DynamoDB Export to S3: Step-by-Step Guide

published on 31 March 2025

Exporting your DynamoDB data to Amazon S3 is a simple way to back up, analyze, or migrate your data. Here’s what you need to know upfront:

  • Why Export?
    • Analyze data using tools like Amazon Athena.
    • Create backups or migrate data across regions/accounts.
    • Meet compliance requirements with historical snapshots.
  • How It Works:
    1. Use Point-in-Time Recovery (PITR) to create consistent snapshots.
    2. Export data as Apache Parquet files to S3 for efficient storage and processing.
    3. Use tools like AWS CLI, Lambda, or EventBridge to automate the process.
  • Setup Essentials:
    • Enable PITR on your DynamoDB table.
    • Configure an IAM role with permissions for DynamoDB, S3, and KMS.
    • Set up an S3 bucket with encryption, versioning, and lifecycle rules.
  • Export Options:
    • Point-in-Time: For consistent snapshots.
    • On-Demand: For immediate exports.
  • Tools for Exported Data:

Required Setup

Prepare AWS components to securely and efficiently transfer DynamoDB data to S3.

Enable Point-in-Time Recovery (PITR)

To enable PITR for your target DynamoDB table:

  1. Open the DynamoDB console.
  2. Select the target table.
  3. Go to the "Backups" tab.
  4. Enable Point-in-Time Recovery (PITR).
  5. Confirm the PITR status shows as 'Active'.

PITR provides continuous backups of your table for up to 35 days. Keep in mind, this feature incurs additional costs based on the size of your table and the volume of changes.

Configure IAM Roles

Create an IAM role with the necessary permissions for exporting data from DynamoDB, managing S3 buckets, and handling KMS-encrypted data.

Permission Type Required Actions Purpose
DynamoDB dynamodb:ExportTableToPointInTime Enable export operations
S3 s3:PutObject, s3:GetObject, s3:DeleteObject Manage exported files
KMS kms:Decrypt, kms:GenerateDataKey Handle encrypted data

Below is an example of a minimal IAM policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "dynamodb:ExportTableToPointInTime",
      "Resource": "arn:aws:dynamodb:region:account-id:table/table-name"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::bucket-name/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey"
      ],
      "Resource": "*"
    }
  ]
}

Once your IAM role is ready, configure your S3 bucket to receive the exported data.

Set Up S3 Storage

Create a dedicated S3 bucket in the same AWS region as your DynamoDB table. This helps reduce transfer costs and improves performance.

Recommended Bucket Settings:

  • Enable versioning: Ensures data consistency.
  • Set up lifecycle rules: Helps manage storage costs by moving data to cheaper storage classes over time.
  • Enable server-side encryption (SSE): Protects your data at rest.
  • Apply bucket policies: Control access and permissions.

Choosing a Storage Class:

Storage Class Best For Retrieval Time
Standard Frequent access Immediate
Standard-IA Infrequent access Immediate
Glacier Long-term archive Varies (hours)

Export Setup Steps

Follow these steps to export your DynamoDB data to Amazon S3.

Open DynamoDB Console

DynamoDB

To get started, access your DynamoDB table through the AWS Management Console:

  • Sign in to the AWS Management Console.
  • Go to the DynamoDB service.
  • Click on Tables in the left-hand menu.
  • Select the table you want to export.
  • From the Actions dropdown, choose Export to S3.

Once you've opened your table, proceed to select the export method.

Choose Export Method

DynamoDB offers two export options:

Export Type Best For Notes
Point-in-Time Consistent snapshots Requires Point-In-Time Recovery (PITR) enabled.
On-Demand Immediate exports Uses the table's current state.

Pick the export method that aligns with your data backup needs.

Select S3 Target

Enter the name of your S3 bucket, and if needed, include a prefix to organize your exports (e.g., s3://my-dynamo-exports/customer-data/2025-03/).

After this, you'll need to configure the export parameters.

Set Export Parameters

Set up the following parameters to complete the export:

Parameter Description Suggested Setting
Encryption Protects your exported data AWS KMS (SSE-KMS)
Export Role IAM role that allows DynamoDB to write to S3 Use a dedicated export role
Object Prefix Optional path within the S3 bucket for organization Use a date-based format (e.g., YYYY/MM/DD)

You can also add export tags to track costs effectively.

Export Management

You can monitor the status of your export job directly in the DynamoDB console. Keep track of its progress by using these key components:

Component Purpose
Status Indicator Displays the current state of the export job
Progress Bar Shows the percentage of completion
CloudWatch Logs Provides detailed logs of the operation

If you encounter errors, review your configuration and check the CloudWatch logs for more details. Pay attention to these common issues:

  • IAM role permissions: Ensure the role has the necessary access.
  • S3 bucket accessibility: Verify that the bucket is correctly configured and accessible.
  • Storage capacity limits: Confirm there is enough space for the export.
  • Network connectivity: Ensure stable and sufficient network resources.

