AppSync: how to inject table names into DynamoDB batch & transact operations

You can become a serverless blackbelt. Enrol to my 4-week online workshop Production-Ready Serverless and gain hands-on experience building something from scratch using serverless technologies. At the end of the workshop, you should have a broader view of the challenges you will face as your serverless architecture matures and expands. You should also have a firm grasp on when serverless is a good fit for your system as well as common pitfalls you need to avoid. Sign up now and get 15% discount with the code yanprs15!

When working with CloudFormation, AWS recommends not to give explicit names to resources and let CloudFormation name them for you. This has several advantages:

  • It’s harder for attackers to guess resource names such as S3 buckets or DynamoDB tables.
  • You can deploy the same stack multiple times to the same account. This is useful when you use temporary stacks for developing feature branches or for running end-to-end tests in your CI pipeline.

However, this makes it harder for you to use AppSync’s batch or transact DynamoDB operations.

I had this exact problem on a recent project where I built the backend of a new social network in AppSync.

One way to get around this problem is to introduce some external build step to transform the VTL templates.

Alternative, you can also wrap the RequestTemplate and ResponseTemplate in a Fn::Sub so you can reference the DynamoDB tables’ logical IDs in the VTL templates themselves.

On this project, I used the Serverless framework with the excellent serverless-appsync-plugin. I didn’t want to introduce an extra build step to my CI pipeline so I chose the 2nd approach.

Since the resolvers and pipeline functions are generated by the serverless-appsync-plugin, I couldn’t wrap them in a Fn::Sub directly. But, as is so often the case, the solution is to create a Serverless framework plugin to manipulate the generated CloudFormation.

Update 22/07/2020: Thanks to reader Owain McGuire for pointing out that the serverless-appsync-plugin has a built-in substitutions features which does this out-of-the-box, so you don’t need to write your own plugin after all. Somehow I managed to miss this completely :-/

Anyhow, to do this, you need to define a substitutions attribute under custom.appsynclike this:

  userTableName: !Ref UserTable

You will be able to reference this as ${userTableName} in your VTL templates.

In this case, I created a local plugin called VtlPseudoParameters as below.

And added it to the list of plugins for the project.

  - serverless-appsync-plugin
  - vtl-pseudo-parameters
  - serverless-plugin-split-stacks

However, this project is non-trivial. It had ~150 resolvers amidst a total of ~500 CloudFormation resources. To mitigate the 200 resources limit on CloudFormation, I also use the serverless-plugin-split-stacks to split the main stack into several nested stacks.

So, the local plugin needs to run AFTER the serverless-appsync-plugin, but BEFORE the serverless-plugin-split-stacks splits up the stack. Which is why its position in the plugins list matters. Also, it needs to transform the generated CloudFormation template on the same hook that both serverless-appsync-plugin and serverless-plugin-split-stacks uses.

With the help of this simple plugin, I can reference the logical ID of my DynamoDB table and CloudFormation would take care of substituting them to the generated table names.

A word of warning though. This is a quick fix. The reason I didn’t publish this as an NPM package is that it can’t function as a standalone plugin. Not only does it depend on the serverless-appsync-plugin, but it also needs to be positioned after the serverless-appsync-plugin in the plugins array.

The right thing to do here is to incorporate this behaviour into the serverless-appsync-plugin plugin itself. Unfortunately, I haven’t had the time to look into it and create the PR myself. If you’re reading and you’re able to do that, then please go ahead and create the PR in my stead. Otherwise, I’ll get to it when I have a moment.

In the meantime, this is a bandaid that makes DynamoDB batch and transact operations a little easier to work with in AppSync.

Liked this article? Support me on Patreon and get direct help from me via a private Slack channel or 1-2-1 mentoring.
Subscribe to my newsletter

Hi, I’m Yan. I’m an AWS Serverless Hero and I help companies go faster for less by adopting serverless technologies successfully.

Are you struggling with serverless or need guidance on best practices? Do you want someone to review your architecture and help you avoid costly mistakes down the line? Whatever the case, I’m here to help.

Hire me.

Skill up your serverless game with this hands-on workshop.

My 4-week Production-Ready Serverless online workshop is back!

This course takes you through building a production-ready serverless web application from testing, deployment, security, all the way through to observability. The motivation for this course is to give you hands-on experience building something with serverless technologies while giving you a broader view of the challenges you will face as the architecture matures and expands.

We will start at the basics and give you a firm introduction to Lambda and all the relevant concepts and service features (including the latest announcements in 2020). And then gradually ramping up and cover a wide array of topics such as API security, testing strategies, CI/CD, secret management, and operational best practices for monitoring and troubleshooting.

If you enrol now you can also get 15% OFF with the promo code “yanprs15”.

Enrol now and SAVE 15%.

Check out my new podcast Real-World Serverless where I talk with engineers who are building amazing things with serverless technologies and discuss the real-world use cases and challenges they face. If you’re interested in what people are actually doing with serverless and what it’s really like to be working with serverless day-to-day, then this is the podcast for you.

Check out my new course, Learn you some Lambda best practice for great good! In this course, you will learn best practices for working with AWS Lambda in terms of performance, cost, security, scalability, resilience and observability. We will also cover latest features from re:Invent 2019 such as Provisioned Concurrency and Lambda Destinations. Enrol now and start learning!

Check out my video course, Complete Guide to AWS Step Functions. In this course, we’ll cover everything you need to know to use AWS Step Functions service effectively. There is something for everyone from beginners to more advanced users looking for design patterns and best practices. Enrol now and start learning!