that you should keep in mind while attaching a resource-based policy, see Resource-based policy considerations. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. ResourcePolicy
sseSpecification Specifies the settings to enable server-side encryption. Represents the settings used to enable server-side encryption. SSESpecification
streamArn Property streamArn string
streamSpecification The settings for the DDB table stream, which capture changes to items stored in the table. Represents the DynamoDB Streams configuration for a table in DynamoDB. StreamSpecification
tableClass The table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS. string
tableName A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see Name Type. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. string
tags An array of key-value pairs to apply to this resource. For more information, see Tag. TagAutoGenerated8[]
timeToLiveSpecification Specifies the Time to Live (TTL) settings for the table. For detailed information about the limits in DynamoDB, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide. Represents the settings used to enable or disable Time to Live (TTL) for the specified table. TimeToLiveSpecification

ContributorInsightsSpecification

Name Description Value
enabled Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false). bool

Csv

Name Description Value
delimiter The delimiter used for separating items in the CSV file being imported. string
headerList List of the headers used to specify a common header for all source CSV files being imported. If this field is specified then the first line of each CSV file is treated as data instead of the header. If this field is not specified the the first line of each CSV file is treated as the header. string[]

DynamoDBTableProperties

Name Description Value
arn Amazon Resource Name (ARN) string
awsAccountId AWS Account ID string
awsProperties AWS Properties AwsDynamoDBTableProperties
awsRegion AWS Region string
awsSourceSchema AWS Source Schema string
awsTags AWS Tags DynamoDBTablePropertiesAwsTags
publicCloudConnectorsResourceId Public Cloud Connectors Resource ID string
publicCloudResourceName Public Cloud Resource Name string

DynamoDBTablePropertiesAwsTags

Name Description Value

GlobalSecondaryIndex

Name Description Value
contributorInsightsSpecification The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index. The settings used to enable or disable CloudWatch Contributor Insights. ContributorInsightsSpecification
indexName The name of the global secondary index. The name must be unique among all other indexes on this table. string
keySchema The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. KeySchema[]
projection Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Projection
provisionedThroughput Represents the provisioned throughput settings for the specified global secondary index. For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. ProvisionedThroughput

ImportSourceSpecification

Name Description Value
inputCompressionType Type of compression to be used on the input coming from the imported table. string
inputFormat The format of the source data. Valid values for ImportFormat are CSV, DYNAMODB_JSON or ION. string
inputFormatOptions Additional properties that specify how the input is formatted, The format options for the data that was imported into the target table. There is one value, CsvOption. InputFormatOptions
s3BucketSource The S3 bucket that provides the source for the import. The S3 bucket that is being imported from. S3BucketSource

InputFormatOptions

Name Description Value
csv The options for imported source files in CSV format. The values are Delimiter and HeaderList. The options for imported source files in CSV format. The values are Delimiter and HeaderList. Csv

KeySchema

Name Description Value
attributeName The name of a key attribute. string
keyType The role that this key attribute will assume: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. string

KinesisStreamSpecification

Name Description Value
approximateCreationDateTimePrecision The precision for the time and date that the stream was created. 'MICROSECOND'
'MILLISECOND'
streamArn The ARN for a specific Kinesis data stream. Length Constraints: Minimum length of 37. Maximum length of 1024. string

LocalSecondaryIndex

Name Description Value
indexName The name of the local secondary index. The name must be unique among all other indexes on this table. string
keySchema The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. KeySchema[]
projection Represents attributes that are copied (projected) from the table into the local secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Projection

PointInTimeRecoverySpecification

Name Description Value
pointInTimeRecoveryEnabled Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. bool

Projection

Name Description Value
nonKeyAttributes Represents the non-key attribute names which will be projected into the index. For local secondary indexes, the total count of NonKeyAttributes summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. string[]
projectionType The set of attributes that are projected into the index: + KEYS_ONLY - Only the index and primary keys are projected into the index. + INCLUDE - In addition to the attributes described in KEYS_ONLY, the secondary index will include other non-key attributes that you specify. + ALL - All of the table attributes are projected into the index. When using the DynamoDB console, ALL is selected by default. string

