1 | import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
|
2 | import * as iam from '@aws-cdk/aws-iam';
|
3 | import * as kinesis from '@aws-cdk/aws-kinesis';
|
4 | import * as kms from '@aws-cdk/aws-kms';
|
5 | import { Duration, IResource, RemovalPolicy, Resource } from '@aws-cdk/core';
|
6 | import { Construct } from 'constructs';
|
7 | import { EnableScalingProps, IScalableTableAttribute } from './scalable-attribute-api';
|
8 | /**
|
9 | * Options for configuring a system errors metric that considers multiple operations.
|
10 | */
|
11 | export interface SystemErrorsForOperationsMetricOptions extends cloudwatch.MetricOptions {
|
12 | /**
|
13 | * The operations to apply the metric to.
|
14 | *
|
15 | * @default - All operations available by DynamoDB tables will be considered.
|
16 | */
|
17 | readonly operations?: Operation[];
|
18 | }
|
19 | /**
|
20 | * Supported DynamoDB table operations.
|
21 | */
|
22 | export declare enum Operation {
|
23 | /** GetItem */
|
24 | GET_ITEM = "GetItem",
|
25 | /** BatchGetItem */
|
26 | BATCH_GET_ITEM = "BatchGetItem",
|
27 | /** Scan */
|
28 | SCAN = "Scan",
|
29 | /** Query */
|
30 | QUERY = "Query",
|
31 | /** GetRecords */
|
32 | GET_RECORDS = "GetRecords",
|
33 | /** PutItem */
|
34 | PUT_ITEM = "PutItem",
|
35 | /** DeleteItem */
|
36 | DELETE_ITEM = "DeleteItem",
|
37 | /** UpdateItem */
|
38 | UPDATE_ITEM = "UpdateItem",
|
39 | /** BatchWriteItem */
|
40 | BATCH_WRITE_ITEM = "BatchWriteItem",
|
41 | /** TransactWriteItems */
|
42 | TRANSACT_WRITE_ITEMS = "TransactWriteItems",
|
43 | /** TransactGetItems */
|
44 | TRANSACT_GET_ITEMS = "TransactGetItems",
|
45 | /** ExecuteTransaction */
|
46 | EXECUTE_TRANSACTION = "ExecuteTransaction",
|
47 | /** BatchExecuteStatement */
|
48 | BATCH_EXECUTE_STATEMENT = "BatchExecuteStatement",
|
49 | /** ExecuteStatement */
|
50 | EXECUTE_STATEMENT = "ExecuteStatement"
|
51 | }
|
52 | /**
|
53 | * Represents an attribute for describing the key schema for the table
|
54 | * and indexes.
|
55 | */
|
56 | export interface Attribute {
|
57 | /**
|
58 | * The name of an attribute.
|
59 | */
|
60 | readonly name: string;
|
61 | /**
|
62 | * The data type of an attribute.
|
63 | */
|
64 | readonly type: AttributeType;
|
65 | }
|
66 | /**
|
67 | * What kind of server-side encryption to apply to this table.
|
68 | */
|
69 | export declare enum TableEncryption {
|
70 | /**
|
71 | * Server-side KMS encryption with a master key owned by AWS.
|
72 | */
|
73 | DEFAULT = "AWS_OWNED",
|
74 | /**
|
75 | * Server-side KMS encryption with a customer master key managed by customer.
|
76 | * If `encryptionKey` is specified, this key will be used, otherwise, one will be defined.
|
77 | *
|
78 | * > **NOTE**: if `encryptionKey` is not specified and the `Table` construct creates
|
79 | * > a KMS key for you, the key will be created with default permissions. If you are using
|
80 | * > CDKv2, these permissions will be sufficient to enable the key for use with DynamoDB tables.
|
81 | * > If you are using CDKv1, make sure the feature flag `@aws-cdk/aws-kms:defaultKeyPolicies`
|
82 | * > is set to `true` in your `cdk.json`.
|
83 | */
|
84 | CUSTOMER_MANAGED = "CUSTOMER_MANAGED",
|
85 | /**
|
86 | * Server-side KMS encryption with a master key managed by AWS.
|
87 | */
|
88 | AWS_MANAGED = "AWS_MANAGED"
|
89 | }
|
90 | /**
|
91 | * Represents the table schema attributes.
|
92 | */
|
93 | export interface SchemaOptions {
|
94 | /**
|
95 | * Partition key attribute definition.
|
96 | */
|
97 | readonly partitionKey: Attribute;
|
98 | /**
|
99 | * Sort key attribute definition.
