giuseppe-trisciuoglio/aws-cloudformation-dynamodb
plugins/developer-kit-aws/skills/aws-cloudformation/aws-cloudformation-dynamodb/SKILL.md
Provides AWS CloudFormation patterns for DynamoDB tables, GSIs, LSIs, auto-scaling, and streams. Use when creating DynamoDB tables with CloudFormation, configuring primary keys, local/global secondary indexes, capacity modes (on-demand/provisioned), point-in-time recovery, encryption, TTL, and implementing template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references.
$ install --global
skillsauthnpx skillsauth add giuseppe-trisciuoglio/developer-kit aws-cloudformation-dynamodbInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 1:23 PM11.9s5 files scanned
SKILL.md
- name:
- aws-cloudformation-dynamodb
- description:
- Provides AWS CloudFormation patterns for DynamoDB tables, GSIs, LSIs, auto-scaling, and streams. Use when creating DynamoDB tables with CloudFormation, configuring primary keys, local/global secondary indexes, capacity modes (on-demand/provisioned), point-in-time recovery, encryption, TTL, and implementing template structure with Parameters, Outputs, Mappings, Conditions, cross-stack references.
- allowed-tools:
- Read, Write, Bash
AWS CloudFormation DynamoDB Patterns
Provides production-ready NoSQL database infrastructure patterns using AWS CloudFormation templates with DynamoDB tables, GSIs, LSIs, auto-scaling, encryption, TTL, and streams.
Overview
Covers DynamoDB tables, primary keys, secondary indexes (GSI/LSI), capacity modes, auto-scaling, encryption, TTL, streams, and best practices for parameters, outputs, and cross-stack references.
When to Use
Creating DynamoDB tables, configuring keys and indexes, setting capacity modes, implementing auto-scaling, enabling encryption/TTL/streams, and organizing CloudFormation templates.
Instructions
Follow these steps to create DynamoDB tables with CloudFormation:
- Define Table Parameters: Specify table name and billing mode
- Configure Primary Key: Set partition key and optional sort key
- Add Secondary Indexes: Create GSIs for alternative access patterns
- Configure Encryption: Enable encryption using KMS keys
- Set Up TTL: Define timestamp attribute for automatic deletion
- Enable Streams: Configure stream for change data capture
- Add Auto Scaling: Implement Application Auto Scaling for provisioned capacity
- Create Backup: Enable point-in-time recovery
- Validate Template: Run
aws cloudformation validate-templatebefore deployment - Deploy Stack: Use
aws cloudformation create-stackorupdate-stack - Monitor Events: Check
aws cloudformation describe-stack-eventsfor failures orROLLBACKstatus - Handle Rollback: On failure, review events for resource errors, fix the template, and re-deploy
Quick Reference
| Resource Type | Purpose |
|---------------|---------|
| AWS::DynamoDB::Table | Create DynamoDB table |
| AWS::ApplicationAutoScaling::ScalableTarget | Auto scaling configuration |
| AWS::ApplicationAutoScaling::ScalingPolicy | Scaling policies |
| AWS::KMS::Key | KMS key for encryption |
| AWS::IAM::Role | IAM roles for auto scaling |
| BillingMode | PAY_PER_REQUEST or PROVISIONED |
| SSESpecification | Server-side encryption |
Examples
Basic Table with On-Demand Capacity
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Sub "${AWS::StackName}-table"
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: pk
AttributeType: S
KeySchema:
- AttributeName: pk
KeyType: HASH
Table with Global Secondary Index
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Sub "${AWS::StackName}-table"
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: pk
AttributeType: S
- AttributeName: gsi-pk
AttributeType: S
KeySchema:
- AttributeName: pk
KeyType: HASH
GlobalSecondaryIndexes:
- IndexName: gsi-index
KeySchema:
- AttributeName: gsi-pk
KeyType: HASH
Projection:
ProjectionType: ALL
Table with TTL
SessionTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Sub "${AWS::StackName}-sessions"
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: sessionId
AttributeType: S
KeySchema:
- AttributeName: sessionId
KeyType: HASH
TimeToLiveSpecification:
AttributeName: expiresAt
Enabled: true
Table with Auto Scaling
ScalableTarget:
Type: AWS::ApplicationAutoScaling::ScalableTarget
Properties:
MaxCapacity: 100
MinCapacity: 5
ResourceId: !Sub "table/${DynamoDBTable}"
RoleARN: !GetAtt AutoScalingRole.Arn
ScalableDimension: dynamodb:table:ReadCapacityUnits
ServiceNamespace: dynamodb
See references/complete-examples.md for more complete examples including encryption, streams, auto scaling, and production tables.
