Add DynamoDB provisioning profile
Part ɪ: Building Serverless Api│Story 05: Add provisioning profile for DynamoDB to serverless configuration
In the previous post, we scaffolded our initial version of Serverless API, deployed its initial version to AWS and also tested it locally.
Next, we would add provisioning profile for the DynamoDB table in serverless.yml
.
We would store the vocabulary words added by our app users in a DynamoDB table. For this, we want serverless to get a DynamoDB table provisioned for us when deploying the service if not already existing.
As per our naming specifications, the name of this table would be 𝚟𝚘𝚌𝚊𝚋𝚆𝚘𝚛𝚍𝚜. We would want its name to be vocabWords-dev
for dev environment and vocabWords-prod
for prod.
In serverless.yml
, add below to hold the name of the dynamoDB table with the environment name appended to it. The current environment we are working can be read from stage
option provided with the deploy command.
custom:
wordsTable: 'vocabWords-${opt:stage}'
Above, we added a root-level property custom
to serverless.yml
. Under this property, we can add any custom variables we want to refer to in the file.
For now, we’ve added a variable named wordsTable
that would hold the name of the dynamoDB table that our lambda functions would use to read/write data.
Note the ${opt:stage}
part in the wordsTable value, this would be value of the stage
argument from the command line. In the previous post, we added two scripts to package.json
as below:
"scripts": {
...,
"devDeploy": "serverless deploy --stage dev --region us-east-1",
"prodDeploy": "serverless deploy --stage prod --region us-east-1"
}
When running devDeploy
script, the value for—-stage
argument is dev
. Thus the wordsTable name in this case would be vocabWords-dev
. Similarly when running prodDeploy
script, wordsTable would be vocabWords-prod
.
Adding IAM Role Permissions for accessing DynamoDB
Next, we’d add IAM Role permissions to serverless.yml
to allow our API to perform CRUD operations to DynamoDB. Under the provider
section of serverless.yml
, add iamRoleStatement
as below:
provider:
name: aws
runtime: nodejs8.10
profile: serverless-aws-admin
region: us-east-1#iamRoleStatements for permissions to Lambda to access DynamoDB.
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- dynamodb:Update
Resource: "arn:aws:dynamodb:us-east-1:*:*"
environment:
WORDS_TABLE: ${self:custom.wordsTable}
👆 IAM permissions for our functions under the iamRoleStatements
section under the provider
block.
✍ Note the property named environment
under provider
block.This would allow any variables declared under it to be available to our application code as a property of process.env
. We have added a variable named WORDS_TABLE
to get our words table name in our code.
Provisioning the DynamoDB table we want to work with:
To provision the table we want to work with using CloudFormation syntax, add a resources
section in serverless.yml
as below👇.
resources:
Resources:
WordsDynamoDBTable:
Type: 'AWS::DynamoDB::Table'
Properties:
TableName: ${self:custom.wordsTable}
AttributeDefinitions:
- AttributeName: userId
AttributeType: S
- AttributeName: wordId
AttributeType: S
KeySchema:
- AttributeName: userId
KeyType: HASH
- AttributeName: wordId
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
Above, we specified two attributes for our table, userId
and wordId
, as the primary and the sort keys for our records in the table. Check this out to understand the dynamoDB provisioning properties in detail.
With the above sections added, the serverless.yml
file should now look like below 👇:
Deploy to AWS
With the above changes made to serverless.yml
having dynamoDB table provisioning configuration defined, lets deploy again to AWS using the scripts we added to package.json
for deploying to dev and prod environments.
For dev environment, run the below command. We would expect a DynamoDB table named vocabWords-dev
to get created with two keys - userId
and wordId
.
$ npm run devDeploy
Once the command is complete, log back to your AWS management console and go to services→DynamoDB.
Here, you should see the new vocabWords-dev
table that cloud-formation stack would have created for you based on the dynamoDB resources schema we have specified in the serverless.yml
file.
Perfect, now that we got the dynamoDB table provisioned, let’s start working on the API. In the next post, we would build the first endpoint of our API - to add a word to vocabWords
table.
← Prev: Serverless Toolkit
┈ 🏠 ┈ Next:Create(post) endpoint
→