|
100 | *
|
101 | * @default no sort key
|
102 | */
|
103 | readonly sortKey?: Attribute;
|
104 | }
|
105 | /**
|
106 | * Properties of a DynamoDB Table
|
107 | *
|
108 | * Use {@link TableProps} for all table properties
|
109 | */
|
110 | export interface TableOptions extends SchemaOptions {
|
111 | /**
|
112 | * The read capacity for the table. Careful if you add Global Secondary Indexes, as
|
113 | * those will share the table's provisioned throughput.
|
114 | *
|
115 | * Can only be provided if billingMode is Provisioned.
|
116 | *
|
117 | * @default 5
|
118 | */
|
119 | readonly readCapacity?: number;
|
120 | /**
|
121 | * The write capacity for the table. Careful if you add Global Secondary Indexes, as
|
122 | * those will share the table's provisioned throughput.
|
123 | *
|
124 | * Can only be provided if billingMode is Provisioned.
|
125 | *
|
126 | * @default 5
|
127 | */
|
128 | readonly writeCapacity?: number;
|
129 | /**
|
130 | * Specify how you are charged for read and write throughput and how you manage capacity.
|
131 | *
|
132 | * @default PROVISIONED if `replicationRegions` is not specified, PAY_PER_REQUEST otherwise
|
133 | */
|
134 | readonly billingMode?: BillingMode;
|
135 | /**
|
136 | * Whether point-in-time recovery is enabled.
|
137 | * @default - point-in-time recovery is disabled
|
138 | */
|
139 | readonly pointInTimeRecovery?: boolean;
|
140 | /**
|
141 | * Whether server-side encryption with an AWS managed customer master key is enabled.
|
142 | *
|
143 | * This property cannot be set if `encryption` and/or `encryptionKey` is set.
|
144 | *
|
145 | * @default - server-side encryption is enabled with an AWS owned customer master key
|
146 | *
|
147 | * @deprecated This property is deprecated. In order to obtain the same behavior as
|
148 | * enabling this, set the `encryption` property to `TableEncryption.AWS_MANAGED` instead.
|
149 | */
|
150 | readonly serverSideEncryption?: boolean;
|
151 | /**
|
152 | * Specify the table class.
|
153 | * @default STANDARD
|
154 | */
|
155 | readonly tableClass?: TableClass;
|
156 | /**
|
157 | * Whether server-side encryption with an AWS managed customer master key is enabled.
|
158 | *
|
159 | * This property cannot be set if `serverSideEncryption` is set.
|
160 | *
|
161 | * > **NOTE**: if you set this to `CUSTOMER_MANAGED` and `encryptionKey` is not
|
162 | * > specified, the key that the Tablet generates for you will be created with
|
163 | * > default permissions. If you are using CDKv2, these permissions will be
|
164 | * > sufficient to enable the key for use with DynamoDB tables. If you are
|
165 | * > using CDKv1, make sure the feature flag
|
166 | * > `@aws-cdk/aws-kms:defaultKeyPolicies` is set to `true` in your `cdk.json`.
|
167 | *
|
168 | * @default - server-side encryption is enabled with an AWS owned customer master key
|
169 | */
|
170 | readonly encryption?: TableEncryption;
|
171 | /**
|
172 | * External KMS key to use for table encryption.
|
173 | *
|
174 | * This property can only be set if `encryption` is set to `TableEncryption.CUSTOMER_MANAGED`.
|
175 | *
|
176 | * @default - If `encryption` is set to `TableEncryption.CUSTOMER_MANAGED` and this
|
177 | * property is undefined, a new KMS key will be created and associated with this table.
|
178 | */
|
179 | readonly encryptionKey?: kms.IKey;
|
180 | /**
|
181 | * The name of TTL attribute.
|
182 | * @default - TTL is disabled
|
183 | */
|
184 | readonly timeToLiveAttribute?: string;
|
185 | /**
|
186 | * When an item in the table is modified, StreamViewType determines what information
|
187 | * is written to the stream for this table.
|
188 | *
|
189 | * @default - streams are disabled unless `replicationRegions` is specified
|
190 | */
|
191 | readonly stream?: StreamViewType;
|
192 | /**
|
193 | * The removal policy to apply to the DynamoDB Table.
|
194 | *
|
195 | * @default RemovalPolicy.RETAIN
|
196 | */
|
197 | readonly removalPolicy?: RemovalPolicy;
|
198 | /**
|
199 | * Regions where replica tables will be created
|
200 | *
|
201 | * @default - no replica tables are created
|
202 | */
|
203 | readonly replicationRegions?: string[];
|
204 | /**
|
205 | * The timeout for a table replication operation in a single region.
|
206 | *
|
207 | * @default Duration.minutes(30)
|
208 | */
|
209 | readonly replicationTimeout?: Duration;
|
210 | /**
|
211 | * Indicates whether CloudFormation stack waits for replication to finish.