ProvisionedThroughput

Name Description Value
readCapacityUnits The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException. For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. int
writeCapacityUnits The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException. For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. int

ResourcePolicy

Name Description Value
policyDocument A resource-based policy document that contains permissions to add to the specified DDB table, index, or both. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. any

S3BucketSource

Name Description Value
s3Bucket The S3 bucket that is being imported from. string
s3BucketOwner The account number of the S3 bucket that is being imported from. If the bucket is owned by the requester this is optional. string
s3KeyPrefix The key prefix shared by all S3 Objects that are being imported. string

SSESpecification

Name Description Value
kmsMasterKeyId The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key alias/aws/dynamodb. string
sseEnabled Indicates whether server-side encryption is done using an AWS managed key or an AWS owned key. If enabled (true), server-side encryption type is set to KMS and an AWS managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned key. bool
sseType Server-side encryption type. The only supported value is: + KMS - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply). string

StreamSpecification

Name Description Value
resourcePolicy Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. ResourcePolicy
streamViewType When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Valid values for StreamViewType are: + KEYS_ONLY - Only the key attributes of the modified item are written to the stream. + NEW_IMAGE - The entire item, as it appears after it was modified, is written to the stream. + OLD_IMAGE - The entire item, as it appeared before it was modified, is written to the stream. + NEW_AND_OLD_IMAGES - Both the new and the old item images of the item are written to the stream. string

TagAutoGenerated8

Name Description Value
key The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. string
value The value of the tag. Tag values are case-sensitive and can be null. string

TimeToLiveSpecification

Name Description Value
attributeName The name of the TTL attribute used to store the expiration time for items in the table. + The AttributeName property is required when enabling the TTL, or when TTL is already enabled. + To update this property, you must first disable TTL and then enable TTL with the new attribute name. string
enabled Indicates whether TTL is to be enabled (true) or disabled (false) on the table. bool

TrackedResourceTags

Name Description Value

ARM template resource definition

The dynamoDBTables resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.AwsConnector/dynamoDBTables resource, add the following JSON to your template.

{
  "type": "Microsoft.AwsConnector/dynamoDBTables",
  "apiVersion": "2024-12-01",
  "name": "string",
  "location": "string",
  "properties": {
    "arn": "string",
    "awsAccountId": "string",
    "awsProperties": {
      "arn": "string",
      "attributeDefinitions": [
        {
          "attributeName": "string",
          "attributeType": "string"
        }
      ],
      "billingMode": "string",
      "contributorInsightsSpecification": {
        "enabled": "bool"
      },
      "deletionProtectionEnabled": "bool",
      "globalSecondaryIndexes": [
        {
          "contributorInsightsSpecification": {
            "enabled": "bool"
          },
          "indexName": "string",
          "keySchema": [
            {
              "attributeName": "string",
              "keyType": "string"
            }
          ],
          "projection": {
            "nonKeyAttributes": [ "string" ],
            "projectionType": "string"
          },
          "provisionedThroughput": {
            "readCapacityUnits": "int",
            "writeCapacityUnits": "int"
          }
        }
      ],
      "importSourceSpecification": {
        "inputCompressionType": "string",
        "inputFormat": "string",
        "inputFormatOptions": {
          "csv": {
            "delimiter": "string",
            "headerList": [ "string" ]
          }
        },
        "s3BucketSource": {
          "s3Bucket": "string",
          "s3BucketOwner": "string",
          "s3KeyPrefix": "string"
        }
      },
      "keySchema": [
        {
          "attributeName": "string",
          "keyType": "string"
        }
      ],
      "kinesisStreamSpecification": {
        "approximateCreationDateTimePrecision": "string",
        "streamArn": "string"
      },
      "localSecondaryIndexes": [
        {
          "indexName": "string",
          "keySchema": [
            {
              "attributeName": "string",
              "keyType": "string"
            }
          ],
          "projection": {
            "nonKeyAttributes": [ "string" ],
            "projectionType": "string"
          }
        }
      ],
      "pointInTimeRecoverySpecification": {
        "pointInTimeRecoveryEnabled": "bool"
      },
      "provisionedThroughput": {
        "readCapacityUnits": "int",
        "writeCapacityUnits": "int"
      },
      "resourcePolicy": {
        "policyDocument": {}
      },
      "sseSpecification": {
        "kmsMasterKeyId": "string",
        "sseEnabled": "bool",
        "sseType": "string"
      },
      "streamArn": "string",
      "streamSpecification": {
        "resourcePolicy": {
          "policyDocument": {}
        },
        "streamViewType": "string"
      },
      "tableClass": "string",
      "tableName": "string",
      "tags": [
        {
          "key": "string",
          "value": "string"
        }
      ],
      "timeToLiveSpecification": {
        "attributeName": "string",
        "enabled": "bool"
      }
    },
    "awsRegion": "string",
    "awsSourceSchema": "string",
    "awsTags": {
      "{customized property}": "string"
    },
    "publicCloudConnectorsResourceId": "string",
    "publicCloudResourceName": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.AwsConnector/dynamoDBTables

Name Description Value
apiVersion The api version '2024-12-01'
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required)
properties The resource-specific properties for this resource. DynamoDBTableProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.AwsConnector/dynamoDBTables'

AttributeDefinition

Name Description Value
attributeName A name for the attribute. string
attributeType The data type for the attribute, where: + S - the attribute is of type String + N - the attribute is of type Number + B - the attribute is of type Binary string

AwsDynamoDBTableProperties

Name Description Value
arn Property arn string
attributeDefinitions A list of attributes that describe the key schema for the table and indexes. This property is required to create a DDB table. Update requires: Some interruptions. Replacement if you edit an existing AttributeDefinition. AttributeDefinition[]
billingMode Specify how you are charged for read and write throughput and how you manage capacity. Valid values include: + PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode. + PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode. If not specified, the default is PROVISIONED. string
contributorInsightsSpecification The settings used to enable or disable CloudWatch Contributor Insights for the specified table. The settings used to enable or disable CloudWatch Contributor Insights. ContributorInsightsSpecification
deletionProtectionEnabled Determines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see Using deletion protection in the Developer Guide. bool
globalSecondaryIndexes Global secondary indexes to be created on the table. You can create up to 20 global secondary indexes. If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE. You can track its status by using the DynamoDB DescribeTable command. If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. Updates are not supported. The following are exceptions: + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. GlobalSecondaryIndex[]
importSourceSpecification Specifies the properties of data being imported from the S3 bucket source to the table. If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification, the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. Specifies the properties of data being imported from the S3 bucket source to the table. ImportSourceSpecification
keySchema Specifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property. KeySchema[]
kinesisStreamSpecification The Kinesis Data Streams configuration for the specified table. The Kinesis Data Streams configuration for the specified table. KinesisStreamSpecification
localSecondaryIndexes Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. LocalSecondaryIndex[]
pointInTimeRecoverySpecification The settings used to enable point in time recovery. The settings used to enable point in time recovery. PointInTimeRecoverySpecification
provisionedThroughput Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Amazon DynamoDB Table ProvisionedThroughput. If you set BillingMode as PROVISIONED, you must specify this property. If you set BillingMode as PAY_PER_REQUEST, you cannot specify this property. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. ProvisionedThroughput
resourcePolicy A resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. When you attach a resource-based policy while creating a table, the policy creation is strongly consistent. For information about the considerations that you should keep in mind while attaching a resource-based policy, see Resource-based policy considerations. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. ResourcePolicy
sseSpecification Specifies the settings to enable server-side encryption. Represents the settings used to enable server-side encryption. SSESpecification
streamArn Property streamArn string
streamSpecification The settings for the DDB table stream, which capture changes to items stored in the table. Represents the DynamoDB Streams configuration for a table in DynamoDB. StreamSpecification
tableClass The table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS. string
tableName A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see Name Type. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. string
tags An array of key-value pairs to apply to this resource. For more information, see Tag. TagAutoGenerated8[]
timeToLiveSpecification Specifies the Time to Live (TTL) settings for the table. For detailed information about the limits in DynamoDB, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide. Represents the settings used to enable or disable Time to Live (TTL) for the specified table. TimeToLiveSpecification

