Skip to main content

Table

sdlc-cdk-lib v1.0.0

sdlc-cdk-lib / src-extends-aws-cdk-lib/aws-dynamodb/Table

src-extends-aws-cdk-lib/aws-dynamodb/Table

Classes

Table

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:268

Extended DynamoDB Table with project-specific defaults and best practice warnings.

Remarks

This class extends the standard AWS CDK DynamoDB Table to provide:

  • Pay-Per-Request Billing: On-demand capacity mode by default for variable workloads
  • Point-in-Time Recovery: Automatic backups enabled by default
  • AWS Managed Encryption: KMS encryption enabled by default
  • RETAIN Removal Policy: Prevents accidental deletion by default
  • Validation Warnings: Console warnings when best practices are not followed

The Table class automatically validates configuration against AWS best practices and outputs warnings when potentially problematic configurations are detected.

Examples

import { Stack } from '@root/aws-cdk-lib';
import { Table, AttributeType } from '@root/aws-cdk-lib/aws-dynamodb';

export class MyStack extends Stack {
  constructor(scope: Construct, id: string) {
    super(scope, id);

    // Creates table with all secure defaults:
    // - PAY_PER_REQUEST billing
    // - Point-in-time recovery enabled
    // - AWS_MANAGED encryption
    // - RETAIN removal policy
    const table = new Table(this, 'UsersTable', {
      partitionKey: { name: 'userId', type: AttributeType.STRING },
    });
  }
}
import { Table, AttributeType } from '@root/aws-cdk-lib/aws-dynamodb';

const table = new Table(this, 'OrdersTable', {
  partitionKey: { name: 'orderId', type: AttributeType.STRING },
  sortKey: { name: 'timestamp', type: AttributeType.NUMBER },
});

table.addGlobalSecondaryIndex({
  indexName: 'UserIndex',
  partitionKey: { name: 'userId', type: AttributeType.STRING },
});
import { Table, AttributeType, StreamViewType } from '@root/aws-cdk-lib/aws-dynamodb';

const table = new Table(this, 'EventsTable', {
  partitionKey: { name: 'eventId', type: AttributeType.STRING },
  stream: StreamViewType.NEW_AND_OLD_IMAGES, // Recommended: full data
});
import { RemovalPolicy } from 'aws-cdk-lib';
import { Table, AttributeType, BillingMode, TableEncryption } from '@root/aws-cdk-lib/aws-dynamodb';

// ⚠️ Warning: Point-in-time recovery disabled
const table1 = new Table(this, 'Table1', {
  partitionKey: { name: 'id', type: AttributeType.STRING },
  pointInTimeRecovery: false,
});

// ⚠️ Warning: Using DEFAULT encryption
const table2 = new Table(this, 'Table2', {
  partitionKey: { name: 'id', type: AttributeType.STRING },
  encryption: TableEncryption.DEFAULT,
});

// ⚠️ Warning: DESTROY policy without deletion protection
const table3 = new Table(this, 'Table3', {
  partitionKey: { name: 'id', type: AttributeType.STRING },
  removalPolicy: RemovalPolicy.DESTROY,
  deletionProtection: false,
});

// ⚠️ Warning: PROVISIONED mode without capacity
const table4 = new Table(this, 'Table4', {
  partitionKey: { name: 'id', type: AttributeType.STRING },
  billingMode: BillingMode.PROVISIONED,
});
import { RemovalPolicy } from 'aws-cdk-lib';
import { Table, AttributeType, StreamViewType, TableEncryption } from '@root/aws-cdk-lib/aws-dynamodb';

const table = new Table(this, 'ProductionTable', {
  tableName: `users-${this.account}-${this.region}`,
  partitionKey: { name: 'userId', type: AttributeType.STRING },
  sortKey: { name: 'timestamp', type: AttributeType.NUMBER },
  billingMode: BillingMode.PAY_PER_REQUEST,
  pointInTimeRecovery: true,
  encryption: TableEncryption.AWS_MANAGED,
  removalPolicy: RemovalPolicy.RETAIN,
  deletionProtection: true,
  stream: StreamViewType.NEW_AND_OLD_IMAGES,
  timeToLiveAttribute: 'ttl',
});

Extends

  • Table

Constructors

Constructor

new Table(scope, id, props): Table

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:315

Creates a new extended DynamoDB Table with secure defaults and validation.

