terraform-aws-arc-dynamodb

Overview

SourceFuse AWS Arc DynamoDB Terraform module provides comprehensive configuration for AWS DynamoDB tables with support for all major features including Global Tables, autoscaling, streams, encryption, and backup management.

Features

• Flexible Billing Models: Support for both provisioned and pay-per-request billing modes
• Index Management: Complete support for Global Secondary Indexes (GSI) and Local Secondary Indexes (LSI)
• Autoscaling: Automatic capacity scaling for both table and GSI read/write operations
• Global Tables: Multi-region replication support for globally distributed applications
• Data Streams: DynamoDB Streams configuration for real-time data processing
• Advanced Security: Server-side encryption with customer-managed or AWS-managed keys
• Backup & Recovery: Point-in-time recovery and automated backup management
• Monitoring: CloudWatch contributor insights and comprehensive metrics
• Data Import: Support for importing data from S3 with multiple formats
• TTL Management: Time-to-live configuration for automatic item expiration
• Flexible Storage Classes: Support for Standard and Standard-IA storage classes

Usage

Basic Example

module "dynamodb_table" {
  source = "sourcefuse/arc-dynamodb/aws"

  table_name   = "my-application-table"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "id"

  attributes = [
    {
      name = "id"
      type = "S"
    }
  ]

  server_side_encryption_enabled = true
  point_in_time_recovery_enabled = true

  tags = {
    Environment = "production"
    Application = "my-app"
  }
}

Complete Example with All Features

module "dynamodb_table" {
  source = "sourcefuse/arc-dynamodb/aws"

  # Basic Configuration
  table_name   = "gaming-leaderboard"
  billing_mode = "PROVISIONED"
  hash_key     = "userId"
  range_key    = "timestamp"

  # Table Attributes
  attributes = [
    {
      name = "userId"
      type = "S"
    },
    {
      name = "timestamp"
      type = "N"
    },
    {
      name = "gameTitle"
      type = "S"
    },
    {
      name = "topScore"
      type = "N"
    }
  ]

  # Provisioned Capacity
  read_capacity  = 20
  write_capacity = 20

  # Autoscaling Configuration
  autoscaling_enabled = true
  autoscaling_read = {
    max_capacity = 100
    min_capacity = 5
    target_value = 70
  }
  autoscaling_write = {
    max_capacity = 100
    min_capacity = 5
    target_value = 70
  }

  # Global Secondary Indexes
  global_secondary_indexes = [
    {
      name            = "GameTitleIndex"
      hash_key        = "gameTitle"
      range_key       = "topScore"
      read_capacity   = 10
      write_capacity  = 10
      projection_type = "INCLUDE"
      non_key_attributes = ["userId"]
    }
  ]

  # Stream Configuration
  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"

  # TTL Configuration
  ttl_enabled        = true
  ttl_attribute_name = "expires"

  # Encryption
  server_side_encryption_enabled    = true
  server_side_encryption_kms_key_arn = "alias/dynamodb-key"

  # Backup and Recovery
  point_in_time_recovery_enabled = true

  # Global Tables (Multi-region)
  replica_regions = [
    {
      region_name = "us-west-2"
    },
    {
      region_name = "eu-west-1"
    }
  ]

  # Monitoring
  table_contributor_insights_enabled = true

  tags = {
    Environment = "production"
    Application = "gaming-platform"
  }
}

Serverless (Pay-per-Request) Example

module "dynamodb_table" {
  source = "sourcefuse/arc-dynamodb/aws"

  table_name   = "serverless-app-table"
  billing_mode = "PAY_PER_REQUEST"
  table_class  = "STANDARD_INFREQUENT_ACCESS"
  hash_key     = "pk"
  range_key    = "sk"

  attributes = [
    {
      name = "pk"
      type = "S"
    },
    {
      name = "sk"
      type = "S"
    },
    {
      name = "gsi1pk"
      type = "S"
    }
  ]

  global_secondary_indexes = [
    {
      name            = "GSI1"
      hash_key        = "gsi1pk"
      projection_type = "ALL"
    }
  ]