Template Structure
Base Template
AWSTemplateFormatVersion: 2010-09-09
Description: DynamoDB table with GSI and auto-scaling
Parameters:
TableName:
Type: String
Default: my-table
BillingMode:
Type: String
Default: PAY_PER_REQUEST
Resources:
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Ref TableName
BillingMode: !Ref BillingMode
Outputs:
TableName:
Value: !Ref DynamoDBTable
TableArn:
Value: !GetAtt DynamoDBTable.Arn
See references/advanced-configuration.md for detailed Parameters, Mappings, Conditions, Outputs, IAM roles, and cross-stack references.
Best Practices
- Use PAY_PER_REQUEST for development/testing and unpredictable workloads
- Enable Point-In-Time Recovery for production tables
- Use KMS encryption for sensitive data (SSE-KMS)
- Configure auto-scaling for provisioned capacity tables
- Design GSIs carefully - each GSI consumes capacity
- Use TTL for automatic data expiration (sessions, cache)
- Enable Streams for change data capture and analytics
- Tag resources for cost allocation and organization
- Export outputs for cross-stack references
- Use Conditions for environment-specific configurations
Common Troubleshooting
Table already exists: Use unique table names or stack deletion policy GSI creation fails: Verify attribute definitions include GSI attributes Auto-scaling not working: Check IAM role permissions and service-linked role TTL not expiring: Ensure TTL attribute is Number type, not String Streams not enabled: Can only enable streams during table creation Encryption errors: Verify KMS key exists in same region as table
Related Skills
- aws-cloudformation-security - Security best practices for DynamoDB
- aws-cloudformation-lambda - Lambda triggers for DynamoDB Streams
- aws-cloudformation-iam - IAM roles for DynamoDB access
References
Complete Examples
- references/complete-examples.md - Basic tables, GSI, LSI, TTL, encryption, PITR, auto-scaling, production tables, global tables, streams
Advanced Configuration
- references/advanced-configuration.md - Parameters, Mappings, Conditions, auto scaling policies, streams, TTL, global tables, outputs, IAM roles, deletion policies
Constraints and Warnings
- Table names: Must be unique per region (globally unique for global tables)
- GSI limits: Maximum 5 GSIs per table (for single-region tables)
- LSI limits: Maximum 5 LSIs per table, same partition key as table
- Capacity limits: On-demand has default account limits (40,000 RCUs, 40,000 WCUs)
- Auto-scaling: Requires PROVISIONED billing mode (not PAY_PER_REQUEST)
- Point-in-time recovery: Can only be enabled during table creation
- Streams: Can only be enabled during table creation
- Encryption: KMS keys must be in same region as table
- TTL: Attribute must be Number type, measured in seconds
- Throughput: Each GSI shares provisioned throughput with table
- Item size limit: Maximum 400 KB per item
- Hot partition: Design keys to avoid hot partition issues
Related Skills
giuseppe-trisciuoglio/specs-code-cleanup
development
VerifiedTrustedCommunity
Provides final code cleanup after task review approval. Removes debug logs, temporary comments, dead code, optimizes imports, and improves readability. Use when asked to clean up code, polish, finalize, tidy up, remove technical debt, or prepare code for completion after review. Not for refactoring logic or fixing bugs—focused solely on cosmetic and hygiene cleanup.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/ralph-loop
tools
VerifiedTrustedCommunity
Ralph Wiggum-inspired automation loop for specification-driven development. Orchestrates task implementation, review, cleanup, and synchronization using a Python script. Use when: user runs /loop command, user asks to automate task implementation, user wants to iterate through spec tasks step-by-step, or user wants to run development workflow automation with context window management. One step per invocation. State machine: init → choose_task → implementation → review → fix → cleanup → sync → update_done. Supports --from-task and --to-task for task range filtering. State persisted in fix_plan.json.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/constitution
testing
VerifiedTrustedCommunity
Creates, updates, validates, and displays the architectural DNA of a project through two shared documents: docs/specs/architecture.md (technology stack, architectural rules, security constraints, AI guardrails) and docs/specs/ontology.md (domain glossary / Ubiquitous Language). Use BEFORE brainstorm as a project setup step, or at any point in the SDD lifecycle to validate specs/tasks against architecture principles. Triggers on 'create constitution', 'update constitution', 'constitution check', 'validate against constitution', 'project principles', 'architectural guardrails', 'setup project architecture', 'define ontology'.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/qwen-coder
tools
VerifiedTrustedCommunity
Provides Qwen Coder CLI delegation workflows for coding tasks using Qwen2.5-Coder and QwQ models, including English prompt formulation, execution flags, and safe result handling. Use when the user explicitly asks to use Qwen for tasks such as code generation, refactoring, debugging, or architectural analysis. Triggers on "use qwen", "use qwen coder", "delegate to qwen", "ask qwen", "second opinion from qwen", "qwen opinion", "continue with qwen", "qwen session".
237SKILL.mdUpdated May 5, 2026