Parameters
scope

Construct

Parent construct (typically Stack)

id

string

Table identifier

props

TableProps

Table configuration properties

Returns

Table

Remarks

This constructor applies the following defaults if not specified:

  • billingMode: BillingMode.PAY_PER_REQUEST (on-demand pricing)
  • pointInTimeRecovery: true (automatic backups enabled)
  • encryption: TableEncryption.AWS_MANAGED (AWS KMS encryption)
  • removalPolicy: RemovalPolicy.RETAIN (prevents accidental deletion)

Validation Warnings:

The constructor validates your configuration and outputs console warnings for:

  1. Provisioned Billing Without Capacity: Using PROVISIONED billing mode without specifying readCapacity/writeCapacity
  2. Point-in-Time Recovery Disabled: Not recommended for production workloads
  3. Default Encryption: Using DEFAULT encryption instead of AWS_MANAGED or CUSTOMER_MANAGED
  4. Unsafe Deletion Settings: DESTROY removal policy without deletion protection enabled
  5. Table Naming Convention: Table name doesn't include account and region for global uniqueness
  6. Minimal Stream Data: Stream configured with KEYS_ONLY instead of NEW_AND_OLD_IMAGES or NEW_IMAGE

Warning format: [StackName/TableId] Warning message with recommendation

Examples
const table = new Table(this, 'MyTable', {
  partitionKey: { name: 'id', type: AttributeType.STRING },
});
// No warnings - all defaults are secure
const table = new Table(this, 'UnsafeTable', {
  partitionKey: { name: 'id', type: AttributeType.STRING },
  pointInTimeRecovery: false, // ⚠️ Warning logged
  removalPolicy: RemovalPolicy.DESTROY, // ⚠️ Warning logged
});
// Console output:
// [MyStack/UnsafeTable] DynamoDB table has point-in-time recovery disabled...
// [MyStack/UnsafeTable] DynamoDB table has DESTROY removal policy without deletion protection...
Overrides

AwsTable.constructor

Interfaces

TableProps

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:22

Extended table properties with project-specific defaults.

Remarks

Extends AWS CDK TableProps with sensible defaults for DynamoDB tables focused on security, reliability, and best practices.

Extends

  • TableProps

Properties

billingMode?

readonly optional billingMode: BillingMode

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:95

Specify the billing mode for the table.

Remarks
  • PAY_PER_REQUEST: On-demand pricing, automatically scales with traffic
  • PROVISIONED: Pre-provisioned capacity, requires readCapacity and writeCapacity

⚠️ A warning is logged if PROVISIONED mode is used without capacity configuration

Default
BillingMode.PAY_PER_REQUEST
Examples
billingMode: BillingMode.PAY_PER_REQUEST
billingMode: BillingMode.PROVISIONED,
readCapacity: 5,
writeCapacity: 5
Overrides

AwsTableProps.billingMode

encryption?

readonly optional encryption: TableEncryption

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:114

The table encryption mode.

Remarks
  • AWS_MANAGED: AWS manages the KMS key (recommended)
  • CUSTOMER_MANAGED: You provide and manage the KMS key
  • DEFAULT: Uses AWS owned CMK (not recommended)

⚠️ A warning is logged if set to TableEncryption.DEFAULT

Default
TableEncryption.AWS_MANAGED
Example
encryption: TableEncryption.AWS_MANAGED // Recommended
Overrides

AwsTableProps.encryption

partitionKey

readonly partitionKey: Attribute

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:35

The partition key attribute definition.

Remarks

This is a required attribute that uniquely identifies items in the table, or in combination with the sort key for composite keys.

Example
partitionKey: { name: 'userId', type: AttributeType.STRING }
Overrides

AwsTableProps.partitionKey

pointInTimeRecovery?

readonly optional pointInTimeRecovery: boolean

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:70

Enable point-in-time recovery for the table.

Remarks

Point-in-time recovery provides continuous backups of your DynamoDB table data. You can restore the table to any point in time during the last 35 days. Highly recommended for production workloads.

⚠️ A warning is logged if set to false

Default
true
Example
pointInTimeRecovery: true // Recommended for production
Overrides

AwsTableProps.pointInTimeRecovery

removalPolicy?

readonly optional removalPolicy: RemovalPolicy

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:133

The removal policy for the table.

Remarks
  • RETAIN: Table is retained when stack is deleted (recommended)
  • DESTROY: Table is deleted with the stack
  • SNAPSHOT: Not applicable to DynamoDB tables

⚠️ A warning is logged if set to DESTROY without deletionProtection: true

Default
RemovalPolicy.RETAIN
Example
removalPolicy: RemovalPolicy.RETAIN // Prevents accidental deletion
Overrides

AwsTableProps.removalPolicy

sortKey?

readonly optional sortKey: Attribute

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:51

The sort key attribute definition.

Remarks

Optional attribute that, combined with the partition key, forms a composite primary key allowing multiple items with the same partition key.

Default
- No sort key
Example
sortKey: { name: 'timestamp', type: AttributeType.NUMBER }
Overrides

AwsTableProps.sortKey

stream?

readonly optional stream: StreamViewType

Defined in: src-extends-aws-cdk-lib/aws-dynamodb/Table.ts:153

When an item is modified, StreamViewType determines what information is written to the stream.

Remarks
  • NEW_AND_OLD_IMAGES: Both new and old item images (recommended)
  • NEW_IMAGE: Only the new item image
  • OLD_IMAGE: Only the old item image
  • KEYS_ONLY: Only the key attributes (minimal data)

⚠️ A warning is logged if set to KEYS_ONLY (minimal information)

Default
- Streams are not enabled
Example
stream: StreamViewType.NEW_AND_OLD_IMAGES // Recommended for full audit trail
Overrides

AwsTableProps.stream