|
212 | * If set to false, the CloudFormation resource will mark the resource as
|
213 | * created and replication will be completed asynchronously. This property is
|
214 | * ignored if replicationRegions property is not set.
|
215 | *
|
216 | * DO NOT UNSET this property if adding/removing multiple replicationRegions
|
217 | * in one deployment, as CloudFormation only supports one region replication
|
218 | * at a time. CDK overcomes this limitation by waiting for replication to
|
219 | * finish before starting new replicationRegion.
|
220 | *
|
221 | * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-globaltable.html#cfn-dynamodb-globaltable-replicas
|
222 | * @default true
|
223 | */
|
224 | readonly waitForReplicationToFinish?: boolean;
|
225 | /**
|
226 | * Whether CloudWatch contributor insights is enabled.
|
227 | *
|
228 | * @default false
|
229 | */
|
230 | readonly contributorInsightsEnabled?: boolean;
|
231 | }
|
232 | /**
|
233 | * Properties for a DynamoDB Table
|
234 | */
|
235 | export interface TableProps extends TableOptions {
|
236 | /**
|
237 | * Enforces a particular physical table name.
|
238 | * @default <generated>
|
239 | */
|
240 | readonly tableName?: string;
|
241 | /**
|
242 | * Kinesis Data Stream to capture item-level changes for the table.
|
243 | *
|
244 | * @default - no Kinesis Data Stream
|
245 | */
|
246 | readonly kinesisStream?: kinesis.IStream;
|
247 | }
|
248 | /**
|
249 | * Properties for a secondary index
|
250 | */
|
251 | export interface SecondaryIndexProps {
|
252 | /**
|
253 | * The name of the secondary index.
|
254 | */
|
255 | readonly indexName: string;
|
256 | /**
|
257 | * The set of attributes that are projected into the secondary index.
|
258 | * @default ALL
|
259 | */
|
260 | readonly projectionType?: ProjectionType;
|
261 | /**
|
262 | * The non-key attributes that are projected into the secondary index.
|
263 | * @default - No additional attributes
|
264 | */
|
265 | readonly nonKeyAttributes?: string[];
|
266 | }
|
267 | /**
|
268 | * Properties for a global secondary index
|
269 | */
|
270 | export interface GlobalSecondaryIndexProps extends SecondaryIndexProps, SchemaOptions {
|
271 | /**
|
272 | * The read capacity for the global secondary index.
|
273 | *
|
274 | * Can only be provided if table billingMode is Provisioned or undefined.
|
275 | *
|
276 | * @default 5
|
277 | */
|
278 | readonly readCapacity?: number;
|
279 | /**
|
280 | * The write capacity for the global secondary index.
|
281 | *
|
282 | * Can only be provided if table billingMode is Provisioned or undefined.
|
283 | *
|
284 | * @default 5
|
285 | */
|
286 | readonly writeCapacity?: number;
|
287 | }
|
288 | /**
|
289 | * Properties for a local secondary index
|
290 | */
|
291 | export interface LocalSecondaryIndexProps extends SecondaryIndexProps {
|
292 | /**
|
293 | * The attribute of a sort key for the local secondary index.
|
294 | */
|
295 | readonly sortKey: Attribute;
|
296 | }
|
297 | /**
|
298 | * An interface that represents a DynamoDB Table - either created with the CDK, or an existing one.
|
299 | */
|
300 | export interface ITable extends IResource {
|
301 | /**
|
302 | * Arn of the dynamodb table.
|
303 | *
|
304 | * @attribute
|
305 | */
|
306 | readonly tableArn: string;
|
307 | /**
|
308 | * Table name of the dynamodb table.
|
309 | *
|
310 | * @attribute
|
311 | */
|
312 | readonly tableName: string;
|
313 | /**
|
314 | * ARN of the table's stream, if there is one.
|
315 | *
|
316 | * @attribute
|
317 | */
|
318 | readonly tableStreamArn?: string;
|
319 | /**
|
320 | *
|
321 | * Optional KMS encryption key associated with this table.
|
322 | */
|
323 | readonly encryptionKey?: kms.IKey;
|
324 | /**
|
325 | * Adds an IAM policy statement associated with this table to an IAM
|
326 | * principal's policy.
|
327 | *
|
328 | * If `encryptionKey` is present, appropriate grants to the key needs to be added
|
329 | * separately using the `table.encryptionKey.grant*` methods.
|
330 | *
|
331 | * @param grantee The principal (no-op if undefined)
|
332 | * @param actions The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...)
|
333 | */
|
334 | grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
335 | /**
|
336 | * Adds an IAM policy statement associated with this table's stream to an
|
337 | * IAM principal's policy.
