class TableV2MultiAccountReplica (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.DynamoDB.TableV2MultiAccountReplica |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsdynamodb#TableV2MultiAccountReplica |
 Java | software.amazon.awscdk.services.dynamodb.TableV2MultiAccountReplica |
 Python | aws_cdk.aws_dynamodb.TableV2MultiAccountReplica |
 TypeScript (source) | aws-cdk-lib » aws_dynamodb » TableV2MultiAccountReplica |
Implements
IConstruct, IDependable, IResource, IEnvironment, ITable, ITable, ITable, IResource, IResource
A nulti-account replica of a DynamoDB table.
This construct represents a replica table in a different AWS account from the source table. It inherits the schema (partition key, sort key, and indexes) from the source table.
Permissions on the replica side are automatically configured. You must manually add
permissions to the source table using sourceTable.grants.nultiAccountReplicationTo(replica.tableArn).
Example
import * as cdk from 'aws-cdk-lib';
const app = new cdk.App();
// Source table in Account A
const sourceStack = new cdk.Stack(app, 'SourceStack', {
env: { region: 'us-east-2', account: '111111111111' },
});
const sourceTable = new dynamodb.TableV2(sourceStack, 'SourceTable', {
tableName: 'MyMultiAccountTable',
partitionKey: { name: 'pk', type: dynamodb.AttributeType.STRING },
globalTableSettingsReplicationMode: dynamodb.GlobalTableSettingsReplicationMode.ALL,
});
// Replica stack in Account B
const replicaStack = new cdk.Stack(app, 'ReplicaStack', {
env: { region: 'us-east-1', account: '222222222222' },
});
// Create replica - permissions are automatically configured
const replica = new dynamodb.TableV2MultiAccountReplica(replicaStack, 'ReplicaTable', {
tableName: 'MyMultiAccountTable',
replicaSourceTable: sourceTable,
globalTableSettingsReplicationMode: dynamodb.GlobalTableSettingsReplicationMode.ALL,
});
Initializer
new TableV2MultiAccountReplica(scope: Construct, id: string, props?: TableV2MultiAccountReplicaProps)
Parameters
- scope
Construct - id
string - props
TableV2 Multi Account Replica Props
Construct Props
| Name | Type | Description |
|---|---|---|
| contributor | boolean | Whether CloudWatch contributor insights is enabled. |
| contributor | Contributor | Whether CloudWatch contributor insights is enabled and what mode is selected. |
| deletion | boolean | Whether deletion protection is enabled. |
| encryption? | Table | The server-side encryption configuration for the replica table. |
| global | Global | Controls whether table settings are synchronized across replicas. |
| grant | boolean | Whether or not to grant permissions for all indexes of the table. |
| kinesis | IStream | Kinesis Data Stream to capture item level changes. |
| point | boolean | Whether point-in-time recovery is enabled. |
| point | Point | Whether point-in-time recovery is enabled and recoveryPeriodInDays is set. |
| removal | Removal | The removal policy applied to the table. |
| replica | ITable | The source table to replicate from. |
| resource | Policy | Resource policy to assign to DynamoDB Table. |
| table | Table | The table class. |
| table | string | Enforces a particular physical table name. |
| tags? | Cfn[] | Tags to be applied to the primary table (default replica table). |
contributorInsights?
⚠️ Deprecated: use contributorInsightsSpecification instead
Type:
boolean
(optional, default: false)
Whether CloudWatch contributor insights is enabled.
contributorInsightsSpecification?
Type:
Contributor
(optional, default: contributor insights is not enabled)
Whether CloudWatch contributor insights is enabled and what mode is selected.
deletionProtection?
Type:
boolean
(optional, default: false)
Whether deletion protection is enabled.
encryption?
Type:
Table
(optional, default: TableEncryptionV2.dynamoOwnedKey())
The server-side encryption configuration for the replica table.
Note: Each replica manages its own encryption independently. This is not synchronized across replicas.
globalTableSettingsReplicationMode?
Type:
Global
(optional, default: GlobalTableSettingsReplicationMode.ALL)
Controls whether table settings are synchronized across replicas.
When set to ALL, synchronizable settings (billing mode, throughput, TTL, streams view type, GSIs) are automatically replicated across all replicas. When set to NONE, each replica manages its own settings independently (billing mode must be PAY_PER_REQUEST).
Note: Some settings are always synchronized (key schema, LSIs) regardless of this setting, and some are never synchronized (table class, SSE, deletion protection, PITR, tags, resource policy).
grantIndexPermissions?
Type:
boolean
(optional, default: false)
Whether or not to grant permissions for all indexes of the table.
Note: If false, permissions will only be granted to indexes when globalIndexes is specified.
kinesisStream?
Type:
IStream
(optional, default: no Kinesis Data Stream)
Kinesis Data Stream to capture item level changes.
pointInTimeRecovery?
⚠️ Deprecated: use pointInTimeRecoverySpecification instead
Type:
boolean
(optional, default: false - point in time recovery is not enabled.)