ContributorInsightsSpecification

Name Description Value
enabled Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false). bool

Csv

Name Description Value
delimiter The delimiter used for separating items in the CSV file being imported. string
headerList List of the headers used to specify a common header for all source CSV files being imported. If this field is specified then the first line of each CSV file is treated as data instead of the header. If this field is not specified the the first line of each CSV file is treated as the header. string[]

DynamoDBTableProperties

Name Description Value
arn Amazon Resource Name (ARN) string
awsAccountId AWS Account ID string
awsProperties AWS Properties AwsDynamoDBTableProperties
awsRegion AWS Region string
awsSourceSchema AWS Source Schema string
awsTags AWS Tags DynamoDBTablePropertiesAwsTags
publicCloudConnectorsResourceId Public Cloud Connectors Resource ID string
publicCloudResourceName Public Cloud Resource Name string

DynamoDBTablePropertiesAwsTags

Name Description Value

GlobalSecondaryIndex

Name Description Value
contributorInsightsSpecification The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index. The settings used to enable or disable CloudWatch Contributor Insights. ContributorInsightsSpecification
indexName The name of the global secondary index. The name must be unique among all other indexes on this table. string
keySchema The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. KeySchema[]
projection Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Projection
provisionedThroughput Represents the provisioned throughput settings for the specified global secondary index. For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. ProvisionedThroughput

ImportSourceSpecification

Name Description Value
inputCompressionType Type of compression to be used on the input coming from the imported table. string
inputFormat The format of the source data. Valid values for ImportFormat are CSV, DYNAMODB_JSON or ION. string
inputFormatOptions Additional properties that specify how the input is formatted, The format options for the data that was imported into the target table. There is one value, CsvOption. InputFormatOptions
s3BucketSource The S3 bucket that provides the source for the import. The S3 bucket that is being imported from. S3BucketSource

InputFormatOptions

Name Description Value
csv The options for imported source files in CSV format. The values are Delimiter and HeaderList. The options for imported source files in CSV format. The values are Delimiter and HeaderList. Csv

KeySchema

Name Description Value
attributeName The name of a key attribute. string
keyType The role that this key attribute will assume: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. string

KinesisStreamSpecification

Name Description Value
approximateCreationDateTimePrecision The precision for the time and date that the stream was created. 'MICROSECOND'
'MILLISECOND'
streamArn The ARN for a specific Kinesis data stream. Length Constraints: Minimum length of 37. Maximum length of 1024. string

LocalSecondaryIndex

Name Description Value
indexName The name of the local secondary index. The name must be unique among all other indexes on this table. string
keySchema The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. KeySchema[]
projection Represents attributes that are copied (projected) from the table into the local secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Projection

PointInTimeRecoverySpecification

Name Description Value
pointInTimeRecoveryEnabled Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. bool

Projection

Name Description Value
nonKeyAttributes Represents the non-key attribute names which will be projected into the index. For local secondary indexes, the total count of NonKeyAttributes summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. string[]
projectionType The set of attributes that are projected into the index: + KEYS_ONLY - Only the index and primary keys are projected into the index. + INCLUDE - In addition to the attributes described in KEYS_ONLY, the secondary index will include other non-key attributes that you specify. + ALL - All of the table attributes are projected into the index. When using the DynamoDB console, ALL is selected by default. string

ProvisionedThroughput

Name Description Value
readCapacityUnits The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException. For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. int
writeCapacityUnits The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException. For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. int

ResourcePolicy

Name Description Value
policyDocument A resource-based policy document that contains permissions to add to the specified DDB table, index, or both. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. any

S3BucketSource

Name Description Value
s3Bucket The S3 bucket that is being imported from. string
s3BucketOwner The account number of the S3 bucket that is being imported from. If the bucket is owned by the requester this is optional. string
s3KeyPrefix The key prefix shared by all S3 Objects that are being imported. string

SSESpecification

Name Description Value
kmsMasterKeyId The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key alias/aws/dynamodb. string
sseEnabled Indicates whether server-side encryption is done using an AWS managed key or an AWS owned key. If enabled (true), server-side encryption type is set to KMS and an AWS managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned key. bool
sseType Server-side encryption type. The only supported value is: + KMS - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply). string