|
338 | *
|
339 | * If `encryptionKey` is present, appropriate grants to the key needs to be added
|
340 | * separately using the `table.encryptionKey.grant*` methods.
|
341 | *
|
342 | * @param grantee The principal (no-op if undefined)
|
343 | * @param actions The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...)
|
344 | */
|
345 | grantStream(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
346 | /**
|
347 | * Permits an IAM principal all data read operations from this table:
|
348 | * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan.
|
349 | *
|
350 | * Appropriate grants will also be added to the customer-managed KMS key
|
351 | * if one was configured.
|
352 | *
|
353 | * @param grantee The principal to grant access to
|
354 | */
|
355 | grantReadData(grantee: iam.IGrantable): iam.Grant;
|
356 | /**
|
357 | * Permits an IAM Principal to list streams attached to current dynamodb table.
|
358 | *
|
359 | * @param grantee The principal (no-op if undefined)
|
360 | */
|
361 | grantTableListStreams(grantee: iam.IGrantable): iam.Grant;
|
362 | /**
|
363 | * Permits an IAM principal all stream data read operations for this
|
364 | * table's stream:
|
365 | * DescribeStream, GetRecords, GetShardIterator, ListStreams.
|
366 | *
|
367 | * Appropriate grants will also be added to the customer-managed KMS key
|
368 | * if one was configured.
|
369 | *
|
370 | * @param grantee The principal to grant access to
|
371 | */
|
372 | grantStreamRead(grantee: iam.IGrantable): iam.Grant;
|
373 | /**
|
374 | * Permits an IAM principal all data write operations to this table:
|
375 | * BatchWriteItem, PutItem, UpdateItem, DeleteItem.
|
376 | *
|
377 | * Appropriate grants will also be added to the customer-managed KMS key
|
378 | * if one was configured.
|
379 | *
|
380 | * @param grantee The principal to grant access to
|
381 | */
|
382 | grantWriteData(grantee: iam.IGrantable): iam.Grant;
|
383 | /**
|
384 | * Permits an IAM principal to all data read/write operations to this table.
|
385 | * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan,
|
386 | * BatchWriteItem, PutItem, UpdateItem, DeleteItem
|
387 | *
|
388 | * Appropriate grants will also be added to the customer-managed KMS key
|
389 | * if one was configured.
|
390 | *
|
391 | * @param grantee The principal to grant access to
|
392 | */
|
393 | grantReadWriteData(grantee: iam.IGrantable): iam.Grant;
|
394 | /**
|
395 | * Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
|
396 | *
|
397 | * Appropriate grants will also be added to the customer-managed KMS key
|
398 | * if one was configured.
|
399 | *
|
400 | * @param grantee The principal to grant access to
|
401 | */
|
402 | grantFullAccess(grantee: iam.IGrantable): iam.Grant;
|
403 | /**
|
404 | * Metric for the number of Errors executing all Lambdas
|
405 | */
|
406 | metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
407 | /**
|
408 | * Metric for the consumed read capacity units
|
409 | *
|
410 | * @param props properties of a metric
|
411 | */
|
412 | metricConsumedReadCapacityUnits(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
413 | /**
|
414 | * Metric for the consumed write capacity units
|
415 | *
|
416 | * @param props properties of a metric
|
417 | */
|
418 | metricConsumedWriteCapacityUnits(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
419 | /**
|
420 | * Metric for the system errors
|
421 | *
|
422 | * @param props properties of a metric
|
423 | *
|
424 | * @deprecated use `metricSystemErrorsForOperations`
|
425 | */
|
426 | metricSystemErrors(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
427 | /**
|
428 | * Metric for the system errors this table
|
429 | *
|
430 | * @param props properties of a metric
|
431 | *
|
432 | */
|
433 | metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): cloudwatch.IMetric;
|
434 | /**
|
435 | * Metric for the user errors
|
436 | *
|
437 | * @param props properties of a metric
|
438 | */
|
439 | metricUserErrors(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
440 | /**
|
441 | * Metric for the conditional check failed requests
|
442 | *
|
443 | * @param props properties of a metric
|
444 | */
|
445 | metricConditionalCheckFailedRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
446 | /**
|
447 | * Metric for throttled requests
|
448 | *
|
449 | * @param props properties of a metric
|
450 | *
|
451 | */
|
452 | metricThrottledRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
453 | /**
|
454 | * Metric for the successful request latency
|
455 | *
|
456 | * @param props properties of a metric
|
457 | *
|
458 | */
|
459 | metricSuccessfulRequestLatency(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
460 | }
|
461 | /**
|
462 | * Reference to a dynamodb table.
|
463 | */
|
464 | export interface TableAttributes {
|
465 | /**
|
466 | * The ARN of the dynamodb table.
|
467 | * One of this, or {@link tableName}, is required.
