Bicep resource definition
The dynamoDBTables resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.AwsConnector/dynamoDBTables resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AwsConnector/dynamoDBTables@2024-12-01' = {
location: 'string'
name: 'string'
properties: {
arn: 'string'
awsAccountId: 'string'
awsProperties: {
arn: 'string'
attributeDefinitions: [
{
attributeName: 'string'
attributeType: 'string'
}
]
billingMode: 'string'
contributorInsightsSpecification: {
enabled: bool
}
deletionProtectionEnabled: bool
globalSecondaryIndexes: [
{
contributorInsightsSpecification: {
enabled: bool
}
indexName: 'string'
keySchema: [
{
attributeName: 'string'
keyType: 'string'
}
]
projection: {
nonKeyAttributes: [
'string'
]
projectionType: 'string'
}
provisionedThroughput: {
readCapacityUnits: int
writeCapacityUnits: int
}
}
]
importSourceSpecification: {
inputCompressionType: 'string'
inputFormat: 'string'
inputFormatOptions: {
csv: {
delimiter: 'string'
headerList: [
'string'
]
}
}
s3BucketSource: {
s3Bucket: 'string'
s3BucketOwner: 'string'
s3KeyPrefix: 'string'
}
}
keySchema: [
{
attributeName: 'string'
keyType: 'string'
}
]
kinesisStreamSpecification: {
approximateCreationDateTimePrecision: 'string'
streamArn: 'string'
}
localSecondaryIndexes: [
{
indexName: 'string'
keySchema: [
{
attributeName: 'string'
keyType: 'string'
}
]
projection: {
nonKeyAttributes: [
'string'
]
projectionType: 'string'
}
}
]
pointInTimeRecoverySpecification: {
pointInTimeRecoveryEnabled: bool
}
provisionedThroughput: {
readCapacityUnits: int
writeCapacityUnits: int
}
resourcePolicy: {
policyDocument: any(...)
}
sseSpecification: {
kmsMasterKeyId: 'string'
sseEnabled: bool
sseType: 'string'
}
streamArn: 'string'
streamSpecification: {
resourcePolicy: {
policyDocument: any(...)
}
streamViewType: 'string'
}
tableClass: 'string'
tableName: 'string'
tags: [
{
key: 'string'
value: 'string'
}
]
timeToLiveSpecification: {
attributeName: 'string'
enabled: bool
}
}
awsRegion: 'string'
awsSourceSchema: 'string'
awsTags: {
{customized property}: 'string'
}
publicCloudConnectorsResourceId: 'string'
publicCloudResourceName: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.AwsConnector/dynamoDBTables
Name |
Description |
Value |
location |
The geo-location where the resource lives |
string (required) |
name |
The resource name |
string
Constraints: Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required) |
properties |
The resource-specific properties for this resource. |
DynamoDBTableProperties |
tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
AttributeDefinition
Name |
Description |
Value |
attributeName |
A name for the attribute. |
string |
attributeType |
The data type for the attribute, where: + S - the attribute is of type String + N - the attribute is of type Number + B - the attribute is of type Binary |
string |
AwsDynamoDBTableProperties
Name |
Description |
Value |
arn |
Property arn |
string |
attributeDefinitions |
A list of attributes that describe the key schema for the table and indexes. This property is required to create a DDB table. Update requires: Some interruptions. Replacement if you edit an existing AttributeDefinition. |
AttributeDefinition[] |
billingMode |
Specify how you are charged for read and write throughput and how you manage capacity. Valid values include: + PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode. + PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode. If not specified, the default is PROVISIONED . |
string |
contributorInsightsSpecification |
The settings used to enable or disable CloudWatch Contributor Insights for the specified table. The settings used to enable or disable CloudWatch Contributor Insights. |
ContributorInsightsSpecification |
deletionProtectionEnabled |
Determines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see Using deletion protection in the Developer Guide. |
bool |
globalSecondaryIndexes |
Global secondary indexes to be created on the table. You can create up to 20 global secondary indexes. If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE . You can track its status by using the DynamoDB DescribeTable command. If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. Updates are not supported. The following are exceptions: + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. |
GlobalSecondaryIndex[] |
importSourceSpecification |
Specifies the properties of data being imported from the S3 bucket source to the table. If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification , the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. Specifies the properties of data being imported from the S3 bucket source to the table. |
ImportSourceSpecification |
keySchema |
Specifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property. |
KeySchema[] |
kinesisStreamSpecification |
The Kinesis Data Streams configuration for the specified table. The Kinesis Data Streams configuration for the specified table. |
KinesisStreamSpecification |
localSecondaryIndexes |
Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. |
LocalSecondaryIndex[] |
pointInTimeRecoverySpecification |
The settings used to enable point in time recovery. The settings used to enable point in time recovery. |
PointInTimeRecoverySpecification |
provisionedThroughput |
Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Amazon DynamoDB Table ProvisionedThroughput. If you set BillingMode as PROVISIONED , you must specify this property. If you set BillingMode as PAY_PER_REQUEST , you cannot specify this property. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. |
ProvisionedThroughput |
resourcePolicy |
A resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. When you attach a resource-based policy while creating a table, the policy creation is strongly consistent. For information about the considerations that you should keep in mind while attaching a resource-based policy, see Resource-based policy considerations. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. |
ResourcePolicy |
sseSpecification |
Specifies the settings to enable server-side encryption. Represents the settings used to enable server-side encryption. |
SSESpecification |
streamArn |
Property streamArn |
string |
streamSpecification |
The settings for the DDB table stream, which capture changes to items stored in the table. Represents the DynamoDB Streams configuration for a table in DynamoDB. |
StreamSpecification |
tableClass |
The table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS . |
string |
tableName |
A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see Name Type. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. |
string |
tags |
An array of key-value pairs to apply to this resource. For more information, see Tag. |
TagAutoGenerated8[] |
timeToLiveSpecification |
Specifies the Time to Live (TTL) settings for the table. For detailed information about the limits in DynamoDB, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide. Represents the settings used to enable or disable Time to Live (TTL) for the specified table. |
TimeToLiveSpecification |
ContributorInsightsSpecification
Name |
Description |
Value |
enabled |
Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false). |
bool |
Csv
Name |
Description |
Value |
delimiter |
The delimiter used for separating items in the CSV file being imported. |
string |
headerList |
List of the headers used to specify a common header for all source CSV files being imported. If this field is specified then the first line of each CSV file is treated as data instead of the header. If this field is not specified the the first line of each CSV file is treated as the header. |
string[] |
DynamoDBTableProperties
Name |
Description |
Value |
arn |
Amazon Resource Name (ARN) |
string |
awsAccountId |
AWS Account ID |
string |
awsProperties |
AWS Properties |
AwsDynamoDBTableProperties |
awsRegion |
AWS Region |
string |
awsSourceSchema |
AWS Source Schema |
string |
awsTags |
AWS Tags |
DynamoDBTablePropertiesAwsTags |
publicCloudConnectorsResourceId |
Public Cloud Connectors Resource ID |
string |
publicCloudResourceName |
Public Cloud Resource Name |
string |
GlobalSecondaryIndex
Name |
Description |
Value |
contributorInsightsSpecification |
The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index. The settings used to enable or disable CloudWatch Contributor Insights. |
ContributorInsightsSpecification |
indexName |
The name of the global secondary index. The name must be unique among all other indexes on this table. |
string |
keySchema |
The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
KeySchema[] |
projection |
Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. |
Projection |
provisionedThroughput |
Represents the provisioned throughput settings for the specified global secondary index. For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. |
ProvisionedThroughput |
ImportSourceSpecification
Name |
Description |
Value |
inputCompressionType |
Type of compression to be used on the input coming from the imported table. |
string |
inputFormat |
The format of the source data. Valid values for ImportFormat are CSV , DYNAMODB_JSON or ION . |
string |
inputFormatOptions |
Additional properties that specify how the input is formatted, The format options for the data that was imported into the target table. There is one value, CsvOption. |
InputFormatOptions |
s3BucketSource |
The S3 bucket that provides the source for the import. The S3 bucket that is being imported from. |
S3BucketSource |
Name |
Description |
Value |
csv |
The options for imported source files in CSV format. The values are Delimiter and HeaderList. The options for imported source files in CSV format. The values are Delimiter and HeaderList. |
Csv |
KeySchema
Name |
Description |
Value |
attributeName |
The name of a key attribute. |
string |
keyType |
The role that this key attribute will assume: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
string |
KinesisStreamSpecification
Name |
Description |
Value |
approximateCreationDateTimePrecision |
The precision for the time and date that the stream was created. |
'MICROSECOND' 'MILLISECOND' |
streamArn |
The ARN for a specific Kinesis data stream. Length Constraints: Minimum length of 37. Maximum length of 1024. |
string |
LocalSecondaryIndex
Name |
Description |
Value |
indexName |
The name of the local secondary index. The name must be unique among all other indexes on this table. |
string |
keySchema |
The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
KeySchema[] |
projection |
Represents attributes that are copied (projected) from the table into the local secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. |
Projection |
PointInTimeRecoverySpecification
Name |
Description |
Value |
pointInTimeRecoveryEnabled |
Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. |
bool |
Projection
Name |
Description |
Value |
nonKeyAttributes |
Represents the non-key attribute names which will be projected into the index. For local secondary indexes, the total count of NonKeyAttributes summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. |
string[] |
projectionType |
