The ReplicaNotFoundException occurs when you try to perform operations on a DynamoDB global table replica that doesn't exist or has been removed from the replication group. This error happens when referencing a replica region that's not configured in the global table or when the replica is in an inaccessible state.
The ReplicaNotFoundException in DynamoDB indicates that your application is attempting to perform operations on a global table replica that cannot be found or is no longer part of the replication group. This error occurs in several scenarios: 1. **Replica doesn't exist**: You're referencing a replica region that hasn't been added to the global table 2. **Replica was removed**: The replica was deleted from the global table configuration but your application still references it 3. **Replica is inaccessible**: The region is disabled or the KMS encryption key is inaccessible, causing DynamoDB to remove the replica after 20 hours 4. **Region configuration mismatch**: The region specified doesn't match any replica in the global table configuration 5. **Replication in progress**: The global table is updating replicas and the referenced replica is temporarily unavailable 6. **Account or region context is incorrect**: You're querying from a different AWS account or region context than where the replica exists DynamoDB global tables provide multi-region replication for high availability. When you add a replica to a global table, DynamoDB replicates data across regions automatically. The ReplicaNotFoundException specifically indicates the requested replica region is not part of the global table configuration.
First, check which regions actually have replicas configured in the global table:
# List all replicas in the global table
aws dynamodb describe-global-table \
--global-table-name your-table-name \
--region us-east-1
# View only the replica regions
aws dynamodb describe-global-table \
--global-table-name your-table-name \
--region us-east-1 \
--query 'GlobalTableDescription.ReplicationGroup[*].{Region:RegionName,Status:ReplicationStatus}' \
--output table
# Check replica status in detail
aws dynamodb describe-global-table \
--global-table-name your-table-name \
--region us-east-1 \
--query 'GlobalTableDescription.ReplicationGroup[*].{Region:RegionName,Status:ReplicationStatus,LastUpdateToPayloadVersion:LastUpdateToPayloadVersion}' \
--output jsonWhat to look for:
- List of regions should match your expected replica configuration
- Status should show ACTIVE for operational replicas
- Any regions showing CREATING, UPDATING, or DELETING indicate ongoing operations
- Missing regions confirm that the replica doesn't exist
An AWS region can become inaccessible, causing DynamoDB to automatically remove replicas. Verify region status:
# Check if you have access to the target region
aws ec2 describe-regions \
--region-names eu-west-1 \
--output table
# Try to describe the table in the target region directly
aws dynamodb describe-table \
--table-name your-table-name \
--region eu-west-1
# Check for any KMS key issues in that region
aws kms describe-key \
--key-id alias/your-key-alias \
--region eu-west-1 \
--output json | grep -i "KeyState\|Enabled"Important notes:
- If DynamoDB cannot access a region for more than 20 hours, it automatically removes the replica
- The underlying table remains but is no longer part of the global table
- KMS key inaccessibility also triggers automatic replica removal
- You won't get an error immediately - removal happens after the 20-hour grace period
If the replica truly doesn't exist and the region is accessible, add it to the global table:
# First, verify that an empty table with the same name exists in the target region
aws dynamodb describe-table \
--table-name your-table-name \
--region eu-west-1
# If the table doesn't exist, create an empty table in the target region
# (it must have the same schema as the primary table)
aws dynamodb create-table \
--table-name your-table-name \
--attribute-definitions AttributeName=id,AttributeType=S \
--key-schema AttributeName=id,KeyType=HASH \
--billing-mode PAY_PER_REQUEST \
--stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES \
--region eu-west-1
# Wait for the table to become active
aws dynamodb wait table-exists --table-name your-table-name --region eu-west-1
# Now add the region as a replica to the global table
aws dynamodb update-global-table \
--global-table-name your-table-name \
--replica-updates '[
{
"Create": {
"RegionName": "eu-west-1"
}
}
]' \
--region us-east-1
# Verify the replica was added
aws dynamodb describe-global-table \
--global-table-name your-table-name \
--region us-east-1 \
--query 'GlobalTableDescription.ReplicationGroup[*].RegionName'Key requirements for adding a replica:
- Target region table must be empty (no data)
- Table must have the same primary key schema
- DynamoDB Streams must be enabled with NEW_AND_OLD_IMAGES
- Write capacity units must match across all replicas
- Can only add one replica per API call
If a region became inaccessible and the replica was automatically removed, restore from backup:
# List available backups
aws dynamodb list-backups \
--table-name your-table-name \
--region us-east-1
# Restore from the most recent backup in the affected region
aws dynamodb restore-table-from-backup \
--target-table-name your-table-name \
--backup-arn arn:aws:dynamodb:eu-west-1:123456789012:table/your-table-name/backup/01234567890123-abcdef01
# Wait for restoration to complete
aws dynamodb wait table-exists \
--table-name your-table-name \
--region eu-west-1
# Re-add the restored table as a replica to the global table
aws dynamodb update-global-table \
--global-table-name your-table-name \
--replica-updates '[
{
"Create": {
"RegionName": "eu-west-1"
}
}
]' \
--region us-east-1
# Verify restoration and replication
aws dynamodb describe-global-table \
--global-table-name your-table-name \
--region us-east-1Important considerations:
- Backups are region-specific; you must have a backup in the affected region
- Restoring creates a new table; the old table must be deleted first
- Replication lag occurs during initial synchronization after restoration