|
468 | *
|
469 | * @default - no table arn
|
470 | */
|
471 | readonly tableArn?: string;
|
472 | /**
|
473 | * The table name of the dynamodb table.
|
474 | * One of this, or {@link tableArn}, is required.
|
475 | *
|
476 | * @default - no table name
|
477 | */
|
478 | readonly tableName?: string;
|
479 | /**
|
480 | * The ARN of the table's stream.
|
481 | *
|
482 | * @default - no table stream
|
483 | */
|
484 | readonly tableStreamArn?: string;
|
485 | /**
|
486 | * KMS encryption key, if this table uses a customer-managed encryption key.
|
487 | *
|
488 | * @default - no key
|
489 | */
|
490 | readonly encryptionKey?: kms.IKey;
|
491 | /**
|
492 | * The name of the global indexes set for this Table.
|
493 | * Note that you need to set either this property,
|
494 | * or {@link localIndexes},
|
495 | * if you want methods like grantReadData()
|
496 | * to grant permissions for indexes as well as the table itself.
|
497 | *
|
498 | * @default - no global indexes
|
499 | */
|
500 | readonly globalIndexes?: string[];
|
501 | /**
|
502 | * The name of the local indexes set for this Table.
|
503 | * Note that you need to set either this property,
|
504 | * or {@link globalIndexes},
|
505 | * if you want methods like grantReadData()
|
506 | * to grant permissions for indexes as well as the table itself.
|
507 | *
|
508 | * @default - no local indexes
|
509 | */
|
510 | readonly localIndexes?: string[];
|
511 | }
|
512 | declare abstract class TableBase extends Resource implements ITable {
|
513 | /**
|
514 | * @attribute
|
515 | */
|
516 | abstract readonly tableArn: string;
|
517 | /**
|
518 | * @attribute
|
519 | */
|
520 | abstract readonly tableName: string;
|
521 | /**
|
522 | * @attribute
|
523 | */
|
524 | abstract readonly tableStreamArn?: string;
|
525 | /**
|
526 | * KMS encryption key, if this table uses a customer-managed encryption key.
|
527 | */
|
528 | abstract readonly encryptionKey?: kms.IKey;
|
529 | protected readonly regionalArns: string[];
|
530 | /**
|
531 | * Adds an IAM policy statement associated with this table to an IAM
|
532 | * principal's policy.
|
533 | *
|
534 | * If `encryptionKey` is present, appropriate grants to the key needs to be added
|
535 | * separately using the `table.encryptionKey.grant*` methods.
|
536 | *
|
537 | * @param grantee The principal (no-op if undefined)
|
538 | * @param actions The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...)
|
539 | */
|
540 | grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
541 | /**
|
542 | * Adds an IAM policy statement associated with this table's stream to an
|
543 | * IAM principal's policy.
|
544 | *
|
545 | * If `encryptionKey` is present, appropriate grants to the key needs to be added
|
546 | * separately using the `table.encryptionKey.grant*` methods.
|
547 | *
|
548 | * @param grantee The principal (no-op if undefined)
|
549 | * @param actions The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...)
|
550 | */
|
551 | grantStream(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
552 | /**
|
553 | * Permits an IAM principal all data read operations from this table:
|
554 | * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
|
555 | *
|
556 | * Appropriate grants will also be added to the customer-managed KMS key
|
557 | * if one was configured.
|
558 | *
|
559 | * @param grantee The principal to grant access to
|
560 | */
|
561 | grantReadData(grantee: iam.IGrantable): iam.Grant;
|
562 | /**
|
563 | * Permits an IAM Principal to list streams attached to current dynamodb table.
|
564 | *
|
565 | * @param grantee The principal (no-op if undefined)
|
566 | */
|
567 | grantTableListStreams(grantee: iam.IGrantable): iam.Grant;
|
568 | /**
|
569 | * Permits an IAM principal all stream data read operations for this
|
570 | * table's stream:
|
571 | * DescribeStream, GetRecords, GetShardIterator, ListStreams.
|
572 | *
|
573 | * Appropriate grants will also be added to the customer-managed KMS key
|
574 | * if one was configured.
|
575 | *
|
576 | * @param grantee The principal to grant access to
|
577 | */
|
578 | grantStreamRead(grantee: iam.IGrantable): iam.Grant;
|
579 | /**
|
580 | * Permits an IAM principal all data write operations to this table:
|
581 | * BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
|
582 | *
|
583 | * Appropriate grants will also be added to the customer-managed KMS key
|
584 | * if one was configured.
|
585 | *
|
586 | * @param grantee The principal to grant access to
|
587 | */
|
588 | grantWriteData(grantee: iam.IGrantable): iam.Grant;
|
589 | /**
|
590 | * Permits an IAM principal to all data read/write operations to this table.
|
591 | * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan,
|
592 | * BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable
|
593 | *
|
594 | * Appropriate grants will also be added to the customer-managed KMS key
|
595 | * if one was configured.
|
596 | *
|
597 | * @param grantee The principal to grant access to
|
598 | */
|
599 | grantReadWriteData(grantee: iam.IGrantable): iam.Grant;
|
600 | /**
|
601 | * Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
|
602 | *
|
603 | * Appropriate grants will also be added to the customer-managed KMS key
|
604 | * if one was configured.
|
605 | *
|
606 | * @param grantee The principal to grant access to
|
607 | */
|
608 | grantFullAccess(grantee: iam.IGrantable): iam.Grant;
|
609 | /**
|
610 | * Return the given named metric for this Table
|
611 | *
|
612 | * By default, the metric will be calculated as a sum over a period of 5 minutes.
|
613 | * You can customize this by using the `statistic` and `period` properties.
|
614 | */
|
615 | metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
616 | /**
|
617 | * Metric for the consumed read capacity units this table
|
618 | *
|
619 | * By default, the metric will be calculated as a sum over a period of 5 minutes.
|
620 | * You can customize this by using the `statistic` and `period` properties.
|
621 | */
|
622 | metricConsumedReadCapacityUnits(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
623 | /**
|
624 | * Metric for the consumed write capacity units this table
|
625 | *
|
626 | * By default, the metric will be calculated as a sum over a period of 5 minutes.
|
627 | * You can customize this by using the `statistic` and `period` properties.
|
628 | */
|
629 | metricConsumedWriteCapacityUnits(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
630 | /**
|
631 | * Metric for the system errors this table
|
632 | *
|
633 | * @deprecated use `metricSystemErrorsForOperations`.
|
634 | */
|
635 | metricSystemErrors(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
636 | /**
|
637 | * Metric for the user errors. Note that this metric reports user errors across all
|
638 | * the tables in the account and region the table resides in.
|
639 | *
|
640 | * By default, the metric will be calculated as a sum over a period of 5 minutes.
|
641 | * You can customize this by using the `statistic` and `period` properties.
|
642 | */
|
643 | metricUserErrors(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
644 | /**
|
645 | * Metric for the conditional check failed requests this table
|
646 | *
|
647 | * By default, the metric will be calculated as a sum over a period of 5 minutes.
|
648 | * You can customize this by using the `statistic` and `period` properties.
|
649 | */
|
650 | metricConditionalCheckFailedRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
651 | /**
|
652 | * How many requests are throttled on this table
|
653 | *
|
654 | * Default: sum over 5 minutes
|
655 | *
|
656 | * @deprecated Do not use this function. It returns an invalid metric. Use `metricThrottledRequestsForOperation` instead.
|
657 | */
|
658 | metricThrottledRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
659 | /**
|
660 | * How many requests are throttled on this table, for the given operation
|
661 | *
|
662 | * Default: sum over 5 minutes
|
663 | */
|
664 | metricThrottledRequestsForOperation(operation: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
665 | /**
|
666 | * Metric for the successful request latency this table.
|
667 | *
|
668 | * By default, the metric will be calculated as an average over a period of 5 minutes.
|
669 | * You can customize this by using the `statistic` and `period` properties.
|
670 | */
|
671 | metricSuccessfulRequestLatency(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
|
672 | /**
|
673 | * Metric for the system errors this table.
|
674 | *
|
675 | * This will sum errors across all possible operations.
|
676 | * Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes.
|
677 | * You can customize this by using the `statistic` and `period` properties.
|
678 | */
|
679 | metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): cloudwatch.IMetric;
|
680 | /**
|
681 | * Create a map of metrics that can be used in a math expression.
|
682 | *
|
683 | * Using the return value of this function as the `usingMetrics` property in `cloudwatch.MathExpression` allows you to
|
684 | * use the keys of this map as metric names inside you expression.
|
685 | *
|
686 | * @param metricName The metric name.
|
687 | * @param operations The list of operations to create metrics for.
|
688 | * @param props Properties for the individual metrics.
|
689 | * @param metricNameMapper Mapper function to allow controlling the individual metric name per operation.
|
690 | */
|
691 | private createMetricsForOperations;
|
692 | protected abstract get hasIndex(): boolean;
|
693 | /**
|
694 | * Adds an IAM policy statement associated with this table to an IAM
|
695 | * principal's policy.
|
696 | * @param grantee The principal (no-op if undefined)
|
697 | * @param opts Options for keyActions, tableActions and streamActions
|
698 | */
|
699 | private combinedGrant;
|
700 | private cannedMetric;
|
701 | }
|
702 | /**
|
703 | * Provides a DynamoDB table.