The set of attributes that are projected into the index: + KEYS_ONLY - Only the index and primary keys are projected into the index. + INCLUDE - In addition to the attributes described in KEYS_ONLY , the secondary index will include other non-key attributes that you specify. + ALL - All of the table attributes are projected into the index. When using the DynamoDB console, ALL is selected by default. |
string |
ProvisionedThroughput
Name |
Description |
Value |
readCapacityUnits |
The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException . For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. |
int |
writeCapacityUnits |
The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException . For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. |
int |
ResourcePolicy
Name |
Description |
Value |
policyDocument |
A resource-based policy document that contains permissions to add to the specified DDB table, index, or both. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. |
any |
S3BucketSource
Name |
Description |
Value |
s3Bucket |
The S3 bucket that is being imported from. |
string |
s3BucketOwner |
The account number of the S3 bucket that is being imported from. If the bucket is owned by the requester this is optional. |
string |
s3KeyPrefix |
The key prefix shared by all S3 Objects that are being imported. |
string |
SSESpecification
Name |
Description |
Value |
kmsMasterKeyId |
The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key alias/aws/dynamodb . |
string |
sseEnabled |
Indicates whether server-side encryption is done using an AWS managed key or an AWS owned key. If enabled (true), server-side encryption type is set to KMS and an AWS managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned key. |
bool |
sseType |
Server-side encryption type. The only supported value is: + KMS - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply). |
string |
StreamSpecification
Name |
Description |
Value |
resourcePolicy |
Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. |
ResourcePolicy |
streamViewType |
When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Valid values for StreamViewType are: + KEYS_ONLY - Only the key attributes of the modified item are written to the stream. + NEW_IMAGE - The entire item, as it appears after it was modified, is written to the stream. + OLD_IMAGE - The entire item, as it appeared before it was modified, is written to the stream. + NEW_AND_OLD_IMAGES - Both the new and the old item images of the item are written to the stream. |
string |
TagAutoGenerated8
Name |
Description |
Value |
key |
The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. |
string |
value |
The value of the tag. Tag values are case-sensitive and can be null. |
string |
TimeToLiveSpecification
Name |
Description |
Value |
attributeName |
The name of the TTL attribute used to store the expiration time for items in the table. + The AttributeName property is required when enabling the TTL, or when TTL is already enabled. + To update this property, you must first disable TTL and then enable TTL with the new attribute name. |
string |
enabled |
Indicates whether TTL is to be enabled (true) or disabled (false) on the table. |
bool |
ARM template resource definition
The dynamoDBTables resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.AwsConnector/dynamoDBTables resource, add the following JSON to your template.
{
"type": "Microsoft.AwsConnector/dynamoDBTables",
"apiVersion": "2024-12-01",
"name": "string",
"location": "string",
"properties": {
"arn": "string",
"awsAccountId": "string",
"awsProperties": {
"arn": "string",
"attributeDefinitions": [
{
"attributeName": "string",
"attributeType": "string"
}
],
"billingMode": "string",
"contributorInsightsSpecification": {
"enabled": "bool"
},
"deletionProtectionEnabled": "bool",
"globalSecondaryIndexes": [
{
"contributorInsightsSpecification": {
"enabled": "bool"
},
"indexName": "string",
"keySchema": [
{
"attributeName": "string",
"keyType": "string"
}
],
"projection": {
"nonKeyAttributes": [ "string" ],
"projectionType": "string"
},
"provisionedThroughput": {
"readCapacityUnits": "int",
"writeCapacityUnits": "int"
}
}
],
"importSourceSpecification": {
"inputCompressionType": "string",
"inputFormat": "string",
"inputFormatOptions": {
"csv": {
"delimiter": "string",
"headerList": [ "string" ]
}
},
"s3BucketSource": {
"s3Bucket": "string",
"s3BucketOwner": "string",
"s3KeyPrefix": "string"
}
},
"keySchema": [
{
"attributeName": "string",
"keyType": "string"
}
],
"kinesisStreamSpecification": {
"approximateCreationDateTimePrecision": "string",
"streamArn": "string"
},
"localSecondaryIndexes": [
{
"indexName": "string",
"keySchema": [
{
"attributeName": "string",
"keyType": "string"
}
],
"projection": {
"nonKeyAttributes": [ "string" ],
"projectionType": "string"
}
}
],
"pointInTimeRecoverySpecification": {
"pointInTimeRecoveryEnabled": "bool"
},
"provisionedThroughput": {
"readCapacityUnits": "int",
"writeCapacityUnits": "int"
},
"resourcePolicy": {
"policyDocument": {}
},
"sseSpecification": {
"kmsMasterKeyId": "string",
"sseEnabled": "bool",
"sseType": "string"
},
"streamArn": "string",
"streamSpecification": {
"resourcePolicy": {
"policyDocument": {}
},
"streamViewType": "string"
},
"tableClass": "string",
"tableName": "string",
"tags": [
{
"key": "string",
"value": "string"
}
],
"timeToLiveSpecification": {
"attributeName": "string",
"enabled": "bool"
}
},
"awsRegion": "string",
"awsSourceSchema": "string",
"awsTags": {
"{customized property}": "string"
},
"publicCloudConnectorsResourceId": "string",
"publicCloudResourceName": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.AwsConnector/dynamoDBTables
Name |
Description |
Value |
apiVersion |
The api version |
'2024-12-01' |
location |
