AWS DynamoDB

Detailed information on the AWS DynamoDB state store component

Component format

To setup a DynamoDB state store create a component of type state.aws.dynamodb. See this guide on how to create and apply a state store configuration.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: <NAME>
  5.   namespace: <NAMESPACE>
  6. spec:
  7.   type: state.aws.dynamodb
  8.   version: v1
  9.   metadata:
  10.   - name: table
  11.     value: "mytable"
  12.   - name: accessKey
  13.     value: "AKIAIOSFODNN7EXAMPLE" # Optional
  14.   - name: secretKey
  15.     value: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" # Optional
  16.   - name: endpoint
  17.     value: "http://localhost:8080" # Optional
  18.   - name: region
  19.     value: "eu-west-1" # Optional
  20.   - name: sessionToken
  21.     value: "myTOKEN" # Optional
  22.   - name: ttlAttributeName
  23.     value: "expiresAt" # Optional

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.

Primary Key

In order to use DynamoDB as a Dapr state store, the table must have a primary key named key.

Spec metadata fields

FieldRequiredDetailsExample
tableYname of the DynamoDB table to use“mytable”
accessKeyNID of the AWS account with appropriate permissions to SNS and SQS. Can be secretKeyRef to use a secret reference“AKIAIOSFODNN7EXAMPLE”
secretKeyNSecret for the AWS user. Can be secretKeyRef to use a secret reference“wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY”
regionNThe AWS region to the instance. See this page for valid regions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html. Ensure that DynamoDB are available in that region.“us-east-1”
endpointNAWS endpoint for the component to use. Only used for local development. The endpoint is unncessary when running against production AWShttp://localhost:4566
sessionTokenNAWS session token to use. A session token is only required if you are using temporary security credentials.“TOKEN”
ttlAttributeNameNThe table attribute name which should be used for TTL.“expiresAt”

Important

When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you’re using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you must not provide AWS access-key, secret-key, and tokens in the definition of the component spec you’re using.

Setup AWS DynamoDB

See Authenticating to AWS for information about authentication-related attributes

Time to live (TTL)

In order to use DynamoDB TTL feature, you must enable TTL on your table and define the attribute name. The attribute name must be defined in the ttlAttributeName field. See official AWS docs.

Last modified June 23, 2022: Merge pull request #2550 from ItalyPaleAle/cosmosdb-harcoded-dapr-version (cf03237)