Skip to main content

tables

Creates, updates, deletes or gets a table resource or lists tables in a region

Overview

Nametables
TypeResource
DescriptionThe AWS::DynamoDB::Table resource creates a DDB table. For more information, see [CreateTable](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html) in the *API Reference*.
You should be aware of the following behaviors when working with DDB tables:
+ CFNlong typically creates DDB tables in parallel. However, if your template includes multiple DDB tables with indexes, you must declare dependencies so that the tables are created sequentially. DDBlong limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DDB returns an error and the stack operation fails. For an example, see [DynamoDB Table with a DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table--examples--DynamoDB_Table_with_a_DependsOn_Attribute).

Our guidance is to use the latest schema documented here for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes.
Idaws.dynamodb.tables

Fields

NameDatatypeDescription
on_demand_throughputobjectSets the maximum number of read and write units for the specified on-demand table. If you use this property, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
sse_specificationobjectSpecifies the settings to enable server-side encryption.
kinesis_stream_specificationobjectThe Kinesis Data Streams configuration for the specified table.
stream_specificationobjectThe settings for the DDB table stream, which capture changes to items stored in the table.
contributor_insights_specificationobjectThe settings used to enable or disable CloudWatch Contributor Insights for the specified table.
import_source_specificationobjectSpecifies the properties of data being imported from the S3 bucket source to the table.
If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification, the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission.
point_in_time_recovery_specificationobjectThe settings used to enable point in time recovery.
provisioned_throughputobjectThroughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see [Amazon DynamoDB Table ProvisionedThroughput](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html).
If you set BillingMode as PROVISIONED, you must specify this property. If you set BillingMode as PAY_PER_REQUEST, you cannot specify this property.
table_namestringA name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
attribute_definitionsarrayA list of attributes that describe the key schema for the table and indexes.
This property is required to create a DDB table.
Update requires: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt). Replacement if you edit an existing AttributeDefinition.
billing_modestringSpecify how you are charged for read and write throughput and how you manage capacity.
Valid values include:
+ PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to [Provisioned Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.ProvisionedThroughput.Manual).
+ PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to [On-Demand Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand).

If not specified, the default is PROVISIONED.
global_secondary_indexesarrayGlobal secondary indexes to be created on the table. You can create up to 20 global secondary indexes.
If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE. You can track its status by using the DynamoDB [DescribeTable](https://docs.aws.amazon.com/cli/latest/reference/dynamodb/describe-table.html) command.
If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index.
Updates are not supported. The following are exceptions:
+ If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption.
+ You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails.
resource_policyobjectA resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html).
When you attach a resource-based policy while creating a table, the policy creation is *strongly consistent*. For information about the considerations that you should keep in mind while attaching a resource-based policy, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html).
key_schemaSpecifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property.
local_secondary_indexesarrayLocal secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes.
arnstring
stream_arnstring
deletion_protection_enabledbooleanDetermines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see [Using deletion protection](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.Basics.html#WorkingWithTables.Basics.DeletionProtection) in the *Developer Guide*.
table_classstringThe table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS.
tagsarrayAn array of key-value pairs to apply to this resource.
For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
time_to_live_specificationobjectSpecifies the Time to Live (TTL) settings for the table.
For detailed information about the limits in DynamoDB, see [Limits in Amazon DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the Amazon DynamoDB Developer Guide.
regionstringAWS region.

Methods

NameAccessible byRequired Params
create_resourceINSERTKeySchema, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all tables in a region.

SELECT
region,
on_demand_throughput,
sse_specification,
kinesis_stream_specification,
stream_specification,
contributor_insights_specification,
import_source_specification,
point_in_time_recovery_specification,
provisioned_throughput,
table_name,
attribute_definitions,
billing_mode,
global_secondary_indexes,
resource_policy,
key_schema,
local_secondary_indexes,
arn,
stream_arn,
deletion_protection_enabled,
table_class,
tags,
time_to_live_specification
FROM aws.dynamodb.tables
WHERE region = 'us-east-1';

Gets all properties from an individual table.