The geo-location where the resource lives |
string (required) |
name |
The resource name |
string
Constraints: Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required) |
properties |
The resource-specific properties for this resource. |
DynamoDBTableProperties |
tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
type |
The resource type |
'Microsoft.AwsConnector/dynamoDBTables' |
AttributeDefinition
Name |
Description |
Value |
attributeName |
A name for the attribute. |
string |
attributeType |
The data type for the attribute, where: + S - the attribute is of type String + N - the attribute is of type Number + B - the attribute is of type Binary |
string |
AwsDynamoDBTableProperties
Name |
Description |
Value |
arn |
Property arn |
string |
attributeDefinitions |
A list of attributes that describe the key schema for the table and indexes. This property is required to create a DDB table. Update requires: Some interruptions. Replacement if you edit an existing AttributeDefinition. |
AttributeDefinition[] |
billingMode |
Specify how you are charged for read and write throughput and how you manage capacity. Valid values include: + PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode. + PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode. If not specified, the default is PROVISIONED . |
string |
contributorInsightsSpecification |
The settings used to enable or disable CloudWatch Contributor Insights for the specified table. The settings used to enable or disable CloudWatch Contributor Insights. |
ContributorInsightsSpecification |
deletionProtectionEnabled |
Determines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see Using deletion protection in the Developer Guide. |
bool |
globalSecondaryIndexes |
Global secondary indexes to be created on the table. You can create up to 20 global secondary indexes. If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE . You can track its status by using the DynamoDB DescribeTable command. If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. Updates are not supported. The following are exceptions: + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. |
GlobalSecondaryIndex[] |
importSourceSpecification |
Specifies the properties of data being imported from the S3 bucket source to the table. If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification , the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. Specifies the properties of data being imported from the S3 bucket source to the table. |
ImportSourceSpecification |
keySchema |
Specifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property. |
KeySchema[] |
kinesisStreamSpecification |
The Kinesis Data Streams configuration for the specified table. The Kinesis Data Streams configuration for the specified table. |
KinesisStreamSpecification |
localSecondaryIndexes |
Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. |
LocalSecondaryIndex[] |
pointInTimeRecoverySpecification |
The settings used to enable point in time recovery. The settings used to enable point in time recovery. |
PointInTimeRecoverySpecification |
provisionedThroughput |
Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Amazon DynamoDB Table ProvisionedThroughput. If you set BillingMode as PROVISIONED , you must specify this property. If you set BillingMode as PAY_PER_REQUEST , you cannot specify this property. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. |
ProvisionedThroughput |
resourcePolicy |
A resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. When you attach a resource-based policy while creating a table, the policy creation is strongly consistent. For information about the considerations that you should keep in mind while attaching a resource-based policy, see Resource-based policy considerations. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. |
ResourcePolicy |
sseSpecification |
Specifies the settings to enable server-side encryption. Represents the settings used to enable server-side encryption. |
SSESpecification |
streamArn |
Property streamArn |
string |
streamSpecification |
The settings for the DDB table stream, which capture changes to items stored in the table. Represents the DynamoDB Streams configuration for a table in DynamoDB. |
StreamSpecification |
tableClass |
The table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS . |
string |
tableName |
A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see Name Type. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. |
string |
tags |
An array of key-value pairs to apply to this resource. For more information, see Tag. |
TagAutoGenerated8[] |
timeToLiveSpecification |
Specifies the Time to Live (TTL) settings for the table. For detailed information about the limits in DynamoDB, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide. Represents the settings used to enable or disable Time to Live (TTL) for the specified table. |
TimeToLiveSpecification |
ContributorInsightsSpecification
Name |
Description |
Value |
enabled |
Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false). |
bool |
Csv
Name |
Description |
Value |
delimiter |
The delimiter used for separating items in the CSV file being imported. |
string |
headerList |
List of the headers used to specify a common header for all source CSV files being imported. If this field is specified then the first line of each CSV file is treated as data instead of the header. If this field is not specified the the first line of each CSV file is treated as the header. |
string[] |
DynamoDBTableProperties
Name |
Description |
Value |
arn |
Amazon Resource Name (ARN) |
string |
awsAccountId |
AWS Account ID |
string |