After the export finishes, review the exported data files to ensure everything is accurate and complete.

sbb-itb-6210c22

Working with Exported Data

DynamoDB export files are stored in Apache Parquet format with Snappy compression, ensuring efficient storage and processing.

Read Export Files

When you export data, it's organized in your S3 bucket in a structured way:

File Type Description Common Use Cases
manifest.ion Metadata and schema for the export Validating and understanding structure
data/*.parquet The main table data in Parquet format Processing and analyzing data
errors/*.json Logs of any errors during export Diagnosing failed exports

To work with this data, you can leverage several AWS tools:

  • Amazon Athena: Query your Parquet files by creating an external table.
  • AWS Glue: Use ETL jobs to process and transform the data.
  • Amazon QuickSight: Create visualizations directly from the S3-stored data.

Once you've accessed the data, it's important to organize and secure it effectively.

Data Storage Tips

1. Set lifecycle policies

Use S3 lifecycle rules to manage storage costs:

  • Transition files to Infrequent Access after 30 days.
  • Archive files to Glacier after 90 days.
  • Delete files older than 180 days, if no longer needed.

2. Organize with consistent prefixes

Adopt a clear and logical prefix structure for your exports:

s3://your-bucket/
  exports/
    dynamodb/
      table-name/
        YYYY-MM-DD/
          manifest.ion
          data/
          errors/

This approach simplifies navigation and management.

3. Enable versioning

Turn on S3 versioning to keep a history of exports and safeguard against accidental deletions. For better performance, ensure Parquet files use Snappy compression.

To enhance security and reliability, enforce strict S3 bucket policies. Use VPC endpoints, AWS KMS encryption, and cross-region replication to protect your data and prepare for disaster recovery scenarios.

Export Automation

Automating exports takes the manual setup a step further, making recurring tasks more efficient.

CLI Export Commands

Use the AWS CLI to automate DynamoDB exports with these commands:

aws dynamodb export-table-to-point-in-time \
--table-arn arn:aws:dynamodb:region:account-id:table/table-name \
--s3-bucket your-bucket \
--s3-prefix exports/table-name/$(date +%Y-%m-%d) \
--export-format DYNAMODB_JSON

aws dynamodb describe-export \
--export-arn arn:aws:dynamodb:region:account-id:table/table-name/export/id

For better reliability, include error handling in your scripts:

if [ $? -eq 0 ]; then 
    echo "Export started successfully" 
else 
    echo "Export failed to start" >&2 
    exit 1 
fi

Automating Export Schedules

To fully automate exports, combine AWS Lambda with EventBridge (formerly CloudWatch Events).

  • Create a Lambda Function

Here’s an example function to trigger exports:

import boto3
from datetime import datetime

def lambda_handler(event, context):
    dynamodb = boto3.client('dynamodb')
    response = dynamodb.export_table_to_point_in_time(
        TableArn='table-arn',
        S3Bucket='your-bucket',
        S3Prefix=f'exports/{datetime.now().strftime("%Y-%m-%d")}',
        ExportFormat='DYNAMODB_JSON'
    )
    return response
  • Set an EventBridge Rule

Configure EventBridge to schedule the Lambda function. For example, this cron expression schedules exports daily at 2 AM:

{
    "schedule": "cron(0 2 * * ? *)",
    "target": {
        "function": "dynamodb-export-function",
        "input": {
            "tableArn": "your-table-arn"
        }
    }
}

You can adjust the cron expression to fit your timing needs.

Handling Large Table Exports

For larger tables, AWS handles the export process. Use the AWS CLI to monitor export progress and consider integrating SNS notifications to receive updates on export status.

DynamoDB Exports to S3: Key Considerations

Successfully exporting DynamoDB data to S3 requires careful setup and attention to detail. Here are the main areas to focus on for smooth and efficient exports:

Security and Access Control

  • Set up IAM roles with the least privileges necessary for export operations.
  • Use encryption at rest for both DynamoDB and S3 to protect your data.
  • Regularly review and audit permissions and access patterns to ensure they remain secure.

Performance Tips

  • Schedule exports during non-peak hours to reduce the impact on production systems.
  • Take advantage of Point-in-Time Recovery (PITR) backups to ensure consistent data exports.
  • Keep an eye on CloudWatch metrics to monitor resource usage during the export process.

Managing Costs

  • Use lifecycle policies in S3 to move older export data to lower-cost storage tiers automatically.
  • Delete failed or incomplete exports promptly to avoid unnecessary storage expenses.
  • Consider S3 Intelligent-Tiering for data with unpredictable access patterns to optimize storage costs.

By combining these practices with the detailed steps outlined earlier, you can create a reliable export process.

For larger-scale operations, automate the workflow using AWS CLI and Lambda functions. Be sure to include error handling and monitoring to maintain reliability throughout the process.

Related posts

Read more