DynamoDB + Pulumi - The Ultimate Guide w/ Examples

Introduction

DynamoDB plays a crucial role in the serverless ecosystem. It offers a fully managed, highly scalable, and low latency NoSQL database service for developers. However, using the AWS Console to provision these resources can decrease productivity and development efficiency.

Therefore, developers have adopted IaC (Infrastructure as Code) tools to manage cloud infrastructure directly from the code.

Why DynamoDB With Pulumi?

Pulumi is a commonly used open-source IaC tool that allows developers to create, deploy and manage cloud infrastructure. Pulumi enables developers to provision a DynamoDB table with minimal effort. All you have to do is create an instance of the DynamoDB table class offered by Pulumi.

Pulumi offers seamless integrations with DynamoDB. For example, developers can bind a Lambda function to a stream event and configure backups, encryption, and autoscaling with minimal effort, allowing faster development and feature release times.

What's Better for DynamoDB - Pulumi or Terraform?

Pulumi is not the only IaC tool to manage cloud infrastructure. For example, Terraform is a popular IaC tool a developer can use to manage cloud infrastructure.

Compared to Terraform, Pulumi allows developers to use their preferred programming language to manage infrastructure. For example, you can use Node.js or Java, .NET, or Python to provision and manage infrastructure. On the other hand, Terraform requires developers to learn their syntax: HCL (HashiCorp Configuration Language), to manage cloud resources. It requires an additional learning curve which increases the time to release.

So, working with Pulumi is much easier if you do not feel familiar with HCL. So, let's have an in-depth walkthrough on provisioning a DynamoDB table and a CRUD API to interact with it using Pulumi.

Demonstration

Step 1 - Pre-requisites

Before proceeding, make sure that you have:

1. Set up your AWS Profile.
2. Installed Node.js.
3. A package management software - Homebrew (for Mac) or Chocolatey (For Windows)
4. Pulumi CLI - For Mac, you can install it using the command - brew install pulumi/tap/pulumi, and for Windows, you can install it using the command - choco install pulumi.

Please create a new directory in your preferred location and open it using the below command.

// returns the configured AWS account information.
aws sts get-caller-identity 

// returns the version of Pulumi that you have installed.
pulumi version
// returns the configured AWS account information.
aws sts get-caller-identity 

// returns the version of Pulumi that you have installed.
pulumi version

Figure - The expected outcome of the executed commands

Step 2 - Initializing a Pulumi project

Create a new directory in your preferred location and navigate to it using the command shown below.

mkdir pulumi-dynamodb-api && cd pulumi-dynamodb-api
mkdir pulumi-dynamodb-api && cd pulumi-dynamodb-api

Please note that I will be implementing the sample project using TypeScript, but you are free to implement it in any programming language supported by Pulumi.

Run the commands shown below to initialize a project in TypeScript.

pulumi login // login to the CLI by providing an access token.
pulumi new aws-typescript // the command will initialize a sample project with few resources.
pulumi login // login to the CLI by providing an access token.
pulumi new aws-typescript // the command will initialize a sample project with few resources.

The second command will start an initialization wizard and prompt you to provide the following.

1. Project Name - pulumi-dynamodb-api
2. Project Description: Sample CRUD API to demonstrate DynamoDB using Pulumi.
3. Stack: dev
4. AWS Region: Preferred AWS region.

After providing the required information, the CLI will install the required NPM packages and display the output below.

Figure - Successfully initializing a Pulumi project

Next, open the project, navigate to the index.ts file and remove the S3 initialization.

Figure - Resources to remove in the file.

Step 3 - Provisioning the DynamoDB Table

Create a new directory titled dynamo in the project root directory. We will use this directory to manage all the DynamoDB tables. Next, create a new file named users.ts in the dynamo directory.

Your directory structure should look as shown below.

.
├── Pulumi.dev.yaml
├── Pulumi.yaml
├── dynamo
│   └── users.ts
├── index.ts
├── package-lock.json
├── package.json
└── tsconfig.json
.
├── Pulumi.dev.yaml
├── Pulumi.yaml
├── dynamo
│   └── users.ts
├── index.ts
├── package-lock.json
├── package.json
└── tsconfig.json

Open the file - users.ts and add the code shown below.

import * as aws from '@pulumi/aws';

// table name -> users

export const Users = new aws.dynamodb.Table("users", {
    // define possible hash and range key attributes only
    
    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        }
    ],
    hashKey: 'id',
    rangeKey: 'createdAt',
    billingMode: 'PROVISIONED', // defaults to provisioned, if no value is specifed. supports "PAY_PER_REQUEST"

    writeCapacity: 30,
    readCapacity: 30
});
import * as aws from '@pulumi/aws';

// table name -> users

export const Users = new aws.dynamodb.Table("users", {
    // define possible hash and range key attributes only
    
    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        }
    ],
    hashKey: 'id',
    rangeKey: 'createdAt',
    billingMode: 'PROVISIONED', // defaults to provisioned, if no value is specifed. supports "PAY_PER_REQUEST"

    writeCapacity: 30,
    readCapacity: 30
});

The above snippet declares a DynamoDB table named users with two attributes (id as the hash key and createdAt as the range key) in the Provisioned (default) billing mode with 30 WCU and RCU.

However, you can use PAY_PER_REQUEST as the billing mode to allow DynamoDB to scale up and down on its throughput when necessary.

Afterward, navigate to theindex.ts file and update it with the below code:

// stack resources are declared in this file
import { Users } from './dynamo/users';

// export table name (you can export any property including the ARN)
export const UsersTable = Users.name;
// stack resources are declared in this file
import { Users } from './dynamo/users';

// export table name (you can export any property including the ARN)
export const UsersTable = Users.name;

You must declare all Pulumi resources in the index.ts to allow Pulumi CLI to provision them.

Once you've added the snippet, run the command pulumi up --stack dev in the terminal. It will display the output shown below.

Figure - Provisioning the table using Pulumi.

The figure above shows the Planning phase. Pulumi displays the resources that it will update. Select Yes to provision your DynamoDB table.

If the table is provisioned successfully, you should see the output below.

Figure - Viewing the provisioned results

You can visit the DynamoDB Console in the previously specified region and see the table you've provisioned using Pulumi.

Figure - Viewing the provisioned table in the AWS Console

Pulumi allows developers to have finer control of the table configurations. It enables you to manage table settings such as:

• TTL
• Point in Time Recovery
• Encryption
• Local Secondary Indexes
• Global Secondary Indexes
• Streams

Time To Live (TTL)

To enable TTL and provide a lifespan for your item, you need to allow TTL for your DynamoDB table.

Pulumi disables TTL by default, but developers can configure TTL by adding the snippet shown below to the existing table configuration.

export const Users = new aws.dynamodb.Table("users", {
  // other table settings

  // turning on TTL (disabled by default)

  ttl: {
     enabled: true,
     attributeName: 'deleteAt' // TTL attribute that item must have
  }
});
export const Users = new aws.dynamodb.Table("users", {
  // other table settings

  // turning on TTL (disabled by default)

  ttl: {
     enabled: true,
     attributeName: 'deleteAt' // TTL attribute that item must have
  }
});

The snippet above enables TTL for the provisioned Users table. When an item has the deleteAt attribute in Number format, DynamoDB will delete the item after the specified time elapses.

Point in Time Recovery (Backups)

Pulumi allows developers to manage Point in Time Recovery of the DynamoDB table. It ensures that you can turn on backups and roll back data on the table over the last 35 days.

To enable this, add the snippet below to the existing table.

export const Users = new aws.dynamodb.Table("users", {
    // other table configurations// enable point in time recovery

    pointInTimeRecovery: {
        enabled: true,
    }
});
export const Users = new aws.dynamodb.Table("users", {
    // other table configurations// enable point in time recovery

    pointInTimeRecovery: {
        enabled: true,
    }
});

Encryption

DynamoDB provides out-of-the-box support for encryption at rest with the help of the AWS-owned key. Additionally, Pulumi allows developers to use AWS-managed or customer-owned keys to configure encryption in the table.

Add the code below to the existing table to configure encryption using the default AWS-owned key.

export const Users = new aws.dynamodb.Table("users", {
   // other table configurations// enable encryption using AWS Owned Key

    serverSideEncryption: {
        enabled: true,
        // kmsKeyArn: <<ARN-OF-CUSTOMER-OWNER-KMS-KEY>>
    }
});
export const Users = new aws.dynamodb.Table("users", {
   // other table configurations// enable encryption using AWS Owned Key

    serverSideEncryption: {
        enabled: true,
        // kmsKeyArn: <<ARN-OF-CUSTOMER-OWNER-KMS-KEY>>
    }
});

Suppose you are using a customer-managed key. The serverSideEncryption object accepts a second parameter named kmsKeyArn that accepts the ARN of the KMS Key.

Local Secondary Indexes

Pulumi allows developers to create local secondary indexes for a table. First, you have to declare the new sort key in the attributes property and use the localSecondaryIndexes property to provide an array of five LSIs per table.

Use the snippet shown below to add an LSI to your table.

export const Users = new aws.dynamodb.Table("users", {
    // other table configuration settings

    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        },

       // define the attribute for the LSI Sort Key

        {
            name: 'lskSortKey',
            type: 'S'
        }
    ],
   
  // declare the LSI

    localSecondaryIndexes: [
        {
            name: 'first-lsi',
            rangeKey: 'lskSortKey',
            projectionType: 'INCLUDE', // will project only the given attributes to the index

            nonKeyAttributes: ['id', 'createdAt', 'name', 'email']
        }
    ],
    hashKey: 'id',
    rangeKey: 'createdAt',
});
export const Users = new aws.dynamodb.Table("users", {
    // other table configuration settings

    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        },

       // define the attribute for the LSI Sort Key

        {
            name: 'lskSortKey',
            type: 'S'
        }
    ],
   
  // declare the LSI

    localSecondaryIndexes: [
        {
            name: 'first-lsi',
            rangeKey: 'lskSortKey',
            projectionType: 'INCLUDE', // will project only the given attributes to the index

            nonKeyAttributes: ['id', 'createdAt', 'name', 'email']
        }
    ],
    hashKey: 'id',
    rangeKey: 'createdAt',
});

After creating the table, Pulumi will drop your existing table and create a new one if you add an LSI. Therefore ensure that you have backed up your table data before adding an LSI.

Global Secondary Indexes

Pulumi allows developers to add 20 GSIs (on the default quota) to a DynamoDB table. To create a GSI, add the new hash and range keys to the attributes array and use the globalSecondaryIndexes property in the table to provision a new GSI with the projected attributes.

This is shown below.

export const Users = new aws.dynamodb.Table("users", {
    // other table configurations

    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        },
        {
            name: 'gsiPk',
            type: 'S',
        },
        {
            name: 'gsiSk',
            type: 'S'
        }
    ],
    globalSecondaryIndexes: [
        {
            name: 'first-gsi',
            hashKey: 'gsiPk',
            rangeKey: 'gsiSk',
            projectionType: 'INCLUDE', // project only required attributes

            nonKeyAttributes : ['id', 'name', 'email'],
  
            // specify index throughput only when table's billing mode is "PROVISIONED"

            writeCapacity: 30,
            readCapacity: 30
        }
    ],
});
export const Users = new aws.dynamodb.Table("users", {
    // other table configurations

    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        },
        {
            name: 'gsiPk',
            type: 'S',
        },
        {
            name: 'gsiSk',
            type: 'S'
        }
    ],
    globalSecondaryIndexes: [
        {
            name: 'first-gsi',
            hashKey: 'gsiPk',
            rangeKey: 'gsiSk',
            projectionType: 'INCLUDE', // project only required attributes

            nonKeyAttributes : ['id', 'name', 'email'],
  
            // specify index throughput only when table's billing mode is "PROVISIONED"

            writeCapacity: 30,
            readCapacity: 30
        }
    ],
});

Streams

Pulumi allows you to set up streams quickly. By default, Pulumi disables streams, but you can add the code shown below to enable streams on DynamoDB.

export const Users = new aws.dynamodb.Table("users", {
    // other table configuration settings

    streamEnabled: true,
    streamViewType: 'NEW_AND_OLD_IMAGES', // you can access both the old and new versions of the item in the stream
});
export const Users = new aws.dynamodb.Table("users", {
    // other table configuration settings

    streamEnabled: true,
    streamViewType: 'NEW_AND_OLD_IMAGES', // you can access both the old and new versions of the item in the stream
});

The streamViewType can be configured to access one of the following records in the stream.

1. New and old item: Use NEW_AND_OLD_IMAGES
2. Only the old item: Use OLD_IMAGE
3. Only the new item: Use NEW_IMAGE
4. Only the keys of the item: KEYS_ONLY

After enabling the stream, developers can bind a Lambda function to process the stream data. They can do this by binding a Lamda function for the onEvent function of the Users table object:

Users.onEvent(
    'users-stream'
    , new aws.lambda.CallbackFunction('users-stream-lambda', {
        callback: async (event: aws.dynamodb.TableEvent) => {
            const { NewImage, OldImage } = event.Records[0].dynamodb;
            console.log(NewImage, OldImage);
        },
        memorySize: 512,
        timeout: 30
    }),
    {
        startingPosition: 'LATEST',
        batchSize: 1, // send only 1 stream record to a lambda.
    }
);
Users.onEvent(
    'users-stream'
    , new aws.lambda.CallbackFunction('users-stream-lambda', {
        callback: async (event: aws.dynamodb.TableEvent) => {
            const { NewImage, OldImage } = event.Records[0].dynamodb;
            console.log(NewImage, OldImage);
        },
        memorySize: 512,
        timeout: 30
    }),
    {
        startingPosition: 'LATEST',
        batchSize: 1, // send only 1 stream record to a lambda.
    }
);

The snippet above shows the stream event of the table that invokes a Lambda function named users-stream-lambda that will print the stream images to the console. Note that the way you process the stream images depends on the streamViewType.

The batchSize helps configure the number of records sent to the Lambda function.

Additionally, Pulumi binds the required IAM Roles and permissions for the stream events.

Step 4 - Observing the Final Table File

After adding the required table configurations, the users.ts file will look as shown below.

import * as aws from '@pulumi/aws';

// table name -> users
export const Users = new aws.dynamodb.Table("users", {
    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        },
        {
            name: 'lskSortKey',
            type: 'S'
        },
        {
            name: 'gsiPk',
            type: 'S',
        },
        {
            name: 'gsiSk',
            type: 'S'
        }
    ],
    globalSecondaryIndexes: [
        {
            name: 'first-gsi',
            hashKey: 'gsiPk',
            rangeKey: 'gsiSk',
            projectionType: 'INCLUDE', 
            nonKeyAttributes: ['id', 'name', 'email'],
            writeCapacity: 30,
            readCapacity: 30
        }
    ],
    localSecondaryIndexes: [
        {
            name: 'first-lsi',
            rangeKey: 'lskSortKey',
            projectionType: 'INCLUDE',
            nonKeyAttributes: ['id', 'createdAt', 'name', 'email']
        }
    ],
    hashKey: 'id',
    rangeKey: 'createdAt',
    billingMode: 'PROVISIONED', 
    writeCapacity: 30,
    readCapacity: 30,
    ttl: {
        enabled: true,
        attributeName: 'deleteAt'
    },
    pointInTimeRecovery: {
        enabled: true,
    },
    serverSideEncryption: {
        enabled: true,
    },
    streamEnabled: true,
    streamViewType: 'NEW_AND_OLD_IMAGES'
});