Whether point-in-time recovery is enabled.
pointInTimeRecoverySpecification?
Type:
Point
(optional, default: point in time recovery is not enabled.)
Whether point-in-time recovery is enabled and recoveryPeriodInDays is set.
removalPolicy?
Type:
Removal
(optional, default: RemovalPolicy.RETAIN)
The removal policy applied to the table.
replicaSourceTable?
Type:
ITable
(optional, default: must be provided)
The source table to replicate from.
[disable-awslint:prefer-ref-interface]
resourcePolicy?
Type:
Policy
(optional, default: No resource policy statements are added to the created table.)
Resource policy to assign to DynamoDB Table.
tableClass?
Type:
Table
(optional, default: TableClass.STANDARD)
The table class.
tableName?
Type:
string
(optional, default: generated by CloudFormation)
Enforces a particular physical table name.
tags?
Type:
Cfn[]
(optional, default: no tags)
Tags to be applied to the primary table (default replica table).
Properties
| Name | Type | Description |
|---|---|---|
| env | Resource | The environment this resource belongs to. |
| grants | Table | Grants for this table. |
| has | boolean | |
| node | Node | The tree node. |
| region | string | |
| stack | Stack | The stack in which this resource is defined. |
| table | string | The ARN of the table. |
| table | string | The name of the table. |
| table | Table | A reference to this table. |
| encryption | IKey | The KMS encryption key for the table. |
| resource | Policy | The resource policy for the table. |
| table | string | The ID of the table. |
| table | string | The stream ARN of the table. |
| static PROPERTY_INJECTION_ID | string | Uniquely identifies this class. |
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
grants
Type:
Table
Grants for this table.
hasIndex
Type:
boolean
node
Type:
Node
The tree node.
region
Type:
string
stack
Type:
Stack
The stack in which this resource is defined.
tableArn
Type:
string
The ARN of the table.
tableName
Type:
string
The name of the table.
tableRef
Type:
Table
A reference to this table.
encryptionKey?
Type:
IKey
(optional)
The KMS encryption key for the table.
resourcePolicy?
Type:
Policy
(optional)
The resource policy for the table.
tableId?
Type:
string
(optional)
The ID of the table.
tableStreamArn?
Type:
string
(optional)
The stream ARN of the table.
static PROPERTY_INJECTION_ID
Type:
string
Uniquely identifies this class.
Methods
| Name | Description |
|---|---|
| add | Adds a statement to the resource policy associated with this table. |
| apply | Apply the given removal policy to this resource. |
| grant(grantee, ...actions) | Adds an IAM policy statement associated with this table to an IAM principal's policy. |
| grant | Permits an IAM principal to all DynamoDB operations ('dynamodb:*') on this table. |
| grant | Grants permissions on the table's encryption key. |
| grant | Permits an IAM principal all data read operations on this table. |
| grant | Permits an IAM principal to all data read/write operations on this table. |
| grant | Adds an IAM policy statement associated with this table to an IAM principal's policy. |
| grant | Adds an IAM policy statement associated with this table to an IAM principal's policy. |
| grant | Permits an IAM principal to list streams attached to this table. |
| grant | Permits an IAM principal all data write operations on this table. |
| metric(metricName, props?) | Return the given named metric for this table. |
| metric | Metric for the conditional check failed requests for this table. |
| metric | Metric for the consumed read capacity units for this table. |
| metric | Metric for the consumed write capacity units for this table. |
| metric | Metric for the successful request latency for this table. |
| metric | Metric for the system errors this table. |
| metric | Metric for the system errors for this table. This will sum errors across all possible operations. |
| metric | How many requests are throttled on this table. |
| metric | How many requests are throttled on this table for the given operation. |
| metric | How many requests are throttled on this table. This will sum errors across all possible operations. |
| metric | Metric for the user errors for this table. |
| to | Returns a string representation of this construct. |
| with(...mixins) | Applies one or more mixins to this construct. |
addToResourcePolicy(statement)
public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult
Parameters
- statement
PolicyStatement
Returns
Adds a statement to the resource policy associated with this table.
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
grant(grantee, ...actions)
public grant(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable— the principal (no-op if undefined). - actions
string— the set of actions to allow (i.e., 'dynamodb:PutItem', 'dynamodb:GetItem', etc.).
Returns
Adds an IAM policy statement associated with this table to an IAM principal's policy.
Note: If encryptionKey is present, appropriate grants to the key needs to be added
separately using the table.encryptionKey.grant* methods.
[disable-awslint:no-grants]
grantFullAccess(grantee)
public grantFullAccess(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— the principal to grant access to.
Returns
Permits an IAM principal to all DynamoDB operations ('dynamodb:*') on this table.
Note: Appropriate grants will also be added to the customer-managed KMS keys associated with this table if one was configured.
[disable-awslint:no-grants]
grantOnKey(grantee, ...actions)
public grantOnKey(grantee: IGrantable, ...actions: string[]): GrantOnKeyResult
Parameters
- grantee
IGrantable— the principal to grant access to. - actions
string— the KMS actions to grant.