|
704 | */
|
705 | export declare class Table extends TableBase {
|
706 | /**
|
707 | * Permits an IAM Principal to list all DynamoDB Streams.
|
708 | * @deprecated Use {@link #grantTableListStreams} for more granular permission
|
709 | * @param grantee The principal (no-op if undefined)
|
710 | */
|
711 | static grantListStreams(grantee: iam.IGrantable): iam.Grant;
|
712 | /**
|
713 | * Creates a Table construct that represents an external table via table name.
|
714 | *
|
715 | * @param scope The parent creating construct (usually `this`).
|
716 | * @param id The construct's name.
|
717 | * @param tableName The table's name.
|
718 | */
|
719 | static fromTableName(scope: Construct, id: string, tableName: string): ITable;
|
720 | /**
|
721 | * Creates a Table construct that represents an external table via table arn.
|
722 | *
|
723 | * @param scope The parent creating construct (usually `this`).
|
724 | * @param id The construct's name.
|
725 | * @param tableArn The table's ARN.
|
726 | */
|
727 | static fromTableArn(scope: Construct, id: string, tableArn: string): ITable;
|
728 | /**
|
729 | * Creates a Table construct that represents an external table.
|
730 | *
|
731 | * @param scope The parent creating construct (usually `this`).
|
732 | * @param id The construct's name.
|
733 | * @param attrs A `TableAttributes` object.
|
734 | */
|
735 | static fromTableAttributes(scope: Construct, id: string, attrs: TableAttributes): ITable;
|
736 | readonly encryptionKey?: kms.IKey;
|
737 | /**
|
738 | * @attribute
|
739 | */
|
740 | readonly tableArn: string;
|
741 | /**
|
742 | * @attribute
|
743 | */
|
744 | readonly tableName: string;
|
745 | /**
|
746 | * @attribute
|
747 | */
|
748 | readonly tableStreamArn: string | undefined;
|
749 | private readonly table;
|
750 | private readonly keySchema;
|
751 | private readonly attributeDefinitions;
|
752 | private readonly globalSecondaryIndexes;
|
753 | private readonly localSecondaryIndexes;
|
754 | private readonly secondaryIndexSchemas;
|
755 | private readonly nonKeyAttributes;
|
756 | private readonly tablePartitionKey;
|
757 | private readonly tableSortKey?;
|
758 | private readonly billingMode;
|
759 | private readonly tableScaling;
|
760 | private readonly indexScaling;
|
761 | private readonly scalingRole;
|
762 | private readonly globalReplicaCustomResources;
|
763 | constructor(scope: Construct, id: string, props: TableProps);
|
764 | /**
|
765 | * Add a global secondary index of table.
|
766 | *
|
767 | * @param props the property of global secondary index
|
768 | */
|
769 | addGlobalSecondaryIndex(props: GlobalSecondaryIndexProps): void;
|
770 | /**
|
771 | * Add a local secondary index of table.
|
772 | *
|
773 | * @param props the property of local secondary index
|
774 | */
|
775 | addLocalSecondaryIndex(props: LocalSecondaryIndexProps): void;
|
776 | /**
|
777 | * Enable read capacity scaling for this table
|
778 | *
|
779 | * @returns An object to configure additional AutoScaling settings
|
780 | */
|
781 | autoScaleReadCapacity(props: EnableScalingProps): IScalableTableAttribute;
|
782 | /**
|
783 | * Enable write capacity scaling for this table
|
784 | *
|
785 | * @returns An object to configure additional AutoScaling settings for this attribute
|
786 | */
|
787 | autoScaleWriteCapacity(props: EnableScalingProps): IScalableTableAttribute;
|
788 | /**
|
789 | * Enable read capacity scaling for the given GSI
|
790 | *
|
791 | * @returns An object to configure additional AutoScaling settings for this attribute
|
792 | */
|
793 | autoScaleGlobalSecondaryIndexReadCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute;
|
794 | /**
|
795 | * Enable write capacity scaling for the given GSI
|
796 | *
|
797 | * @returns An object to configure additional AutoScaling settings for this attribute
|
798 | */
|
799 | autoScaleGlobalSecondaryIndexWriteCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute;
|
800 | /**
|
801 | * Get schema attributes of table or index.
|
802 | *
|
803 | * @returns Schema of table or index.
|
804 | */
|
805 | schema(indexName?: string): SchemaOptions;
|
806 | /**
|
807 | * Validate the table construct.
|
808 | *
|
809 | * @returns an array of validation error message
|
810 | */
|
811 | protected validate(): string[];
|
812 | /**
|
813 | * Validate read and write capacity are not specified for on-demand tables (billing mode PAY_PER_REQUEST).