awsProperties |
AWS Properties |
AwsDynamoDBTableProperties |
awsRegion |
AWS Region |
string |
awsSourceSchema |
AWS Source Schema |
string |
awsTags |
AWS Tags |
DynamoDBTablePropertiesAwsTags |
publicCloudConnectorsResourceId |
Public Cloud Connectors Resource ID |
string |
publicCloudResourceName |
Public Cloud Resource Name |
string |
GlobalSecondaryIndex
Name |
Description |
Value |
contributorInsightsSpecification |
The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index. The settings used to enable or disable CloudWatch Contributor Insights. |
ContributorInsightsSpecification |
indexName |
The name of the global secondary index. The name must be unique among all other indexes on this table. |
string |
keySchema |
The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
KeySchema[] |
projection |
Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. |
Projection |
provisionedThroughput |
Represents the provisioned throughput settings for the specified global secondary index. For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. |
ProvisionedThroughput |
ImportSourceSpecification
Name |
Description |
Value |
inputCompressionType |
Type of compression to be used on the input coming from the imported table. |
string |
inputFormat |
The format of the source data. Valid values for ImportFormat are CSV , DYNAMODB_JSON or ION . |
string |
inputFormatOptions |
Additional properties that specify how the input is formatted, The format options for the data that was imported into the target table. There is one value, CsvOption. |
InputFormatOptions |
s3BucketSource |
The S3 bucket that provides the source for the import. The S3 bucket that is being imported from. |
S3BucketSource |
Name |
Description |
Value |
csv |
The options for imported source files in CSV format. The values are Delimiter and HeaderList. The options for imported source files in CSV format. The values are Delimiter and HeaderList. |
Csv |
KeySchema
Name |
Description |
Value |
attributeName |
The name of a key attribute. |
string |
keyType |
The role that this key attribute will assume: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
string |
KinesisStreamSpecification
Name |
Description |
Value |
approximateCreationDateTimePrecision |
The precision for the time and date that the stream was created. |
'MICROSECOND' 'MILLISECOND' |
streamArn |
The ARN for a specific Kinesis data stream. Length Constraints: Minimum length of 37. Maximum length of 1024. |
string |
LocalSecondaryIndex
Name |
Description |
Value |
indexName |
The name of the local secondary index. The name must be unique among all other indexes on this table. |
string |
keySchema |
The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
KeySchema[] |
projection |
Represents attributes that are copied (projected) from the table into the local secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. |
Projection |
PointInTimeRecoverySpecification
Name |
Description |
Value |
pointInTimeRecoveryEnabled |
Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. |
bool |
Projection
Name |
Description |
Value |
nonKeyAttributes |
Represents the non-key attribute names which will be projected into the index. For local secondary indexes, the total count of NonKeyAttributes summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. |
string[] |
projectionType |
The set of attributes that are projected into the index: + KEYS_ONLY - Only the index and primary keys are projected into the index. + INCLUDE - In addition to the attributes described in KEYS_ONLY , the secondary index will include other non-key attributes that you specify. + ALL - All of the table attributes are projected into the index. When using the DynamoDB console, ALL is selected by default. |
string |
ProvisionedThroughput
Name |
Description |
Value |
readCapacityUnits |
The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException . For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. |
int |
writeCapacityUnits |
The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException . For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. |
int |
ResourcePolicy
Name |
Description |
Value |
policyDocument |
A resource-based policy document that contains permissions to add to the specified DDB table, index, or both. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. |
any |
S3BucketSource
Name |
Description |
Value |
s3Bucket |
The S3 bucket that is being imported from. |
string |
s3BucketOwner |
The account number of the S3 bucket that is being imported from. If the bucket is owned by the requester this is optional. |
string |
s3KeyPrefix |
The key prefix shared by all S3 Objects that are being imported. |
string |
SSESpecification
Name |
Description |
Value |
kmsMasterKeyId |
The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key alias/aws/dynamodb . |
string |
sseEnabled |
Indicates whether server-side encryption is done using an AWS managed key or an AWS owned key. If enabled (true), server-side encryption type is set to KMS and an AWS managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned key. |
bool |
sseType |
Server-side encryption type. The only supported value is: + KMS - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply). |
string |
StreamSpecification
Name |
Description |
Value |
resourcePolicy |
Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. |
ResourcePolicy |
streamViewType |
When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Valid values for StreamViewType are: + KEYS_ONLY - Only the key attributes of the modified item are written to the stream. + NEW_IMAGE - The entire item, as it appears after it was modified, is written to the stream. + OLD_IMAGE - The entire item, as it appeared before it was modified, is written to the stream. + NEW_AND_OLD_IMAGES - Both the new and the old item images of the item are written to the stream. |