- Consider using on-demand billing during restoration to avoid capacity issues
Add defensive coding to handle replica operations gracefully:
import {
DynamoDBClient,
DescribeGlobalTableCommand,
UpdateGlobalTableCommand,
ReplicaNotFoundException
} from '@aws-sdk/client-dynamodb';
const client = new DynamoDBClient({ region: 'us-east-1' });
async function addReplicaWithValidation(globalTableName, replicaRegion) {
try {
// First, verify the replica doesn't already exist
const describeCmd = new DescribeGlobalTableCommand({
GlobalTableName: globalTableName
});
const response = await client.send(describeCmd);
const existingRegions = response.GlobalTableDescription.ReplicationGroup.map(
r => r.RegionName
);
if (existingRegions.includes(replicaRegion)) {
console.log(`Replica in ${replicaRegion} already exists`);
return;
}
// Add the missing replica
const updateCmd = new UpdateGlobalTableCommand({
GlobalTableName: globalTableName,
ReplicaUpdates: [
{
Create: {
RegionName: replicaRegion
}
}
]
});
await client.send(updateCmd);
console.log(`Successfully added replica in ${replicaRegion}`);
} catch (error) {
if (error.name === 'ReplicaNotFoundException') {
console.error(`Replica not found in global table: ${error.message}`);
// List available replicas for debugging
const describeCmd = new DescribeGlobalTableCommand({
GlobalTableName: globalTableName
});
const response = await client.send(describeCmd);
console.log('Available replicas:', response.GlobalTableDescription.ReplicationGroup);
}
throw error;
}
}
async function checkReplicaHealth(globalTableName) {
const describeCmd = new DescribeGlobalTableCommand({
GlobalTableName: globalTableName
});
const response = await client.send(describeCmd);
console.log('Global table status:', response.GlobalTableDescription.GlobalTableStatus);
response.GlobalTableDescription.ReplicationGroup.forEach(replica => {
console.log(`Region: ${replica.RegionName}, Status: ${replica.ReplicationStatus}`);
// Alert on unhealthy replicas
if (replica.ReplicationStatus !== 'ACTIVE') {
console.warn(`Warning: Replica in ${replica.RegionName} is not ACTIVE`);
}
});
}
// Usage example
await addReplicaWithValidation('my-global-table', 'eu-west-1');
await checkReplicaHealth('my-global-table');Best practices:
- Always verify replica existence before performing operations
- List available replicas when errors occur
- Monitor replica health status regularly
- Implement retry logic with exponential backoff
- Log detailed information for debugging
Ensure your AWS SDK is correctly configured to access replicas:
# Check AWS CLI configuration
aws configure list
# Test access to each replica region
aws dynamodb describe-table \
--table-name your-table-name \
--region us-east-1
aws dynamodb describe-table \
--table-name your-table-name \
--region eu-west-1
aws dynamodb describe-table \
--table-name your-table-name \
--region ap-southeast-1
# Verify IAM permissions for global table operations
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::123456789012:role/YourRole \
--action-names dynamodb:UpdateGlobalTable dynamodb:DescribeGlobalTable
# Check for active sessions and credentials
aws sts get-caller-identityConfiguration checks:
- Verify credentials have global table permissions
- Ensure AWS_PROFILE is set to correct role if using multiple profiles
- Check that region environment variables don't override explicit region parameters
- Verify credentials haven't expired
- Check for assumed role session tokens if using cross-account access
Review CloudTrail to understand what operations failed:
# Look for failed global table operations
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=EventName,AttributeValue=UpdateGlobalTable \
--start-time $(date -u -d '7 days ago' +%s) \
--max-items 50 \
--query 'Events[?ErrorCode=="ReplicaNotFoundException"]'
# Check for replica creation/deletion events
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=EventName,AttributeValue=UpdateGlobalTable \
--start-time $(date -u -d '7 days ago' +%s) \
--query 'Events[*].[EventTime,EventName,CloudTrailEvent]' \
--output json | jq '.[] | .[2] | fromjson | {eventTime: .eventTime, eventName: .eventName, requestParameters: .requestParameters, errorCode: .errorCode}'
# Monitor for region accessibility issues
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=EventName,AttributeValue=DescribeGlobalTable \
--start-time $(date -u -d '24 hours ago' +%s) \
--query 'Events[?contains(CloudTrailEvent, "INACCESSIBLE")]'
# Check CloudWatch metrics for replication status
aws cloudwatch get-metric-statistics \
--namespace AWS/DynamoDB \
--metric-name ConsumedWriteCapacityUnits \
--dimensions Name=GlobalTableName,Value=your-table-name \
--start-time $(date -u -d '24 hours ago' +%Y-%m-%dT%H:%M:%S) \
--end-time $(date -u +%Y-%m-%dT%H:%M:%S) \
--period 3600 \
--statistics SumWhat to look for in logs:
- EventSource: dynamodb.amazonaws.com
- EventName: UpdateGlobalTable, DescribeGlobalTable
- ErrorCode: ReplicaNotFoundException
- CloudTrailEvent details: requestParameters and responseElements
- Timestamps of operations to correlate with incidents
## ReplicaNotFoundException Deep Dive
### Global Table Replica Lifecycle
Replicas go through specific states during global table operations:
1. CREATING: Replica being added, initial replication setup
2. ACTIVE: Fully operational, accepting read/write operations
3. UPDATING: Replica being modified (capacity, streams, settings)
4. DELETING: Replica being removed from global table
5. INACCESSIBLE: Region or resources unavailable (leads to removal after 20 hours)
### Automatic Replica Removal (20-hour rule)
If a replica region becomes inaccessible, DynamoDB automatically removes it after 20 hours:
Region disabled scenarios:
- AWS region maintenance or incidents
- Network partition between regions
- Regional service degradation
KMS key inaccessibility:
- Encryption key disabled in key region
- Cross-account key access revoked
- Key policy changes preventing access
- Key in different account and access removed
When removed, the underlying table persists but is no longer part of global table configuration.
