aws/aws-cdk

aws-dynamodb: TableV2 with DynamoEventSource triggers deprecated TableGrantsProps#policyResource and #encryptedResource warnings during synth

Open

#37 221 ouverte le 11 mars 2026

Voir sur GitHub
 (9 commentaires) (7 réactions) (0 assignés)TypeScript (3 530 forks)batch import
@aws-cdk/aws-dynamodbbugeffort/smallgood first issuep2

Métriques du dépôt

Stars
 (10 710 stars)
Métriques de merge PR
 (Merge moyen 14j 11h) (68 PRs mergées en 30 j)

Description

Describe the bug

Using TableV2 with dynamo_stream=StreamViewType.NEW_IMAGE and attaching a DynamoEventSource to a Lambda produces deprecation warnings during cdk synth. The warnings originate inside CDK's own grantStreamRead() call — not from user code. There is no way to avoid them from user-land.

doing cdk synth leads to warnings:

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Library Version

No response

Expected Behavior

No deprecation warnings when using only supported, non-deprecated APIs.

Current Behavior

Warnings appear once per TableV2 instance that has a DynamoEventSource attached.

Reproduction Steps

table = dynamodb.TableV2(
    self, "MyTable",
    partition_key=dynamodb.Attribute(name="pk", type=dynamodb.AttributeType.STRING),
    dynamo_stream=dynamodb.StreamViewType.NEW_IMAGE,
    billing=dynamodb.Billing.on_demand(),
)

fn.add_event_source(
    lvs.DynamoEventSource(
        table=table,
        starting_position=lbd.StartingPosition.LATEST,
    )
)



### Possible Solution

Root cause (suspected by claude :-))
DynamoEventSource.bind() internally calls table.grantStreamRead(), which constructs TableGrantsProps with the deprecated policyResource and encryptedResource fields. This is CDK-internal usage; user code cannot influence it.

### Additional Information/Context

#### WARNING OUTPUT:

[WARNING] aws-cdk-lib.aws_dynamodb.TableGrantsProps#policyResource is deprecated.
  - Leave this field undefined. A best-effort attempt will be made to discover a resource policy and add permissions to it.
  This API will be removed in the next major release.
[WARNING] aws-cdk-lib.aws_dynamodb.TableGrantsProps#encryptedResource is deprecated.
  - Leave this field undefined. If the table is encrypted with a customer-managed KMS key, appropriate grants to the key will be automatically added.
  This API will be removed in the next major release.

### AWS CDK Library version (aws-cdk-lib)

2.242.0

### AWS CDK CLI version

2.1110.0 (build 970da46)

### Node.js Version

2.242.0

### OS

Linux TRANSDEV 5.15.167.4-microsoft-standard-WSL2 #1 SMP Tue Nov 5 00:21:55 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

### Language

Python

### Language Version

3.13.9

### Other information

_No response_

Guide contributeur