string |
TagAutoGenerated8
Name |
Description |
Value |
key |
The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. |
string |
value |
The value of the tag. Tag values are case-sensitive and can be null. |
string |
TimeToLiveSpecification
Name |
Description |
Value |
attributeName |
The name of the TTL attribute used to store the expiration time for items in the table. + The AttributeName property is required when enabling the TTL, or when TTL is already enabled. + To update this property, you must first disable TTL and then enable TTL with the new attribute name. |
string |
enabled |
Indicates whether TTL is to be enabled (true) or disabled (false) on the table. |
bool |
Usage Examples
The dynamoDBTables resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.AwsConnector/dynamoDBTables resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AwsConnector/dynamoDBTables@2024-12-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
arn = "string"
awsAccountId = "string"
awsProperties = {
arn = "string"
attributeDefinitions = [
{
attributeName = "string"
attributeType = "string"
}
]
billingMode = "string"
contributorInsightsSpecification = {
enabled = bool
}
deletionProtectionEnabled = bool
globalSecondaryIndexes = [
{
contributorInsightsSpecification = {
enabled = bool
}
indexName = "string"
keySchema = [
{
attributeName = "string"
keyType = "string"
}
]
projection = {
nonKeyAttributes = [
"string"
]
projectionType = "string"
}
provisionedThroughput = {
readCapacityUnits = int
writeCapacityUnits = int
}
}
]
importSourceSpecification = {
inputCompressionType = "string"
inputFormat = "string"
inputFormatOptions = {
csv = {
delimiter = "string"
headerList = [
"string"
]
}
}
s3BucketSource = {
s3Bucket = "string"
s3BucketOwner = "string"
s3KeyPrefix = "string"
}
}
keySchema = [
{
attributeName = "string"
keyType = "string"
}
]
kinesisStreamSpecification = {
approximateCreationDateTimePrecision = "string"
streamArn = "string"
}
localSecondaryIndexes = [
{
indexName = "string"
keySchema = [
{
attributeName = "string"
keyType = "string"
}
]
projection = {
nonKeyAttributes = [
"string"
]
projectionType = "string"
}
}
]
pointInTimeRecoverySpecification = {
pointInTimeRecoveryEnabled = bool
}
provisionedThroughput = {
readCapacityUnits = int
writeCapacityUnits = int
}
resourcePolicy = {
policyDocument = ?
}
sseSpecification = {
kmsMasterKeyId = "string"
sseEnabled = bool
sseType = "string"
}
streamArn = "string"
streamSpecification = {
resourcePolicy = {
policyDocument = ?
}
streamViewType = "string"
}
tableClass = "string"
tableName = "string"
tags = [
{
key = "string"
value = "string"
}
]
timeToLiveSpecification = {
attributeName = "string"
enabled = bool
}
}
awsRegion = "string"
awsSourceSchema = "string"
awsTags = {
{customized property} = "string"
}
publicCloudConnectorsResourceId = "string"
publicCloudResourceName = "string"
}
}
}
Property Values
Microsoft.AwsConnector/dynamoDBTables
Name |
Description |
Value |
location |
The geo-location where the resource lives |
string (required) |
name |
The resource name |
string
Constraints: Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required) |
properties |
The resource-specific properties for this resource. |
DynamoDBTableProperties |
tags |
Resource tags |
Dictionary of tag names and values. |
type |
The resource type |
"Microsoft.AwsConnector/dynamoDBTables@2024-12-01" |
AttributeDefinition
Name |
Description |
Value |
attributeName |
A name for the attribute. |
string |
attributeType |
The data type for the attribute, where: + S - the attribute is of type String + N - the attribute is of type Number + B - the attribute is of type Binary |
string |
AwsDynamoDBTableProperties
Name |
Description |
Value |
arn |
Property arn |
string |
attributeDefinitions |
A list of attributes that describe the key schema for the table and indexes. This property is required to create a DDB table. Update requires: Some interruptions. Replacement if you edit an existing AttributeDefinition. |
AttributeDefinition[] |
billingMode |
Specify how you are charged for read and write throughput and how you manage capacity. Valid values include: + PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode. + PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode. If not specified, the default is PROVISIONED . |
string |
contributorInsightsSpecification |
The settings used to enable or disable CloudWatch Contributor Insights for the specified table. The settings used to enable or disable CloudWatch Contributor Insights. |
ContributorInsightsSpecification |
deletionProtectionEnabled |
Determines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see Using deletion protection in the Developer Guide. |
bool |
globalSecondaryIndexes |
Global secondary indexes to be created on the table. You can create up to 20 global secondary indexes. If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE . You can track its status by using the DynamoDB DescribeTable command. If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. Updates are not supported. The following are exceptions: + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. |
GlobalSecondaryIndex[] |
importSourceSpecification |
Specifies the properties of data being imported from the S3 bucket source to the table. If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification , the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. Specifies the properties of data being imported from the S3 bucket source to the table. |