Users.onEvent(
    'users-stream'
    , new aws.lambda.CallbackFunction('users-stream-lambda', {
        callback: async (event: aws.dynamodb.TableEvent) => {
            const { NewImage, OldImage } = event.Records[0].dynamodb;
            console.log(NewImage, OldImage);
        },
        memorySize: 512,
        timeout: 30
    }),
    {
        startingPosition: 'LATEST',
        batchSize: 1, // send only 1 stream record to a lambda.
    }
);
import * as aws from '@pulumi/aws';

// table name -> users
export const Users = new aws.dynamodb.Table("users", {
    attributes: [
        {
            name: 'id',
            type: 'S' // string
        },
        {
            name: 'createdAt',
            type: 'N' // number
        },
        {
            name: 'lskSortKey',
            type: 'S'
        },
        {
            name: 'gsiPk',
            type: 'S',
        },
        {
            name: 'gsiSk',
            type: 'S'
        }
    ],
    globalSecondaryIndexes: [
        {
            name: 'first-gsi',
            hashKey: 'gsiPk',
            rangeKey: 'gsiSk',
            projectionType: 'INCLUDE', 
            nonKeyAttributes: ['id', 'name', 'email'],
            writeCapacity: 30,
            readCapacity: 30
        }
    ],
    localSecondaryIndexes: [
        {
            name: 'first-lsi',
            rangeKey: 'lskSortKey',
            projectionType: 'INCLUDE',
            nonKeyAttributes: ['id', 'createdAt', 'name', 'email']
        }
    ],
    hashKey: 'id',
    rangeKey: 'createdAt',
    billingMode: 'PROVISIONED', 
    writeCapacity: 30,
    readCapacity: 30,
    ttl: {
        enabled: true,
        attributeName: 'deleteAt'
    },
    pointInTimeRecovery: {
        enabled: true,
    },
    serverSideEncryption: {
        enabled: true,
    },
    streamEnabled: true,
    streamViewType: 'NEW_AND_OLD_IMAGES'
});

Users.onEvent(
    'users-stream'
    , new aws.lambda.CallbackFunction('users-stream-lambda', {
        callback: async (event: aws.dynamodb.TableEvent) => {
            const { NewImage, OldImage } = event.Records[0].dynamodb;
            console.log(NewImage, OldImage);
        },
        memorySize: 512,
        timeout: 30
    }),
    {
        startingPosition: 'LATEST',
        batchSize: 1, // send only 1 stream record to a lambda.
    }
);

Afterward, run the pulumi up --stack dev command to start provisioning the newly added properties.

You should see the output shown below.

Figure - Observing a preview of the table after adding the new settings

Pulumi creates an IAM Role for the users-stream-lambda and automatically takes care of binding the required IAM Role and Policies for the Lambda function.

Select yes, and let Pulumi configure the table settings.

If Pulumi successfully provisions the required resources, you should see the output below.

Figure - Successfully provisioning the required changes

Step 4 - Provisioning the CRUD API with API Gateway

Step 4.1 - Adding the Business Logic

After creating the table, we can create a REST API to interact with it using the API Gateway that invokes Lambda Functions. The API will be able to do the following functions.

1. Create a user
2. Update a user
3. Fetch all users
4. Delete a user

Pulumi bundles the AWS SDK that developers can use to perform queries. Therefore, you do not need to install the AWS SDK manually.

First, create a new directory named api-gateway and create two files named lambdas.ts and index.ts. The directory structure should look as shown below.

.
├── Pulumi.dev.yaml
├── Pulumi.yaml
├── api-gateway
│   ├── index.ts
│   └── lambdas.ts
├── dynamo
│   └── users.ts
├── index.ts
├── package-lock.json
├── package.json
└── tsconfig.json
.
├── Pulumi.dev.yaml
├── Pulumi.yaml
├── api-gateway
│   ├── index.ts
│   └── lambdas.ts
├── dynamo
│   └── users.ts
├── index.ts
├── package-lock.json
├── package.json
└── tsconfig.json

The lambdas.ts will contain the Lambda functions and the business logic, while the index.ts will provision the API Gateway.

Open the lambda.ts file and add the import shown below.