|
814 | *
|
815 | * @param props read and write capacity properties
|
816 | */
|
817 | private validateProvisioning;
|
818 | /**
|
819 | * Validate index name to check if a duplicate name already exists.
|
820 | *
|
821 | * @param indexName a name of global or local secondary index
|
822 | */
|
823 | private validateIndexName;
|
824 | /**
|
825 | * Validate non-key attributes by checking limits within secondary index, which may vary in future.
|
826 | *
|
827 | * @param nonKeyAttributes a list of non-key attribute names
|
828 | */
|
829 | private validateNonKeyAttributes;
|
830 | private buildIndexKeySchema;
|
831 | private buildIndexProjection;
|
832 | private findKey;
|
833 | private addKey;
|
834 | /**
|
835 | * Register the key attribute of table or secondary index to assemble attribute definitions of TableResourceProps.
|
836 | *
|
837 | * @param attribute the key attribute of table or secondary index
|
838 | */
|
839 | private registerAttribute;
|
840 | /**
|
841 | * Return the role that will be used for AutoScaling
|
842 | */
|
843 | private makeScalingRole;
|
844 | /**
|
845 | * Creates replica tables
|
846 | *
|
847 | * @param regions regions where to create tables
|
848 | */
|
849 | private createReplicaTables;
|
850 | /**
|
851 | * Whether this table has indexes
|
852 | */
|
853 | protected get hasIndex(): boolean;
|
854 | /**
|
855 | * Set up key properties and return the Table encryption property from the
|
856 | * user's configuration.
|
857 | */
|
858 | private parseEncryption;
|
859 | }
|
860 | /**
|
861 | * Data types for attributes within a table
|
862 | *
|
863 | * @see https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.NamingRulesDataTypes.html#HowItWorks.DataTypes
|
864 | */
|
865 | export declare enum AttributeType {
|
866 | /** Up to 400KiB of binary data (which must be encoded as base64 before sending to DynamoDB) */
|
867 | BINARY = "B",
|
868 | /** Numeric values made of up to 38 digits (positive, negative or zero) */
|
869 | NUMBER = "N",
|
870 | /** Up to 400KiB of UTF-8 encoded text */
|
871 | STRING = "S"
|
872 | }
|
873 | /**
|
874 | * DynamoDB's Read/Write capacity modes.
|
875 | */
|
876 | export declare enum BillingMode {
|
877 | /**
|
878 | * Pay only for what you use. You don't configure Read/Write capacity units.
|
879 | */
|
880 | PAY_PER_REQUEST = "PAY_PER_REQUEST",
|
881 | /**
|
882 | * Explicitly specified Read/Write capacity units.
|
883 | */
|
884 | PROVISIONED = "PROVISIONED"
|
885 | }
|
886 | /**
|
887 | * The set of attributes that are projected into the index
|
888 | *
|
889 | * @see https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_Projection.html
|
890 | */
|
891 | export declare enum ProjectionType {
|
892 | /** Only the index and primary keys are projected into the index. */
|
893 | KEYS_ONLY = "KEYS_ONLY",
|
894 | /** Only the specified table attributes are projected into the index. The list of projected attributes is in `nonKeyAttributes`. */
|
895 | INCLUDE = "INCLUDE",
|
896 | /** All of the table attributes are projected into the index. */
|
897 | ALL = "ALL"
|
898 | }
|
899 | /**
|
900 | * When an item in the table is modified, StreamViewType determines what information
|
901 | * is written to the stream for this table.
|
902 | *
|
903 | * @see https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_StreamSpecification.html
|
904 | */
|
905 | export declare enum StreamViewType {
|
906 | /** The entire item, as it appears after it was modified, is written to the stream. */
|
907 | NEW_IMAGE = "NEW_IMAGE",
|
908 | /** The entire item, as it appeared before it was modified, is written to the stream. */
|
909 | OLD_IMAGE = "OLD_IMAGE",
|
910 | /** Both the new and the old item images of the item are written to the stream. */
|
911 | NEW_AND_OLD_IMAGES = "NEW_AND_OLD_IMAGES",
|
912 | /** Only the key attributes of the modified item are written to the stream. */
|
913 | KEYS_ONLY = "KEYS_ONLY"
|
914 | }
|
915 | /**
|
916 | * DynamoDB's table class.
|
917 | *
|
918 | * @see https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.TableClasses.html
|
919 | */
|
920 | export declare enum TableClass {
|
921 | /** Default table class for DynamoDB. */
|
922 | STANDARD = "STANDARD",
|
923 | /** Table class for DynamoDB that reduces storage costs compared to existing DynamoDB Standard tables. */
|
924 | STANDARD_INFREQUENT_ACCESS = "STANDARD_INFREQUENT_ACCESS"
|
925 | }
|
926 | export {};
|