Parameters: App: Type: String Description: Your application's name. Env: Type: String Description: The environment name your service, job, or workflow is being deployed to. Name: Type: String Description: Your workload's name. Resources: {{logicalIDSafe .Name}}: Metadata: 'aws:copilot:description': 'An Amazon DynamoDB table for {{.Name}}' Type: AWS::DynamoDB::Table Properties: TableName: !Sub ${App}-${Env}-${Name}-{{.Name}} AttributeDefinitions:{{range .Attributes}} - AttributeName: {{.Name}} AttributeType: "{{.DataType}}"{{end}} BillingMode: PAY_PER_REQUEST KeySchema: - AttributeName: {{.PartitionKey}} KeyType: HASH{{ if .SortKey }} - AttributeName: {{.SortKey}} KeyType: RANGE{{end}}{{if .HasLSI}} LocalSecondaryIndexes:{{range .LSIs}} - IndexName: {{.Name}} KeySchema: - AttributeName: {{.PartitionKey}} KeyType: HASH - AttributeName: {{.SortKey}} KeyType: RANGE Projection: ProjectionType: ALL{{end}}{{end}} {{logicalIDSafe .Name}}AccessPolicy: Metadata: 'aws:copilot:description': 'An IAM ManagedPolicy for your service to access the {{.Name}} db' Type: AWS::IAM::ManagedPolicy Properties: Description: !Sub - Grants CRUD access to the Dynamo DB table ${Table} - { Table: !Ref {{logicalIDSafe .Name}} } PolicyDocument: Version: '2012-10-17' Statement: - Sid: DDBActions Effect: Allow Action: - dynamodb:BatchGet* - dynamodb:DescribeStream - dynamodb:DescribeTable - dynamodb:Get* - dynamodb:Query - dynamodb:Scan - dynamodb:BatchWrite* - dynamodb:Create* - dynamodb:Delete* - dynamodb:Update* - dynamodb:PutItem Resource: !Sub ${ {{logicalIDSafe .Name}}.Arn} - Sid: DDBLSIActions Action: - dynamodb:Query - dynamodb:Scan Effect: Allow Resource: !Sub ${ {{logicalIDSafe .Name}}.Arn}/index/* Outputs: {{envVarName .Name}}: Description: "The name of this DynamoDB." Value: !Ref {{logicalIDSafe .Name}} {{logicalIDSafe .Name}}AccessPolicy: Description: "The IAM::ManagedPolicy to attach to the task role." Value: !Ref {{logicalIDSafe .Name}}AccessPolicy