(dynamodb): Tags not replicated when creating Table replicas

[ccicchitelli]

When creating a Global Table in DynamoDB with CDK, tags are not propagated to the replication regions and there is no ability to define tags for those replication regions. As a result, our resources are remediated by internal tools due to missing tags.

Reproduction Steps

When creating a Global Table via CDK, I add the following prop to my Table Construct:
replicationRegions: ["us-east-2"]

Additionally, I have tags defined for the whole the stack:
new AppStack(app, 'DigitalAccountDynamoStack', { tags: { ['deployment_guid']: process.env.bamboo_forge_deployment_guid as string, }});

I have also tried:
Tags.of(app).add('deployment_guid', process.env.bamboo_forge_deployment_guid as string);
As well as:
Tag.add(appStack, 'deployment_guid', process.env.bamboo_forge_deployment_guid as string);

All result in the same: missing tags.

What did you expect to happen?

Tags from the core region should be replicated to the replication regions or there should be a property to manually set the tags.

What actually happened?

Tags are empty in replication regions.

Environment

• **CDK CLI Version :**1.106.1
• Framework Version:
• **Node.js Version:**14.6.0
• **OS :**Mac OS
• Language (Version): TypeScript

Other

---

This is 🐛 Bug Report

[skinny85]

Hey @ccicchitelli ,

thanks for opening the issue. You can try applying the Tags this way:

        const table = new dynamodb.Table(this, 'Table', {
            partitionKey: {
                name: 'Id',
                type: dynamodb.AttributeType.STRING,
            },
            replicationRegions: ['us-west-1'],
        });
        const nestedStack = this.node.findChild('@aws-cdk/aws-dynamodb.ReplicaProvider') as NestedStack;
        Tags.of(nestedStack).add('abc', 'xyz');

[ccicchitelli]

Thanks @skinny85 ! That did not have any effect for me, I tested both with an existing table and a new test table. I also tried to find a workaround by running a post-deploy CLI command to tag the relication region by ARN, but my organization doesn't allow that unfortunately.

[chrisjgray]

@ccicchitelli, thanks for opening this. I actually just experienced this for the first time today myself. I also tried the workaround @skinny85 suggested, and it didn't work for me either.

[skinny85]

Hey all,

I believe this is a DynamoDB limitation.

The CDK uses the UpdateTable DynamoDB API to create the replica. If you look at the documentation of that call, it doesn't allow passing Tags to the created replica, so there's no way for us to tag the created replica.

Note that there is a new resource, AWS::DynamoDB::GlobalTable. Hopefully, that resource supports tagging (although I don't see it in the definition of the resource...).

[harrilu96]

@skinny85 The CDK page for AWS::DynamoDB::GlobalTable is marked as deprecated, but the issue with the lack of tags in dynamodb replicated regions has not yet been resolved. When can we expect this functionality to be implemented? Thanks!

[skinny85]

@skinny85 The CDK page for AWS::DynamoDB::GlobalTable is marked as deprecated

Sorry, which page is marked as deprecated?

[harrilu96]

The CDK for global tables is marked as deprecated here: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-dynamodb-global.GlobalTable.html

It asks us to use @aws-cdk/aws-dynamodb.Table.replicationRegions instead, which does not replicate tags

[skinny85]

Ah, I see. This is a little confusing, so let me explain 🙂.

The page you linked to (https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-dynamodb-global.GlobalTable.html) is not for the AWS::DynamoDB::GlobalTable resource. It's actually for the "old" DynamoDB global support (version 2017.11.29), which has been deprecated by DynamoDB.

When I say the CDK class for the AWS::DynamoDB::GlobalTable, I mean this class. As you can see, it's definitely not deprecated 🙂. This is an example of a Layer 1 construct, as we don't have support for on the higher-level Layer 2 for the AWS::DynamoDB::GlobalTable resource yet.

Hope this clears this up!

Thanks,
Adam

[peterwoodworth]

I recommend creating an issue on the CloudFormation coverage roadmap so that we can see direct support of this feature

[deandalm]

This issue indicates it is possible to use CloudFormation to specify the tags using ReplicaSpecification object.
aws-cloudformation/cloudformation-coverage-roadmap#1074

It is possible to specify tags on a AWS::DynamoDB::GlobalTable resource via the Tags field in each ReplicaSpecification object.

For more details, see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-replicaspecification.html#cfn-dynamodb-globaltable-replicaspecification-tags.

[peterwoodworth]

It seems to me that this issue is describing two different issues:

1. Tags are not propagated to replicas when using our L2 Table construct to create replicas. This is because updateTable does not provide a way to manage tags. However, we could also use the TagResource API call in the custom resource to bridge this gap

2. Tags are not propagated to CfnGlobalTable. This is because setting the tags on this resource is on a per-replica basis. In other words, Tags is not a first level prop in the CloudFormation specification, so we aren't detecting it as taggable. I've created a separate issue for this here