Login
March 24, 2026|
Voiced by Amazon Polly |
Introduction
Amazon DynamoDB is a serverless, fully managed NoSQL database service provided by AWS. It is designed for high performance, massive scalability, and single‑digit millisecond latency, regardless of workload size. DynamoDB Streams is a feature that captures real-time changes (create, update, delete) made to items in a DynamoDB table. Common uses of DynamoDB streams usage are as follows:
- Triggering AWS Lambda when data changes (e.g., update search index, send notifications).
- Real-time analytics and processing pipelines.
- Audit logging and compliance tracking (store all changes).
- Cross-region or cross-account replication of DynamoDB data.
AWS Lambda is a serverless compute service that lets you run code without provisioning or managing any servers. When combined with DynamoDB Streams, Lambda can automatically execute your functions whenever data in a DynamoDB table changes.
This seamless integration enables powerful real‑time workflows, including:
- Data replication across systems or accounts
- Materialized views, where derived data is kept up to date automatically
- Analytics pipelines that process changes as they happen
- Event‑driven architectures that react instantly to inserts, updates, or deletes
Together, DynamoDB Streams and Lambda form a flexible, scalable way to build applications that respond to data changes in real time.
Organizations today often use multiple AWS accounts to maintain security, isolation, and cleaner separation between workloads. However, this setup can make it challenging to process DynamoDB Streams in a different account than the one where the DynamoDB table resides.
AWS recently announced a major improvement that now enables Lambda to directly read DynamoDB Streams across accounts using resource‑based policies.
Start Learning In-Demand Tech Skills with Expert-Led Training
- Industry-Authorized Curriculum
- Expert-led Training
What Changed?
Previously, cross-account stream processing required workarounds like:
- Routing data through Amazon Kinesis Data Streams
- Building custom relay infrastructure
- Managing cross-account IAM role switching
With the new resource-based policies for DynamoDB Streams, Lambda in another account can access the stream directly.
Why This Is Useful
Cross-account stream processing helps in scenarios like:
- Centralized analytics
- SaaS multi-tenant systems
- Isolated dev/stage/prod accounts
- Shared audit or compliance pipelines
With the new capability:
- Architectures become simpler
- Security is easier to manage
- Operational overhead is reduced
- Lambda still handles retrying, batching, and failures automatically
How it works
- Source Account (where DynamoDB table exists)
- DynamoDB table has Streams enabled with an appropriate view type (e.g., NEW_AND_OLD_IMAGES)
- Attach a resource-based policy to the stream ARN (It grants permission to a Lambda function in another account.)
- Consumer Account (where Lambda runs)
- Lambda function is set up with a DynamoDB Stream trigger
- when you add a trigger, you can specify the full ARN of the cross-account DynamoDB stream. Lambda polls the stream on your behalf using the configured event source.
- Lambda reads from the remote stream just like a local one
- No custom polling or extra code is needed
Figure 1: Lambda in Consumer Account Reading DynamoDB Streams from Source Account
Why This Matters
This update is especially powerful because it enables:
- True serverless, cross-account event-driven design
- Reduced operational complexity
- Stronger governance and separation between accounts
AWS has essentially made multi-account event processing as easy as single-account processing.
Design Consideration
- No additional charges for cross-account access and standard charges for DynamoDB Streams and Lambda processing charges will be applied.
- This feature requires both the Lambda functions and the DynamoDB table within the same AWS Region.
Conclusion
In this blog, we explored how AWS has made cross‑account stream processing much simpler by allowing AWS Lambda to directly read DynamoDB Streams using resource‑based policies. This new capability removes the need for complex relay setups and makes multi‑account architectures cleaner, more secure, and easier to manage.
With DynamoDB Streams capturing real‑time changes and Lambda executing code automatically, you can build powerful event‑driven workflows—like data replication, analytics pipelines, etc. Overall, this integration gives teams a faster, smarter, and more reliable way to process data across accounts while keeping operations fully serverless and scalable.
Upskill Your Teams with Enterprise-Ready Tech Training Programs
- Team-wide Customizable Programs
- Measurable Business Outcomes
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
WRITTEN BY Kamlesh N
Kamlesh Nenwani is a Subject Matter Expert at CloudThat, specializing in AWS Architecting and DevOps. With 13 years of experience in training and consultancy, he has guided over 2500+ professionals and students in mastering diverse technologies. Renowned for his clarity in explaining complex topics and his commitment to continuous learning, Kamlesh delivers practical, interactive sessions grounded in deep technical expertise.
PREV
Comments