// provides access to the AWS SDK and helps declare Lambda functions.
import * as aws from '@pulumi/aws';

// import the Crosswalk library for type access
import * as awsx from '@pulumi/awsx';

// import the created table in order to obtain the table name
import { Users } from '../dynamo/users';
// provides access to the AWS SDK and helps declare Lambda functions.
import * as aws from '@pulumi/aws';

// import the Crosswalk library for type access
import * as awsx from '@pulumi/awsx';

// import the created table in order to obtain the table name
import { Users } from '../dynamo/users';

Afterward, add the code shown below to declare the business logic for each function of the API.

Create User

export const createUser = new aws.lambda.CallbackFunction('createUser', {
    callback: async (event: awsx.apigateway.Request): Promise<awsx.apigateway.Response> => {
        const { body = '{}' } = event;
        const parsedBody = JSON.parse(body || '{}');
        const { name, email, age } = parsedBody; // obtain event body sent from client

       const randomId = Math.random().toString(36).substring(2, 15);
       const userId = randomId;


        const FIVE_DAYS_AFTER_TODAY = new Date(Date.now() + (1000 * 60 * 60 * 24 * 5)).getTime();

        // initialize new user

        const user = {
            id: userId,
            name,
            email,
            age,
            createdAt: Date.now(),
            deleteAt: FIVE_DAYS_AFTER_TODAY
        }

        // create an instance of the Document Client by using the SDK bundled into Pulumi.

        const documentClient = new aws.sdk.DynamoDB.DocumentClient();

        // add the item into the table

        // refer the table name using the object declared earlier.
        
        await documentClient.put({
            TableName: Users.name.get(), Item: user
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify(user)
        }
    },
    memorySize: 128,
    timeout: 10,
});
export const createUser = new aws.lambda.CallbackFunction('createUser', {
    callback: async (event: awsx.apigateway.Request): Promise<awsx.apigateway.Response> => {
        const { body = '{}' } = event;
        const parsedBody = JSON.parse(body || '{}');
        const { name, email, age } = parsedBody; // obtain event body sent from client

       const randomId = Math.random().toString(36).substring(2, 15);
       const userId = randomId;


        const FIVE_DAYS_AFTER_TODAY = new Date(Date.now() + (1000 * 60 * 60 * 24 * 5)).getTime();

        // initialize new user

        const user = {
            id: userId,
            name,
            email,
            age,
            createdAt: Date.now(),
            deleteAt: FIVE_DAYS_AFTER_TODAY
        }

        // create an instance of the Document Client by using the SDK bundled into Pulumi.

        const documentClient = new aws.sdk.DynamoDB.DocumentClient();

        // add the item into the table

        // refer the table name using the object declared earlier.
        
        await documentClient.put({
            TableName: Users.name.get(), Item: user
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify(user)
        }
    },
    memorySize: 128,
    timeout: 10,
});

Here, a user is created based on the information passed from the user request. Additionally, the sort key is specified with the createdAt as the current time on the server. This item will get deleted after five days due to the deleteAt TTL attribute.

Afterward, the user is persisted to the Users table and the created user is returned back to the client.

Update User

export const updateUser = new aws.lambda.CallbackFunction('updateUser', {
    callback: async (event: awsx.apigateway.Request): Promise<awsx.apigateway.Response> => {
        const { body = '{}' } = event;
        const parsedBody = JSON.parse(body || '{}');
        const { id, name, email, age, createdAt } = parsedBody; // obtain event body sent from client

       const documentClient = new aws.sdk.DynamoDB.DocumentClient(); 

        const patchObject = {
            ...name && { name },
            ...email && { email },
            ...age && { age }
        }

        let updateExpression = '';
        let updateExpressionAttributeNames: any = {};
        let updateExpressionAttributeValues: any = {};

        Object.entries(patchObject).forEach(([key, value]) => {

            // dynamically build the update expression based on the keys in the patch object
            updateExpression += `${updateExpression.length > 0 ? `, #${key} = :${key} ` : `SET #${key} = :${key} `}`;
            updateExpressionAttributeNames[`#${key}`] = key;
            updateExpressionAttributeValues[`:${key}`] = value;
        });

        await documentClient.update({
            TableName: Users.name.get(),
            Key: { id, createdAt },
            UpdateExpression: updateExpression,
            ExpressionAttributeNames: updateExpressionAttributeNames,
            ExpressionAttributeValues: updateExpressionAttributeValues
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify({
                message: `User with id ${id} updated successfully`,
                updateAttributes: { ...patchObject }
            })
        }
    },
    memorySize: 128,
    timeout: 10,
});
export const updateUser = new aws.lambda.CallbackFunction('updateUser', {
    callback: async (event: awsx.apigateway.Request): Promise<awsx.apigateway.Response> => {
        const { body = '{}' } = event;
        const parsedBody = JSON.parse(body || '{}');
        const { id, name, email, age, createdAt } = parsedBody; // obtain event body sent from client

       const documentClient = new aws.sdk.DynamoDB.DocumentClient(); 

        const patchObject = {
            ...name && { name },
            ...email && { email },
            ...age && { age }
        }

        let updateExpression = '';
        let updateExpressionAttributeNames: any = {};
        let updateExpressionAttributeValues: any = {};

        Object.entries(patchObject).forEach(([key, value]) => {

            // dynamically build the update expression based on the keys in the patch object
            updateExpression += `${updateExpression.length > 0 ? `, #${key} = :${key} ` : `SET #${key} = :${key} `}`;
            updateExpressionAttributeNames[`#${key}`] = key;
            updateExpressionAttributeValues[`:${key}`] = value;
        });

        await documentClient.update({
            TableName: Users.name.get(),
            Key: { id, createdAt },
            UpdateExpression: updateExpression,
            ExpressionAttributeNames: updateExpressionAttributeNames,
            ExpressionAttributeValues: updateExpressionAttributeValues
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify({
                message: `User with id ${id} updated successfully`,
                updateAttributes: { ...patchObject }
            })
        }
    },
    memorySize: 128,
    timeout: 10,
});

updateUser function dynamically builds an update expression based on the attributes passed from the client. Then, it updates the user information using the composite partition key and returns the updated attributes.

Delete User

export const deleteUser = new aws.lambda.CallbackFunction('deleteUser', {
    callback: async (event: awsx.apigateway.Request): Promise<awsx.apigateway.Response> => {
        const { body = '{}' } = event;
        const { id, createdAt } = JSON.parse(body || '{}')
        const documentClient = new aws.sdk.DynamoDB.DocumentClient();

        await documentClient.delete({
            TableName: Users.name.get(),
            Key: {
                id,
                createdAt
            }
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify({
                message: `User with id ${id} deleted successfully`
            })
        }
    },
    memorySize: 128,
    timeout: 10,
})
export const deleteUser = new aws.lambda.CallbackFunction('deleteUser', {
    callback: async (event: awsx.apigateway.Request): Promise<awsx.apigateway.Response> => {
        const { body = '{}' } = event;
        const { id, createdAt } = JSON.parse(body || '{}')
        const documentClient = new aws.sdk.DynamoDB.DocumentClient();

        await documentClient.delete({
            TableName: Users.name.get(),
            Key: {
                id,
                createdAt
            }
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify({
                message: `User with id ${id} deleted successfully`
            })
        }
    },
    memorySize: 128,
    timeout: 10,
})

deleteUser function deletes a user using the composite partition key.

Fetch all Users

export const getAllUsers = new aws.lambda.CallbackFunction('getAllUsers', {
    callback: async (): Promise<awsx.apigateway.Response> => {
        const documentClient = new aws.sdk.DynamoDB.DocumentClient();
         
// fetch all users by scanning the table// for production apps, use a query and avoid scans.

        const { Items } = await documentClient.scan({
            TableName: Users.name.get()
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify(Items)
        }
    },
    memorySize: 128,
    timeout: 10,
});
export const getAllUsers = new aws.lambda.CallbackFunction('getAllUsers', {
    callback: async (): Promise<awsx.apigateway.Response> => {
        const documentClient = new aws.sdk.DynamoDB.DocumentClient();
         
// fetch all users by scanning the table// for production apps, use a query and avoid scans.

        const { Items } = await documentClient.scan({
            TableName: Users.name.get()
        }).promise();

        return {
            statusCode: 200,
            body: JSON.stringify(Items)
        }
    },
    memorySize: 128,
    timeout: 10,
});

getAllUsers function scans the entire User table and returns the users to the client. For production workflows, avoid using "Scans" whenever possible.