  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"

  ttl_enabled        = true
  ttl_attribute_name = "expires_at"

  server_side_encryption_enabled = true
  point_in_time_recovery_enabled = true

  tags = {
    BillingMode = "serverless"
    CostCenter  = "engineering"
  }
}

Global Tables (Pay-per-Request) Example

module "dynamodb_table" {
  source = "sourcefuse/arc-dynamodb/aws"

  table_name   = "serverless-app-table"
  billing_mode = "PAY_PER_REQUEST"
  table_class  = "STANDARD_INFREQUENT_ACCESS"
  hash_key     = "pk"
  range_key    = "sk"

  attributes = [
    {
      name = "pk"
      type = "S"
    },
    {
      name = "sk"
      type = "S"
    },
    {
      name = "gsi1pk"
      type = "S"
    }
  ]

  global_secondary_indexes = [
    {
      name            = "GSI1"
      hash_key        = "gsi1pk"
      projection_type = "ALL"
    }
  ]

  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"

  ttl_enabled        = true
  ttl_attribute_name = "expires_at"

  server_side_encryption_enabled = true
  point_in_time_recovery_enabled = true

  # Global Tables (Multi-region replication) - Works with PAY_PER_REQUEST
  replica_regions = [
    {
      region_name = "us-east-2"
    }
  ]

  tags = {
    BillingMode = "serverless"
    CostCenter  = "engineering"
  }
}

Examples

To view examples for how you can leverage this module, please see the examples directory.

Requirements

Name	Version
terraform	>= 1.5, < 2.0.0
aws	>= 5.0, < 7.0

Providers

Name	Version
aws	6.20.0

Modules

No modules.

Resources

Name	Type
aws_appautoscaling_policy.gsi_read	resource
aws_appautoscaling_policy.gsi_write	resource
aws_appautoscaling_policy.table_read	resource
aws_appautoscaling_policy.table_write	resource
aws_appautoscaling_target.gsi_read	resource
aws_appautoscaling_target.gsi_write	resource
aws_appautoscaling_target.table_read	resource
aws_appautoscaling_target.table_write	resource
aws_dynamodb_contributor_insights.gsi	resource
aws_dynamodb_contributor_insights.table	resource
aws_dynamodb_table.this	resource

Inputs

Name	Description	Type	Default	Required
attributes	List of nested attribute definitions. Only required for hash_key, range_key and indexes	list(object({ name = string type = string }))	n/a	yes
autoscaling_enabled	Whether to enable autoscaling for DynamoDB table	bool	false	no
autoscaling_read	A map of read autoscaling settings	object({ scale_in_cooldown = optional(number, 60) scale_out_cooldown = optional(number, 60) target_value = optional(number, 70) max_capacity = number min_capacity = optional(number, 1) })	null	no
autoscaling_write	A map of write autoscaling settings	object({ scale_in_cooldown = optional(number, 60) scale_out_cooldown = optional(number, 60) target_value = optional(number, 70) max_capacity = number min_capacity = optional(number, 1) })	null	no
billing_mode	Controls how you are charged for read and write throughput and how you manage capacity. The valid values are PROVISIONED and PAY_PER_REQUEST	string	"PAY_PER_REQUEST"	no
deletion_protection_enabled	Enables deletion protection for table	bool	false	no
global_secondary_indexes	Describe a GSI for the table	list(object({ name = string hash_key = string range_key = optional(string) write_capacity = optional(number) read_capacity = optional(number) projection_type = optional(string, "ALL") non_key_attributes = optional(list(string), []) }))	[]	no
gsi_autoscaling_read	A map of read autoscaling settings for GSI	map(object({ scale_in_cooldown = optional(number, 60) scale_out_cooldown = optional(number, 60) target_value = optional(number, 70) max_capacity = number min_capacity = optional(number, 1) }))	{}	no
gsi_autoscaling_write	A map of write autoscaling settings for GSI	map(object({ scale_in_cooldown = optional(number, 60) scale_out_cooldown = optional(number, 60) target_value = optional(number, 70) max_capacity = number min_capacity = optional(number, 1) }))	{}	no
gsi_contributor_insights_enabled	Whether to enable contributor insights on GSI	map(bool)	{}	no
hash_key	The attribute to use as the hash (partition) key. Must also be defined as an attribute	string	n/a	yes
import_table	Configuration for importing data into the table	object({ s3_bucket_source = object({ bucket = string bucket_owner = optional(string) key_prefix = optional(string) }) input_format = string input_format_options = optional(object({ csv = optional(object({ delimiter = optional(string, ",") header_list = optional(list(string)) })) })) input_compression_type = optional(string, "NONE") })	null	no
local_secondary_indexes	Describe a LSI on the table	list(object({ name = string range_key = string projection_type = optional(string, "ALL") non_key_attributes = optional(list(string), []) }))	[]	no
point_in_time_recovery_enabled	Whether to enable point-in-time recovery	bool	true	no
range_key	The attribute to use as the range (sort) key. Must also be defined as an attribute	string	null	no
read_capacity	The number of read units for this table. If the billing_mode is PROVISIONED, this field is required	number	null	no
replica_regions	List of regions to create replicas in for Global Tables V2	list(object({ region_name = string kms_key_arn = optional(string) propagate_tags = optional(bool, true) point_in_time_recovery_enabled = optional(bool, true) table_class = optional(string) }))	[]	no
server_side_encryption_enabled	Whether to enable server-side encryption	bool	true	no
server_side_encryption_kms_key_arn	The ARN of the CMK that should be used for the AWS KMS encryption. This attribute should only be specified if the key is different from the default DynamoDB CMK, alias/aws/dynamodb.	string	null	no
stream_enabled	Indicates whether Streams are to be enabled (true) or disabled (false)	bool	false	no
stream_view_type	When an item in the table is modified, StreamViewType determines what information is written to the table's stream	string	"NEW_AND_OLD_IMAGES"	no
table_class	Storage class of the table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS	string	"STANDARD"	no
table_contributor_insights_enabled	Whether to enable contributor insights on table	bool	false	no
table_name	Name of the DynamoDB table	string	n/a	yes
tags	A map of tags to assign to the resource	map(string)	{}	no
ttl_attribute_name	The name of the table attribute to store the TTL timestamp in	string	"ttl"	no
ttl_enabled	Indicates whether ttl is enabled	bool	false	no
write_capacity	The number of write units for this table. If the billing_mode is PROVISIONED, this field is required	number	null	no

Outputs

Name	Description
dynamodb_gsi_autoscaling_read_policy_arns	ARNs of autoscaling read policies for GSI
dynamodb_gsi_autoscaling_read_targets	Autoscaling read targets for GSI
dynamodb_gsi_autoscaling_write_policy_arns	ARNs of autoscaling write policies for GSI
dynamodb_gsi_autoscaling_write_targets	Autoscaling write targets for GSI
dynamodb_gsi_contributor_insights_status	Status of contributor insights on GSI
dynamodb_table_arn	ARN of the DynamoDB table
dynamodb_table_attributes	List of table attributes
dynamodb_table_autoscaling_read_policy_arn	ARN of autoscaling read policy for the table
dynamodb_table_autoscaling_read_target	Autoscaling read target for the table
dynamodb_table_autoscaling_write_policy_arn	ARN of autoscaling write policy for the table
dynamodb_table_autoscaling_write_target	Autoscaling write target for the table
dynamodb_table_billing_mode	Billing mode of the DynamoDB table
dynamodb_table_contributor_insights_status	Status of contributor insights on the table
dynamodb_table_global_secondary_index_names	List of global secondary index names
dynamodb_table_global_secondary_indexes	List of global secondary indexes and their attributes
dynamodb_table_hash_key	Hash key of the DynamoDB table
dynamodb_table_id	ID of the DynamoDB table
dynamodb_table_local_secondary_index_names	List of local secondary index names
dynamodb_table_local_secondary_indexes	List of local secondary indexes and their attributes
dynamodb_table_name	Name of the DynamoDB table
dynamodb_table_point_in_time_recovery	Point in time recovery configuration of the DynamoDB table
dynamodb_table_range_key	Range key of the DynamoDB table
dynamodb_table_read_capacity	Read capacity of the DynamoDB table
dynamodb_table_replicas	List of replicas of the DynamoDB table
dynamodb_table_server_side_encryption	Server side encryption configuration of the DynamoDB table
dynamodb_table_stream_arn	ARN of the DynamoDB table stream
dynamodb_table_stream_label	Timestamp, in ISO 8601 format, for this stream
dynamodb_table_stream_view_type	When an item in the table is modified, StreamViewType determines what information is written to the table's stream
dynamodb_table_table_class	Storage class of the DynamoDB table
dynamodb_table_tags	Tags of the DynamoDB table
dynamodb_table_ttl	TTL configuration of the DynamoDB table
dynamodb_table_write_capacity	Write capacity of the DynamoDB table

Development

Prerequisites

• terraform
• terraform-docs
• pre-commit
• golang
• golint

Configurations

• Configure pre-commit hooks

  pre-commit install

Versioning

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

git commit -m "your commit message #major"

By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Tests

• Tests are available in test directory
• Configure the dependencies

  cd test/
  go mod init github.com/sourcefuse/terraform-aws-arc-dynamodb
  go get github.com/gruntwork-io/terratest/modules/terraform

• Now execute the test

  go test

Authors

This project is authored by:

• SourceFuse