Add DynamoDB provisioning profile

Part ɪ: Building Serverless Api│Story 05: Add provisioning profile for DynamoDB to serverless configuration

GIT : Repo | Branch

In the previous post, we scaffolded our initial version of Serverless API, deployed its initial version to AWS and also tested it locally.

Next, we would add provisioning profile for the DynamoDB table in serverless.yml.

We would store the vocabulary words added by our app users in a DynamoDB table. For this, we want serverless to get a DynamoDB table provisioned for us when deploying the service if not already existing.

As per our naming specifications, the name of this table would be 𝚟𝚘𝚌𝚊𝚋𝚆𝚘𝚛𝚍𝚜. We would want its name to be vocabWords-dev for dev environment and vocabWords-prod for prod.

In serverless.yml, add below to hold the name of the dynamoDB table with the environment name appended to it. The current environment we are working can be read from stage option provided with the deploy command.

custom:
  wordsTable: 'vocabWords-${opt:stage}'

Above, we added a root-level property custom to serverless.yml. Under this property, we can add any custom variables we want to refer to in the file.
For now, we’ve added a variable named wordsTable that would hold the name of the dynamoDB table that our lambda functions would use to read/write data.
Note the ${opt:stage} part in the wordsTable value, this would be value of the stage argument from the command line. In the previous post, we added two scripts to package.json as below:

"scripts": {
   ...,
   "devDeploy": "serverless deploy --stage dev --region us-east-1",
   "prodDeploy": "serverless deploy --stage prod --region us-east-1"
}

When running devDeploy script, the value for—-stage argument is dev. Thus the wordsTable name in this case would be vocabWords-dev. Similarly when running prodDeploy script, wordsTable would be vocabWords-prod.

Adding IAM Role Permissions for accessing DynamoDB

Next, we’d add IAM Role permissions to serverless.yml to allow our API to perform CRUD operations to DynamoDB. Under the provider section of serverless.yml, add iamRoleStatementas below:

provider:
  name: aws
  runtime: nodejs8.10
  profile: serverless-aws-admin
  region: us-east-1
#iamRoleStatements for permissions to Lambda to access DynamoDB.
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:DescribeTable
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
        - dynamodb:Update
    Resource: "arn:aws:dynamodb:us-east-1:*:*"
  environment:
    WORDS_TABLE: ${self:custom.wordsTable}

👆 IAM permissions for our functions under the iamRoleStatements section under the providerblock.

✍ Note the property named environment under provider block.This would allow any variables declared under it to be available to our application code as a property of process.env. We have added a variable named WORDS_TABLE to get our words table name in our code.

Provisioning the DynamoDB table we want to work with:

To provision the table we want to work with using CloudFormation syntax, add a resources section in serverless.yml as below👇.

resources:
  Resources:
    WordsDynamoDBTable:
      Type: 'AWS::DynamoDB::Table'
      Properties:
        TableName: ${self:custom.wordsTable}
        AttributeDefinitions:
          - AttributeName: userId
            AttributeType: S
          - AttributeName: wordId 
            AttributeType: S
        KeySchema:
          - AttributeName: userId
            KeyType: HASH
          - AttributeName: wordId
            KeyType: RANGE
        ProvisionedThroughput:
          ReadCapacityUnits: 5
          WriteCapacityUnits: 5

Above, we specified two attributes for our table, userId and wordId , as the primary and the sort keys for our records in the table. Check this out to understand the dynamoDB provisioning properties in detail.

With the above sections added, the serverless.yml file should now look like below 👇:

Deploy to AWS

With the above changes made to serverless.yml having dynamoDB table provisioning configuration defined, lets deploy again to AWS using the scripts we added to package.json for deploying to dev and prod environments.

For dev environment, run the below command. We would expect a DynamoDB table named vocabWords-dev to get created with two keys - userId and wordId.

$ npm run devDeploy

Once the command is complete, log back to your AWS management console and go to services→DynamoDB.
Here, you should see the new vocabWords-dev table that cloud-formation stack would have created for you based on the dynamoDB resources schema we have specified in the serverless.yml file.

Perfect, now that we got the dynamoDB table provisioned, let’s start working on the API. In the next post, we would build the first endpoint of our API - to add a word to vocabWords table.

← Prev: Serverless Toolkit ┈ 🏠 ┈ Next:Create(post) endpoint→