ImportSourceSpecification |
keySchema |
Specifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property. |
KeySchema[] |
kinesisStreamSpecification |
The Kinesis Data Streams configuration for the specified table. The Kinesis Data Streams configuration for the specified table. |
KinesisStreamSpecification |
localSecondaryIndexes |
Local secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. |
LocalSecondaryIndex[] |
pointInTimeRecoverySpecification |
The settings used to enable point in time recovery. The settings used to enable point in time recovery. |
PointInTimeRecoverySpecification |
provisionedThroughput |
Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Amazon DynamoDB Table ProvisionedThroughput. If you set BillingMode as PROVISIONED , you must specify this property. If you set BillingMode as PAY_PER_REQUEST , you cannot specify this property. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. |
ProvisionedThroughput |
resourcePolicy |
A resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. When you attach a resource-based policy while creating a table, the policy creation is strongly consistent. For information about the considerations that you should keep in mind while attaching a resource-based policy, see Resource-based policy considerations. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. |
ResourcePolicy |
sseSpecification |
Specifies the settings to enable server-side encryption. Represents the settings used to enable server-side encryption. |
SSESpecification |
streamArn |
Property streamArn |
string |
streamSpecification |
The settings for the DDB table stream, which capture changes to items stored in the table. Represents the DynamoDB Streams configuration for a table in DynamoDB. |
StreamSpecification |
tableClass |
The table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS . |
string |
tableName |
A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see Name Type. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. |
string |
tags |
An array of key-value pairs to apply to this resource. For more information, see Tag. |
TagAutoGenerated8[] |
timeToLiveSpecification |
Specifies the Time to Live (TTL) settings for the table. For detailed information about the limits in DynamoDB, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide. Represents the settings used to enable or disable Time to Live (TTL) for the specified table. |
TimeToLiveSpecification |
ContributorInsightsSpecification
Name |
Description |
Value |
enabled |
Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false). |
bool |
Csv
Name |
Description |
Value |
delimiter |
The delimiter used for separating items in the CSV file being imported. |
string |
headerList |
List of the headers used to specify a common header for all source CSV files being imported. If this field is specified then the first line of each CSV file is treated as data instead of the header. If this field is not specified the the first line of each CSV file is treated as the header. |
string[] |
DynamoDBTableProperties
Name |
Description |
Value |
arn |
Amazon Resource Name (ARN) |
string |
awsAccountId |
AWS Account ID |
string |
awsProperties |
AWS Properties |
AwsDynamoDBTableProperties |
awsRegion |
AWS Region |
string |
awsSourceSchema |
AWS Source Schema |
string |
awsTags |
AWS Tags |
DynamoDBTablePropertiesAwsTags |
publicCloudConnectorsResourceId |
Public Cloud Connectors Resource ID |
string |
publicCloudResourceName |
Public Cloud Resource Name |
string |
GlobalSecondaryIndex
Name |
Description |
Value |
contributorInsightsSpecification |
The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index. The settings used to enable or disable CloudWatch Contributor Insights. |
ContributorInsightsSpecification |
indexName |
The name of the global secondary index. The name must be unique among all other indexes on this table. |
string |
keySchema |
The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
KeySchema[] |
projection |
Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. |
Projection |
provisionedThroughput |
Represents the provisioned throughput settings for the specified global secondary index. For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide. Throughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits . For more information about the contents of a provisioned throughput structure, see Table ProvisionedThroughput. |
ProvisionedThroughput |
ImportSourceSpecification
Name |
Description |
Value |
inputCompressionType |
Type of compression to be used on the input coming from the imported table. |
string |
inputFormat |
The format of the source data. Valid values for ImportFormat are CSV , DYNAMODB_JSON or ION . |
string |
inputFormatOptions |
Additional properties that specify how the input is formatted, The format options for the data that was imported into the target table. There is one value, CsvOption. |
InputFormatOptions |
s3BucketSource |
The S3 bucket that provides the source for the import. The S3 bucket that is being imported from. |
S3BucketSource |
Name |
Description |
Value |
csv |
The options for imported source files in CSV format. The values are Delimiter and HeaderList. The options for imported source files in CSV format. The values are Delimiter and HeaderList. |
Csv |
KeySchema
Name |
Description |
Value |
attributeName |
The name of a key attribute. |
string |
keyType |
The role that this key attribute will assume: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
string |
KinesisStreamSpecification
Name |
Description |
Value |
approximateCreationDateTimePrecision |