Returns
Grants permissions on the table's encryption key.
grantReadData(grantee)
public grantReadData(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— the principal to grant access to.
Returns
Permits an IAM principal all data read operations on this table.
Actions: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
Note: Appropriate grants will also be added to the customer-managed KMS keys associated with this table if one was configured.
[disable-awslint:no-grants]
grantReadWriteData(grantee)
public grantReadWriteData(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— the principal to grant access to.
Returns
Permits an IAM principal to all data read/write operations on this table.
Actions: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
Note: Appropriate grants will also be added to the customer-managed KMS keys associated with this table if one was configured.
[disable-awslint:no-grants]
grantStream(grantee, ...actions)
public grantStream(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable— the principal (no-op if undefined). - actions
string— the set of actions to allow (i.e., 'dynamodb:DescribeStream', 'dynamodb:GetRecords', etc.).
Returns
Adds an IAM policy statement associated with this table to an IAM principal's policy.
Note: If encryptionKey is present, appropriate grants to the key needs to be added
separately using the table.encryptionKey.grant* methods.
[disable-awslint:no-grants]
grantStreamRead(grantee)
public grantStreamRead(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— the principal to grant access to.
Returns
Adds an IAM policy statement associated with this table to an IAM principal's policy.
Actions: DescribeStream, GetRecords, GetShardIterator, ListStreams.
Note: Appropriate grants will also be added to the customer-managed KMS keys associated with this table if one was configured.
[disable-awslint:no-grants]
grantTableListStreams(grantee)
public grantTableListStreams(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— the principal to grant access to.
Returns
Permits an IAM principal to list streams attached to this table.
[disable-awslint:no-grants]
grantWriteData(grantee)
public grantWriteData(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— the principal to grant access to.
Returns
Permits an IAM principal all data write operations on this table.
Actions: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
Note: Appropriate grants will also be added to the customer-managed KMS keys associated with this table if one was configured.
[disable-awslint:no-grants]
metric(metricName, props?)
public metric(metricName: string, props?: MetricOptions): Metric
Parameters
- metricName
string - props
MetricOptions
Returns
Return the given named metric for this table.
By default, the metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricConditionalCheckFailedRequests(props?)
public metricConditionalCheckFailedRequests(props?: MetricOptions): Metric
Parameters
- props
MetricOptions
Returns
Metric for the conditional check failed requests for this table.
By default, the metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricConsumedReadCapacityUnits(props?)
public metricConsumedReadCapacityUnits(props?: MetricOptions): Metric
Parameters
- props
MetricOptions
Returns
Metric for the consumed read capacity units for this table.
By default, the metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricConsumedWriteCapacityUnits(props?)
public metricConsumedWriteCapacityUnits(props?: MetricOptions): Metric
Parameters
- props
MetricOptions
Returns
Metric for the consumed write capacity units for this table.
By default, the metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricSuccessfulRequestLatency(props?)
public metricSuccessfulRequestLatency(props?: MetricOptions): Metric
Parameters
- props
MetricOptions
Returns
Metric for the successful request latency for this table.
By default, the metric will be calculated as an average over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricSystemErrors(props?)
public metricSystemErrors(props?: MetricOptions): Metric
⚠️ Deprecated: use metricSystemErrorsForOperations.
Parameters
- props
MetricOptions
Returns
Metric for the system errors this table.
metricSystemErrorsForOperations(props?)
public metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): IMetric
Parameters
Returns
Metric for the system errors for this table. This will sum errors across all possible operations.
By default, each individual metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricThrottledRequests(props?)
public metricThrottledRequests(props?: MetricOptions): Metric
⚠️ Deprecated: Do not use this function. It returns an invalid metric. Use metricThrottledRequestsForOperation instead.
Parameters
- props
MetricOptions
Returns
How many requests are throttled on this table.
By default, each individual metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricThrottledRequestsForOperation(operation, props?)
public metricThrottledRequestsForOperation(operation: string, props?: OperationsMetricOptions): IMetric
Parameters
- operation
string - props
OperationsMetric Options
Returns
How many requests are throttled on this table for the given operation.
By default, the metric will be calculated as an average over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricThrottledRequestsForOperations(props?)
public metricThrottledRequestsForOperations(props?: OperationsMetricOptions): IMetric
Parameters
- props
OperationsMetric Options
Returns
How many requests are throttled on this table. This will sum errors across all possible operations.
By default, each individual metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
metricUserErrors(props?)
public metricUserErrors(props?: MetricOptions): Metric
Parameters
- props
MetricOptions
Returns
Metric for the user errors for this table.
Note: This metric reports user errors across all the tables in the account and region the table resides in.
By default, the metric will be calculated as a sum over a period of 5 minutes.
You can customize this by using the statistic and period properties.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
with(...mixins)
public with(...mixins: IMixin[]): IConstruct
Parameters
- mixins
IMixin— The mixins to apply.
Returns
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.