SELECT
region,
on_demand_throughput,
sse_specification,
kinesis_stream_specification,
stream_specification,
contributor_insights_specification,
import_source_specification,
point_in_time_recovery_specification,
provisioned_throughput,
table_name,
attribute_definitions,
billing_mode,
global_secondary_indexes,
resource_policy,
key_schema,
local_secondary_indexes,
arn,
stream_arn,
deletion_protection_enabled,
table_class,
tags,
time_to_live_specification
FROM aws.dynamodb.tables
WHERE region = 'us-east-1' AND data__Identifier = '<TableName>';

INSERT example

Use the following StackQL query and manifest file to create a new table resource, using stack-deploy.

/*+ create */
INSERT INTO aws.dynamodb.tables (
KeySchema,
region
)
SELECT
'{{ KeySchema }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM aws.dynamodb.tables
WHERE data__Identifier = '<TableName>'
AND region = 'us-east-1';

Permissions

To operate on the tables resource, the following permissions are required:

Read

dynamodb:DescribeTable,
dynamodb:DescribeContinuousBackups,
dynamodb:DescribeContributorInsights,
dynamodb:DescribeKinesisStreamingDestination,
dynamodb:ListTagsOfResource,
dynamodb:GetResourcePolicy

Create

dynamodb:CreateTable,
dynamodb:DescribeImport,
dynamodb:DescribeTable,
dynamodb:DescribeTimeToLive,
dynamodb:UpdateTimeToLive,
dynamodb:UpdateContributorInsights,
dynamodb:UpdateContinuousBackups,
dynamodb:DescribeContinuousBackups,
dynamodb:DescribeContributorInsights,
dynamodb:EnableKinesisStreamingDestination,
dynamodb:DisableKinesisStreamingDestination,
dynamodb:DescribeKinesisStreamingDestination,
dynamodb:ImportTable,
dynamodb:ListTagsOfResource,
dynamodb:TagResource,
dynamodb:UpdateTable,
dynamodb:GetResourcePolicy,
dynamodb:PutResourcePolicy,
kinesis:DescribeStream,
kinesis:PutRecords,
iam:CreateServiceLinkedRole,
kms:CreateGrant,
kms:Decrypt,
kms:DescribeKey,
kms:ListAliases,
kms:Encrypt,
kms:RevokeGrant,
logs:CreateLogGroup,
logs:CreateLogStream,
logs:DescribeLogGroups,
logs:DescribeLogStreams,
logs:PutLogEvents,
logs:PutRetentionPolicy,
s3:GetObject,
s3:GetObjectMetadata,
s3:ListBucket

Update

dynamodb:UpdateTable,
dynamodb:DescribeTable,
dynamodb:DescribeTimeToLive,
dynamodb:UpdateTimeToLive,
dynamodb:UpdateContinuousBackups,
dynamodb:UpdateContributorInsights,
dynamodb:UpdateKinesisStreamingDestination,
dynamodb:DescribeContinuousBackups,
dynamodb:DescribeKinesisStreamingDestination,
dynamodb:ListTagsOfResource,
dynamodb:TagResource,
dynamodb:UntagResource,
dynamodb:DescribeContributorInsights,
dynamodb:EnableKinesisStreamingDestination,
dynamodb:DisableKinesisStreamingDestination,
dynamodb:GetResourcePolicy,
dynamodb:PutResourcePolicy,
dynamodb:DeleteResourcePolicy,
kinesis:DescribeStream,
kinesis:PutRecords,
iam:CreateServiceLinkedRole,
kms:CreateGrant,
kms:DescribeKey,
kms:ListAliases,
kms:RevokeGrant

List

dynamodb:ListTables

Delete

dynamodb:DeleteTable,
dynamodb:DescribeTable