StreamSpecification

Name Description Value
resourcePolicy Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. ResourcePolicy
streamViewType When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Valid values for StreamViewType are: + KEYS_ONLY - Only the key attributes of the modified item are written to the stream. + NEW_IMAGE - The entire item, as it appears after it was modified, is written to the stream. + OLD_IMAGE - The entire item, as it appeared before it was modified, is written to the stream. + NEW_AND_OLD_IMAGES - Both the new and the old item images of the item are written to the stream. string

TagAutoGenerated8

Name Description Value
key The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. string
value The value of the tag. Tag values are case-sensitive and can be null. string

TimeToLiveSpecification

Name Description Value
attributeName The name of the TTL attribute used to store the expiration time for items in the table. + The AttributeName property is required when enabling the TTL, or when TTL is already enabled. + To update this property, you must first disable TTL and then enable TTL with the new attribute name. string
enabled Indicates whether TTL is to be enabled (true) or disabled (false) on the table. bool

TrackedResourceTags

Name Description Value

Usage Examples

Terraform (AzAPI provider) resource definition

The dynamoDBTables resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.AwsConnector/dynamoDBTables resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.AwsConnector/dynamoDBTables@2024-12-01"
  name = "string"
  parent_id = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      arn = "string"
      awsAccountId = "string"
      awsProperties = {
        arn = "string"
        attributeDefinitions = [
          {
            attributeName = "string"
            attributeType = "string"
          }
        ]
        billingMode = "string"
        contributorInsightsSpecification = {
          enabled = bool
        }
        deletionProtectionEnabled = bool
        globalSecondaryIndexes = [
          {
            contributorInsightsSpecification = {
              enabled = bool
            }
            indexName = "string"
            keySchema = [
              {
                attributeName = "string"
                keyType = "string"
              }
            ]
            projection = {
              nonKeyAttributes = [
                "string"
              ]
              projectionType = "string"
            }
            provisionedThroughput = {
              readCapacityUnits = int
              writeCapacityUnits = int
            }
          }
        ]
        importSourceSpecification = {
          inputCompressionType = "string"
          inputFormat = "string"
          inputFormatOptions = {
            csv = {
              delimiter = "string"
              headerList = [
                "string"
              ]
            }
          }
          s3BucketSource = {
            s3Bucket = "string"
            s3BucketOwner = "string"
            s3KeyPrefix = "string"
          }
        }
        keySchema = [
          {
            attributeName = "string"
            keyType = "string"
          }
        ]
        kinesisStreamSpecification = {
          approximateCreationDateTimePrecision = "string"
          streamArn = "string"
        }
        localSecondaryIndexes = [
          {
            indexName = "string"
            keySchema = [
              {
                attributeName = "string"
                keyType = "string"
              }
            ]
            projection = {
              nonKeyAttributes = [
                "string"
              ]
              projectionType = "string"
            }
          }
        ]
        pointInTimeRecoverySpecification = {
          pointInTimeRecoveryEnabled = bool
        }
        provisionedThroughput = {
          readCapacityUnits = int
          writeCapacityUnits = int
        }
        resourcePolicy = {
          policyDocument = ?
        }
        sseSpecification = {
          kmsMasterKeyId = "string"
          sseEnabled = bool
          sseType = "string"
        }
        streamArn = "string"
        streamSpecification = {
          resourcePolicy = {
            policyDocument = ?
          }
          streamViewType = "string"
        }
        tableClass = "string"
        tableName = "string"
        tags = [
          {
            key = "string"
            value = "string"
          }
        ]
        timeToLiveSpecification = {
          attributeName = "string"
          enabled = bool
        }
      }
      awsRegion = "string"
      awsSourceSchema = "string"
      awsTags = {
        {customized property} = "string"
      }
      publicCloudConnectorsResourceId = "string"
      publicCloudResourceName = "string"
    }
  }
}

Property Values

Microsoft.AwsConnector/dynamoDBTables

Name Description Value
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required)
properties The resource-specific properties for this resource. DynamoDBTableProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.AwsConnector/dynamoDBTables@2024-12-01"