The precision for the time and date that the stream was created. |
'MICROSECOND' 'MILLISECOND' |
streamArn |
The ARN for a specific Kinesis data stream. Length Constraints: Minimum length of 37. Maximum length of 1024. |
string |
LocalSecondaryIndex
Name |
Description |
Value |
indexName |
The name of the local secondary index. The name must be unique among all other indexes on this table. |
string |
keySchema |
The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types: + HASH - partition key + RANGE - sort key The partition key of an item is also known as its hash attribute. The term 'hash attribute' derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term 'range attribute' derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value. |
KeySchema[] |
projection |
Represents attributes that are copied (projected) from the table into the local secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. |
Projection |
PointInTimeRecoverySpecification
Name |
Description |
Value |
pointInTimeRecoveryEnabled |
Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. |
bool |
Projection
Name |
Description |
Value |
nonKeyAttributes |
Represents the non-key attribute names which will be projected into the index. For local secondary indexes, the total count of NonKeyAttributes summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. |
string[] |
projectionType |
The set of attributes that are projected into the index: + KEYS_ONLY - Only the index and primary keys are projected into the index. + INCLUDE - In addition to the attributes described in KEYS_ONLY , the secondary index will include other non-key attributes that you specify. + ALL - All of the table attributes are projected into the index. When using the DynamoDB console, ALL is selected by default. |
string |
ProvisionedThroughput
Name |
Description |
Value |
readCapacityUnits |
The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException . For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. |
int |
writeCapacityUnits |
The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException . For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide. If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. |
int |
ResourcePolicy
Name |
Description |
Value |
policyDocument |
A resource-based policy document that contains permissions to add to the specified DDB table, index, or both. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. |
any |
S3BucketSource
Name |
Description |
Value |
s3Bucket |
The S3 bucket that is being imported from. |
string |
s3BucketOwner |
The account number of the S3 bucket that is being imported from. If the bucket is owned by the requester this is optional. |
string |
s3KeyPrefix |
The key prefix shared by all S3 Objects that are being imported. |
string |
SSESpecification
Name |
Description |
Value |
kmsMasterKeyId |
The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key alias/aws/dynamodb . |
string |
sseEnabled |
Indicates whether server-side encryption is done using an AWS managed key or an AWS owned key. If enabled (true), server-side encryption type is set to KMS and an AWS managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned key. |
bool |
sseType |
Server-side encryption type. The only supported value is: + KMS - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply). |
string |
StreamSpecification
Name |
Description |
Value |
resourcePolicy |
Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see Using resource-based policies for and Resource-based policy examples. While defining resource-based policies in your CFNshort templates, the following considerations apply: + The maximum size supported for a resource-based policy document in JSON format is 20 KB. DDB counts whitespaces when calculating the size of a policy against this limit. + Resource-based policies don't support drift detection. If you update a policy outside of the CFNshort stack template, you'll need to update the CFNshort stack with the changes. + Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CFNshort template, the change won't be overwritten if there are no changes to the policy within the template. For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DDB won’t be synced with the policy in the template. Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DDB will be updated to match the one defined in the template. For a full list of all considerations, see Resource-based policy considerations. |
ResourcePolicy |
streamViewType |
When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Valid values for StreamViewType are: + KEYS_ONLY - Only the key attributes of the modified item are written to the stream. + NEW_IMAGE - The entire item, as it appears after it was modified, is written to the stream. + OLD_IMAGE - The entire item, as it appeared before it was modified, is written to the stream. + NEW_AND_OLD_IMAGES - Both the new and the old item images of the item are written to the stream. |
string |
TagAutoGenerated8
Name |
Description |
Value |
key |
The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. |
string |
value |
The value of the tag. Tag values are case-sensitive and can be null. |
string |
TimeToLiveSpecification
Name |
Description |
Value |
attributeName |
The name of the TTL attribute used to store the expiration time for items in the table. + The AttributeName property is required when enabling the TTL, or when TTL is already enabled. + To update this property, you must first disable TTL and then enable TTL with the new attribute name. |
string |
enabled |
Indicates whether TTL is to be enabled (true) or disabled (false) on the table. |
bool |