Use the Dynobase Query Builder to write efficient and optimized queries that you can directly use in your TypeScript code.

Step 4.2 - Creating the API Gateway

After declaring the Lambda functions, we can integrate them into the API Gateway. The snippet below shows a configured API Gateway with four routes that clients can use.

import * as awsx from '@pulumi/awsx'; // use Pulumi Crosswalk to easily define the API Gateway
import { Route } from '@pulumi/awsx/apigateway';
import * as users from './lambdas';

// add the API Routes with the lambdas that must be executed for each endpoint

const API_ROUTES: Route[] = [
    { path: '/users/create', method: 'POST', eventHandler: users.createUser },
    { path: '/users/{id}/update', method: 'PATCH', eventHandler: users.updateUser },
    { path: '/users/{id}/delete', method: 'POST', eventHandler: users.deleteUser },
    { path: '/users', method: 'GET', eventHandler: users.getAllUsers }
]

// initialize a new API Gateway with the specified routes.

export const apiGateway = new awsx.apigateway.API('rest-api', {
    routes: API_ROUTES,
    restApiArgs: {
      binaryMediaTypes: []
    }
});
import * as awsx from '@pulumi/awsx'; // use Pulumi Crosswalk to easily define the API Gateway
import { Route } from '@pulumi/awsx/apigateway';
import * as users from './lambdas';

// add the API Routes with the lambdas that must be executed for each endpoint

const API_ROUTES: Route[] = [
    { path: '/users/create', method: 'POST', eventHandler: users.createUser },
    { path: '/users/{id}/update', method: 'PATCH', eventHandler: users.updateUser },
    { path: '/users/{id}/delete', method: 'POST', eventHandler: users.deleteUser },
    { path: '/users', method: 'GET', eventHandler: users.getAllUsers }
]

// initialize a new API Gateway with the specified routes.

export const apiGateway = new awsx.apigateway.API('rest-api', {
    routes: API_ROUTES,
    restApiArgs: {
      binaryMediaTypes: []
    }
});

Afterward, import the created apiGateway and export the URL as shown below. Clients can use this URL to invoke the API Gateway.

// stack resources are declared in this file
import { Users } from './dynamo/users';
import { apiGateway } from './api-gateway/index';

export const UsersTable = Users.name;

// export URL used to invoke the API Gateway
export const { url } = apiGateway;
// stack resources are declared in this file
import { Users } from './dynamo/users';
import { apiGateway } from './api-gateway/index';

export const UsersTable = Users.name;

// export URL used to invoke the API Gateway
export const { url } = apiGateway;

Pulumi automatically creates the Lambda execution role and allows the API Gateway to invoke these functions. Run pulumi up --stack dev and select "Yes" to provision your API on the cloud.

Please note that you will have to re-run the command to provision the "stage" for the API Gateway successfully.

You should see the output shown below.

Figure - Provisioning the API Gateway

Step 5 - Consuming the DynamoDB table using the API

You can copy the URL shown in the outputs section, append the API routes, and consume the API by providing the required data.

The expected outputs for the invocations are shown below.

Create User

Figure - Output: Create User

Update User

Figure - Output: Update User

Delete User

Figure - Output: Delete User

Fetch all Users

Figure - Output: Fetch all users

Additionally, visit CloudWatch and observe the outputs for the Lambda that gets invoked to process the stream events.

Conclusion

This article provided a walkthrough on provisioning a DynamoDB table and CRUD API using Pulumi to create a simple production-ready, cloud-native application.

The sample application developed in this article is available in my GitHub repository.

I hope that you have found this article helpful.

Thank you for reading.