AttributeDefinition

Name Description Value
attributeName A name for the attribute. string
attributeType The data type for the attribute, where: + S - the attribute is of type String + N - the attribute is of type Number + B - the attribute is of type Binary string

AwsDynamoDBTableProperties

Name Description Value
arn Property arn string
attributeDefinitions A list of attributes that describe the key schema for the table and indexes. This property is required to create a DDB table. Update requires: Some interruptions. Replacement if you edit an existing AttributeDefinition. AttributeDefinition[]
billingMode Specify how you are charged for read and write throughput and how you manage capacity. Valid values include: + PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode. + PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode. If not specified, the default is PROVISIONED. string
contributorInsightsSpecification The settings used to enable or disable CloudWatch Contributor Insights for the specified table. The settings used to enable or disable CloudWatch Contributor Insights. ContributorInsightsSpecification
deletionProtectionEnabled Determines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see Using deletion protection in the Developer Guide. bool
globalSecondaryIndexes Global secondary indexes to be created on the table. You can create up to 20 global secondary indexes. If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE. You can track its status by using the DynamoDB DescribeTable command. If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. Updates are not supported. The following are exceptions: + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. GlobalSecondaryIndex[]
importSourceSpecification Specifies the properties of data being imported from the S3 bucket source to the table. If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification, the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. Specifies the properties of data being imported from the S3 bucket source to the table. ImportSourceSpecification
keySchema Specifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property. KeySchema[]
kinesisStreamSpecification The Kinesis Data Streams configuration for the specified table. The Kinesis Data Streams configuration for the specified table. KinesisStreamSpecification
localSecondaryIndexes Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. LocalSecondaryIndex[]
pointInTimeRecoverySpecification The settings used to enable point in time recovery. The settings used to enable point in time recovery. PointInTimeRecoverySpecification
provisionedThroughput Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Amazon DynamoDB Table ProvisionedThroughput. If you set BillingMode as PROVISIONED, you must specify this property. If you set BillingMode as PAY_PER_REQUEST, you cannot specify this property. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. ProvisionedThroughput
resourcePolicy A resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. When you attach a resource-based policy while creating a table, the policy creation is strongly consistent. For information about the considerations that you should keep in mind while attaching a resource-based policy, see Resource-based policy considerations. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. ResourcePolicy
sseSpecification Specifies the settings to enable server-side encryption. Represents the settings used to enable server-side encryption. SSESpecification
streamArn Property streamArn string
streamSpecification The settings for the DDB table stream, which capture changes to items stored in the table. Represents the DynamoDB Streams configuration for a table in DynamoDB. StreamSpecification
tableClass The table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS. string
tableName A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see Name Type. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. string
tags An array of key-value pairs to apply to this resource. For more information, see Tag. TagAutoGenerated8[]
timeToLiveSpecification Specifies the Time to Live (TTL) settings for the table. For detailed information about the limits in DynamoDB, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide. Represents the settings used to enable or disable Time to Live (TTL) for the specified table. TimeToLiveSpecification

ContributorInsightsSpecification

Name Description Value
enabled Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false). bool

Csv

Name Description Value
delimiter The delimiter used for separating items in the CSV file being imported. string
headerList List of the headers used to specify a common header for all source CSV files being imported. If this field is specified then the first line of each CSV file is treated as data instead of the header. If this field is not specified the the first line of each CSV file is treated as the header. string[]

DynamoDBTableProperties

Name Description Value
arn Amazon Resource Name (ARN) string
awsAccountId AWS Account ID string
awsProperties AWS Properties AwsDynamoDBTableProperties
awsRegion AWS Region string
awsSourceSchema AWS Source Schema string
awsTags AWS Tags DynamoDBTablePropertiesAwsTags
publicCloudConnectorsResourceId Public Cloud Connectors Resource ID string
publicCloudResourceName Public Cloud Resource Name string

