Error from CloudFormation when creating DynamoDB GSI

0

I'm getting the following error from cloudformation: error screenshot

My snippet of template:

  ConnectionsTable:
    Type: AWS::DynamoDB::Table
    DeletionPolicy: Delete
    UpdateReplacePolicy: Delete
    Properties:
      AttributeDefinitions: 
        - AttributeName: UserID
          AttributeType: 'S'
        - AttributeName: WebsocketID
          AttributeType: 'S'
      KeySchema:
        - AttributeName: UserID
          KeyType: HASH
      SSESpecification:
        KMSMasterKeyId: !Ref ConnectionsTableKey
        SSEEnabled: true
        SSEType: KMS
      GlobalSecondaryIndexes:
        - IndexName: "WebsocketID"
          KeySchema:
            - AttributeName: WebsocketID
              KeyType: HASH
          Projection:
            NonKeyAttributes:
              - AgentID
            ProjectionType: "INCLUDE"
          ProvisionedThroughput:
            ReadCapacityUnits: "0"
            WriteCapacityUnits: "0"
      BillingMode: PAY_PER_REQUEST
      PointInTimeRecoverySpecification:
        PointInTimeRecoveryEnabled: false
      TimeToLiveSpecification:
        AttributeName: ExpiryTimestamp
        Enabled: true

I've tried without the ProvisionedThroughput block in the GSI, I've tried with it. I've tried without the GSI (that works), but then adding it in fails again.

I can't replicate it either - I've created a new template with just this table, and it creates quite happily.

Where am I going wrong?

AWS
asked 2 years ago790 views
3 Answers
0

Okay - this is weird! In my scenario, there was some difference between the table and my stack. I /think/ it comes down to having this:

SSESpecification:
        KMSMasterKeyId: !Ref ConnectionsTableKey
        SSEEnabled: true
        SSEType: KMS

In this case, the SSEType line is confusing things, as I want to use customer-managed keys, not the AWS default KMS for Dynamo. Removing this line, adding quotes around PAY_PER_REQUEST and a couple other small changes (removing the DeletionPolicy and UpdateReplacePolicy) seem to have fixed the issue.

AWS
answered 2 years ago
0

Hello,

Couldn't get your exact issue. The below code block is working good for me and creating the table as well as GSI. both are ondemand capacity units.

Please let me if you still have any issues

PS : I have removed the KMS key reference, you can add it back and test.

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  ConnectionsTable:
      Type: AWS::DynamoDB::Table
      DeletionPolicy: Delete
      UpdateReplacePolicy: Delete
      Properties:
        AttributeDefinitions: 
          - AttributeName: UserID
            AttributeType: 'S'
          - AttributeName: WebsocketID
            AttributeType: 'S'
        KeySchema:
          - AttributeName: UserID
            KeyType: HASH
        GlobalSecondaryIndexes:
          - IndexName: "WebsocketID"
            KeySchema:
              - AttributeName: WebsocketID
                KeyType: HASH
            Projection:
              NonKeyAttributes:
                - AgentID
              ProjectionType: "INCLUDE"
            ProvisionedThroughput:
              ReadCapacityUnits: "0"
              WriteCapacityUnits: "0"
        BillingMode: PAY_PER_REQUEST
        PointInTimeRecoverySpecification:
          PointInTimeRecoveryEnabled: false
        TimeToLiveSpecification:
          AttributeName: ExpiryTimestamp
          Enabled: true
AWS
answered 2 years ago
0

Hi,

That's right. When you want to use Customer Managed Key (CMK) by specifying "KMSMasterKeyId" , Then you dont have to mention SSEEnabled and SSEType.

These 2 options applicable only when you want to use default aws managed key.

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions