Error from CloudFormation when creating DynamoDB GSI

0

I'm getting the following error from cloudformation: error screenshot

My snippet of template:

  ConnectionsTable:
    Type: AWS::DynamoDB::Table
    DeletionPolicy: Delete
    UpdateReplacePolicy: Delete
    Properties:
      AttributeDefinitions: 
        - AttributeName: UserID
          AttributeType: 'S'
        - AttributeName: WebsocketID
          AttributeType: 'S'
      KeySchema:
        - AttributeName: UserID
          KeyType: HASH
      SSESpecification:
        KMSMasterKeyId: !Ref ConnectionsTableKey
        SSEEnabled: true
        SSEType: KMS
      GlobalSecondaryIndexes:
        - IndexName: "WebsocketID"
          KeySchema:
            - AttributeName: WebsocketID
              KeyType: HASH
          Projection:
            NonKeyAttributes:
              - AgentID
            ProjectionType: "INCLUDE"
          ProvisionedThroughput:
            ReadCapacityUnits: "0"
            WriteCapacityUnits: "0"
      BillingMode: PAY_PER_REQUEST
      PointInTimeRecoverySpecification:
        PointInTimeRecoveryEnabled: false
      TimeToLiveSpecification:
        AttributeName: ExpiryTimestamp
        Enabled: true

I've tried without the ProvisionedThroughput block in the GSI, I've tried with it. I've tried without the GSI (that works), but then adding it in fails again.

I can't replicate it either - I've created a new template with just this table, and it creates quite happily.

Where am I going wrong?

AWS
posta 2 anni fa821 visualizzazioni
3 Risposte
0

Okay - this is weird! In my scenario, there was some difference between the table and my stack. I /think/ it comes down to having this:

SSESpecification:
        KMSMasterKeyId: !Ref ConnectionsTableKey
        SSEEnabled: true
        SSEType: KMS

In this case, the SSEType line is confusing things, as I want to use customer-managed keys, not the AWS default KMS for Dynamo. Removing this line, adding quotes around PAY_PER_REQUEST and a couple other small changes (removing the DeletionPolicy and UpdateReplacePolicy) seem to have fixed the issue.

AWS
con risposta 2 anni fa
0

Hello,

Couldn't get your exact issue. The below code block is working good for me and creating the table as well as GSI. both are ondemand capacity units.

Please let me if you still have any issues

PS : I have removed the KMS key reference, you can add it back and test.

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  ConnectionsTable:
      Type: AWS::DynamoDB::Table
      DeletionPolicy: Delete
      UpdateReplacePolicy: Delete
      Properties:
        AttributeDefinitions: 
          - AttributeName: UserID
            AttributeType: 'S'
          - AttributeName: WebsocketID
            AttributeType: 'S'
        KeySchema:
          - AttributeName: UserID
            KeyType: HASH
        GlobalSecondaryIndexes:
          - IndexName: "WebsocketID"
            KeySchema:
              - AttributeName: WebsocketID
                KeyType: HASH
            Projection:
              NonKeyAttributes:
                - AgentID
              ProjectionType: "INCLUDE"
            ProvisionedThroughput:
              ReadCapacityUnits: "0"
              WriteCapacityUnits: "0"
        BillingMode: PAY_PER_REQUEST
        PointInTimeRecoverySpecification:
          PointInTimeRecoveryEnabled: false
        TimeToLiveSpecification:
          AttributeName: ExpiryTimestamp
          Enabled: true
AWS
con risposta 2 anni fa
0

Hi,

That's right. When you want to use Customer Managed Key (CMK) by specifying "KMSMasterKeyId" , Then you dont have to mention SSEEnabled and SSEType.

These 2 options applicable only when you want to use default aws managed key.

AWS
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande