教程:创建多账户全局表 - Amazon DynamoDB
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

教程:创建多账户全局表

本节提供分步说明,指导您创建跨多个 Amazon 账户的 DynamoDB 全局表。

按照以下步骤,使用 Amazon Web Services 管理控制台创建多账户全局表。以下示例创建了一个全局表,并在美国创建了副本表。

  1. 对于第一个账户(假设为 111122223333),登录 Amazon Web Services 管理控制台并打开 DynamoDB 控制台:https://console.aws.amazon.com/dynamodb/

  2. 对于本示例,从导航栏的区域选择器中选择美国东部(俄亥俄州)

  3. 在控制台左侧的导航窗格中,选择

  4. 选择创建表

  5. 创建表页面上:

    1. 对于表名称,输入 MusicTable

    2. 对于分区键,输入 Artist

    3. 对于排序键,输入 SongTitle

    4. 保留其它默认设置,然后选择创建表

  6. 将以下资源策略添加到表中

    {
"Version": "2012-10-17", 		 	 	 
"Statement": [
    {
        "Sid": "DynamoDBActionsNeededForSteadyStateReplication",
        "Effect": "Allow",
        "Action": [
            "dynamodb:ReadDataForReplication",
            "dynamodb:WriteDataForReplication",
            "dynamodb:ReplicateSettings"
        ],
        "Resource": "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable",
        "Principal": {"Service": ["replication.dynamodb.amazonaws.com"]},
        "Condition": {
            "StringEquals": {
                "aws:SourceAccount": ["444455556666","111122223333"],
                "aws:SourceArn": [
                    "arn:aws:dynamodb:us-east-1:444455556666:table/MusicTable",
                    "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable"
                ]
            }
        }
    },
    {
        "Sid": "AllowTrustedAccountsToJoinThisGlobalTable",
        "Effect": "Allow",
        "Action": [
            "dynamodb:AssociateTableReplica"
        ],
        "Resource": "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable",
        "Principal": {"AWS": ["444455556666"]}
    }
]
}

  7. 此新表在新的全局表中用作第一个副本表。这是您稍后添加的其他副本表的原型。

  8. 等待表的状态变为活动。对于新创建的表,从全局表选项卡中导航到设置复制,然后单击启用

  9. 从此账户(此处为 111122223333)退出。

  10. 对于第二个账户(假设为 444455556666),登录 Amazon Web Services 管理控制台并打开 DynamoDB 控制台:https://console.aws.amazon.com/dynamodb/

  11. 对于本示例,从导航栏的区域选择器中选择美国东部(弗吉尼亚州北部)

  12. 控制台将确保所选区域中不存在同名的表。如果有同名的表,则必须删除现有表,然后才能在该区域创建新的副本表。

  13. 创建表旁边的下拉列表中,选择从另一个账户创建

  14. 从另一个账户创建表页面上:

    1. 添加 arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable 作为源表的表 ARN。

    2. 副本表 ARN 中,再次添加源表的 ARN arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable。如果多账户全局表中已经存在多个副本,则必须将每个现有副本添加到 ReplicaTableARN。

    3. 保留其他默认设置,然后选择提交

  15. 音乐表(以及任何其他副本表)的全局表选项卡将显示该表已在多个区域中复制。

  16. 测试复制:

    1. 您可以使用任何存在此表副本的区域

    2. 选择浏览表项目

    3. 选择创建项目

    4. 对于艺术家,输入 item_1;而对于歌名,则输入 Song Value 1

    5. 选择创建项目

    6. 通过切换到其它区域来验证复制:

    7. 验证 Music 表中是否包含您创建的项目。

以下示例说明如何使用 Amazon CLI 创建多账户全局表。这些示例演示了设置跨账户复制的完整工作流。

CLI

使用以下 Amazon CLI 命令创建具有跨账户复制功能的多账户全局表。

# STEP 1: Setting resource policy for the table in account 111122223333

cat > /tmp/source-resource-policy.json << 'EOF'
{
    "Version": "2012-10-17", 		 	 	 
    "Statement": [
        {
            "Sid": "DynamoDBActionsNeededForSteadyStateReplication",
            "Effect": "Allow",
            "Action": [
                "dynamodb:ReadDataForReplication",
                "dynamodb:WriteDataForReplication",
                "dynamodb:ReplicateSettings"
            ],
            "Resource": "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable",
            "Principal": {"Service": ["replication.dynamodb.amazonaws.com"]},
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": ["444455556666","111122223333"],
                    "aws:SourceArn": [
                        "arn:aws:dynamodb:us-east-1:444455556666:table/MusicTable",
                        "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable"
                    ]
                }
            }
        },
        {
            "Sid": "AllowTrustedAccountsToJoinThisGlobalTable",
            "Effect": "Allow",
            "Action": [
                "dynamodb:AssociateTableReplica"
            ],
            "Resource": "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable",
            "Principal": {"AWS": ["444455556666"]}
        }
    ]
}
EOF

# Step 2: Create a new table (MusicTable) in US East (Ohio), 
#   with DynamoDB Streams enabled (NEW_AND_OLD_IMAGES),
#   and Settings Replication ENABLED on the account 111122223333

aws dynamodb create-table \
    --table-name MusicTable \
    --attribute-definitions \
        AttributeName=Artist,AttributeType=S \
        AttributeName=SongTitle,AttributeType=S \
    --key-schema \
        AttributeName=Artist,KeyType=HASH \
        AttributeName=SongTitle,KeyType=RANGE \
    --billing-mode PAY_PER_REQUEST \
    --stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES \
    --global-table-settings-replication-mode ENABLED \
    --resource-policy file:///tmp/source-resource-policy.json \
    --region us-east-2 


# Step 3: Creating replica table in account 444455556666

# Resource policy for account 444455556666
cat > /tmp/dest-resource-policy.json << 'EOF'
{
    "Version": "2012-10-17", 		 	 	 
    "Statement": [
        {
            "Sid": "DynamoDBActionsNeededForSteadyStateReplication",
            "Effect": "Allow",
            "Action": [
                "dynamodb:ReadDataForReplication",
                "dynamodb:WriteDataForReplication",
                "dynamodb:ReplicateSettings"
            ],
            "Resource": "arn:aws:dynamodb:us-east-1:444455556666:table/MusicTable",
            "Principal": {"Service": ["replication.dynamodb.amazonaws.com"]},
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": ["444455556666","111122223333"],
                    "aws:SourceArn": [
                        "arn:aws:dynamodb:us-east-1:444455556666:table/MusicTable",
                        "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable"
                    ]
                }
            }
        }
    ]
}
EOF

# Execute the replica table creation
aws dynamodb create-table \
    --table-name MusicTable \
    --global-table-source-arn "arn:aws:dynamodb:us-east-2:111122223333:table/MusicTable" \
    --resource-policy file:///tmp/dest-resource-policy.json \
    --global-table-settings-replication-mode ENABLED \
    --region us-east-1

# Step 4: View the list of replicas created using describe-table
aws dynamodb describe-table \
    --table-name MusicTable \
    --region us-east-2 \
    --query 'Table.{TableName:TableName,TableStatus:TableStatus,MultiRegionConsistency:MultiRegionConsistency,Replicas:Replicas[*].{Region:RegionName,Status:ReplicaStatus}}'

# Step 5: To verify that replication is working, add a new item to the Music table in US East (Ohio)
aws dynamodb put-item \
    --table-name MusicTable \
    --item '{"Artist": {"S":"item_1"},"SongTitle": {"S":"Song Value 1"}}' \
    --region us-east-2

# Step 6: Wait for a few seconds, and then check to see whether the item has been 
# successfully replicated to US East (N. Virginia) and Europe (Ireland)
aws dynamodb get-item \
    --table-name MusicTable \
    --key '{"Artist": {"S":"item_1"},"SongTitle": {"S":"Song Value 1"}}' \
    --region us-east-1

aws dynamodb get-item \
    --table-name MusicTable \
    --key '{"Artist": {"S":"item_1"},"SongTitle": {"S":"Song Value 1"}}' \
    --region us-east-2

# Step 7: Delete the replica table in US East (N. Virginia) Region
aws dynamodb delete-table \
    --table-name MusicTable \
    --region us-east-1

# Clean up: Delete the primary table
aws dynamodb delete-table \
    --table-name MusicTable \
    --region us-east-2