DynamoDBTablePropertiesAwsTags

Name Description Value

GlobalSecondaryIndex

Name Description Value
contributorInsightsSpecification The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index. The settings used to enable or disable CloudWatch Contributor Insights. ContributorInsightsSpecification
indexName The name of the global secondary index. The name must be unique among all other indexes on this table. string
keySchema The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. KeySchema[]
projection Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Projection
provisionedThroughput Represents the provisioned throughput settings for the specified global secondary index. For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. ProvisionedThroughput

ImportSourceSpecification

Name Description Value
inputCompressionType Type of compression to be used on the input coming from the imported table. string
inputFormat The format of the source data. Valid values for ImportFormat are CSV, DYNAMODB_JSON or ION. string
inputFormatOptions Additional properties that specify how the input is formatted, The format options for the data that was imported into the target table. There is one value, CsvOption. InputFormatOptions
s3BucketSource The S3 bucket that provides the source for the import. The S3 bucket that is being imported from. S3BucketSource

InputFormatOptions

Name Description Value
csv The options for imported source files in CSV format. The values are Delimiter and HeaderList. The options for imported source files in CSV format. The values are Delimiter and HeaderList. Csv

KeySchema

Name Description Value
attributeName The name of a key attribute. string
keyType The role that this key attribute will assume: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. string

KinesisStreamSpecification

Name Description Value
approximateCreationDateTimePrecision The precision for the time and date that the stream was created. 'MICROSECOND'
'MILLISECOND'
streamArn The ARN for a specific Kinesis data stream. Length Constraints: Minimum length of 37. Maximum length of 1024. string

LocalSecondaryIndex

Name Description Value
indexName The name of the local secondary index. The name must be unique among all other indexes on this table. string
keySchema The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. KeySchema[]
projection Represents attributes that are copied (projected) from the table into the local secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Projection

PointInTimeRecoverySpecification

Name Description Value
pointInTimeRecoveryEnabled Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. bool

Projection

Name Description Value
nonKeyAttributes Represents the non-key attribute names which will be projected into the index. For local secondary indexes, the total count of NonKeyAttributes summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. string[]
projectionType The set of attributes that are projected into the index: + KEYS_ONLY - Only the index and primary keys are projected into the index. + INCLUDE - In addition to the attributes described in KEYS_ONLY, the secondary index will include other non-key attributes that you specify. + ALL - All of the table attributes are projected into the index. When using the DynamoDB console, ALL is selected by default. string

ProvisionedThroughput

Name Description Value
readCapacityUnits The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException. For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. int
writeCapacityUnits The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException. For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. int

ResourcePolicy

Name Description Value
policyDocument A resource-based policy document that contains permissions to add to the specified DDB table, index, or both. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. any

S3BucketSource

Name Description Value
s3Bucket The S3 bucket that is being imported from. string
s3BucketOwner The account number of the S3 bucket that is being imported from. If the bucket is owned by the requester this is optional. string
s3KeyPrefix The key prefix shared by all S3 Objects that are being imported. string

SSESpecification

Name Description Value
kmsMasterKeyId The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key alias/aws/dynamodb. string
sseEnabled Indicates whether server-side encryption is done using an AWS managed key or an AWS owned key. If enabled (true), server-side encryption type is set to KMS and an AWS managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned key. bool
sseType Server-side encryption type. The only supported value is: + KMS - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply). string

StreamSpecification

Name Description Value
resourcePolicy Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. ResourcePolicy
streamViewType When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Valid values for StreamViewType are: + KEYS_ONLY - Only the key attributes of the modified item are written to the stream. + NEW_IMAGE - The entire item, as it appears after it was modified, is written to the stream. + OLD_IMAGE - The entire item, as it appeared before it was modified, is written to the stream. + NEW_AND_OLD_IMAGES - Both the new and the old item images of the item are written to the stream. string

TagAutoGenerated8

Name Description Value
key The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. string
value The value of the tag. Tag values are case-sensitive and can be null. string

TimeToLiveSpecification

Name Description Value
attributeName The name of the TTL attribute used to store the expiration time for items in the table. + The AttributeName property is required when enabling the TTL, or when TTL is already enabled. + To update this property, you must first disable TTL and then enable TTL with the new attribute name. string
enabled Indicates whether TTL is to be enabled (true) or disabled (false) on the table. bool

TrackedResourceTags

Name Description Value