### Requirements for Adding Replicas
Before adding a replica, these conditions must be met:
1. Table exists: Base table must exist in target region
2. Table is empty: No data can be present
3. Same schema: Primary key must match exactly
4. Streams enabled: DynamoDB Streams with NEW_AND_OLD_IMAGES
5. Capacity matches: Write capacity units must be consistent
6. No conflicts: Another replica operation can't be in progress
7. Single replica per operation: UpdateGlobalTable can only add/remove one replica at a time
### Global Table Versions
Version 2019.11.21 (Current - Recommended):
- Multi-master replication model
- Any region can accept writes
- Last-writer-wins conflict resolution
- Lower write cost than legacy version
- Better performance and flexibility
Version 2017.11.29 (Legacy - Deprecated):
- Primary region accepts writes
- Secondary regions accept reads only
- Higher write consumption
- Not recommended for new tables
The legacy version (2017.11.29) has tighter constraints on replica operations and should be avoided.
### Replica Health Monitoring
Monitor these key indicators:
Replication latency:
- Typically < 1 second for same-continent regions
- 1-5 seconds for cross-continent
- > 5 seconds may indicate issues
Replica status checks:
- ACTIVE: Normal operation
- CREATING/UPDATING/DELETING: Operation in progress
- Not present: Replica doesn't exist or was removed
CloudWatch metrics per replica:
- ConsumedWriteCapacityUnits
- ThrottledWriteRequests
- ReplicationLatency (if available)
- UserErrors (API failures)
### Cross-Account Global Tables
If global table replicas span AWS accounts:
1. Primary account owns the global table
2. Secondary account needs table with same name
3. Trust relationship required for cross-account access
4. KMS key policy must allow cross-account access if encrypted
Example cross-account setup:
# In secondary account: Create empty table
aws dynamodb create-table \
--table-name shared-global-table \
--attribute-definitions AttributeName=id,AttributeType=S \
--key-schema AttributeName=id,KeyType=HASH \
--billing-mode PAY_PER_REQUEST \
--stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES \
--region eu-west-1
# In primary account: Add as replica
aws dynamodb update-global-table \
--global-table-name shared-global-table \
--replica-updates '[{"Create": {"RegionName": "eu-west-1"}}]' \
--region us-east-1### Troubleshooting Flowchart
When you encounter ReplicaNotFoundException:
1. Run describe-global-table → Get list of existing replicas
2. Is target region in the list?
- NO → Region never added → Use UpdateGlobalTable to add
- YES, ACTIVE → Operation failed elsewhere → Check permissions
- YES, not ACTIVE → Wait for operation to complete
3. Is replica region accessible?
- NO → Wait for region to become available or restore from backup
- YES → Verify region name spelling and capitalization
4. Do you have correct IAM permissions?
- Check with iam:simulate-principal-policy
- Required: dynamodb:UpdateGlobalTable, dynamodb:DescribeGlobalTable
5. Is this cross-account? → Verify role trust and resource policies
### Performance Considerations
Write capacity impact:
- Each write in global table consumes WCUs in all replicas
- Use on-demand billing to avoid throttling during large migrations
- Monitor write capacity across all regions
Read strategies:
- Read-after-write consistency: Must read from write region
- Eventual consistency: Can read from any replica (faster)
- Design queries to use local region when possible
### Disaster Recovery with Replicas
Using global table replicas for DR:
1. Application failover: Route requests to alternate region
2. Data is replicated: No data loss (eventually consistent)
3. Recovery time: Seconds to minutes for application failover
4. Testing: Regularly test failover procedures
5. Monitoring: Set CloudWatch alarms for replica health
Common patterns:
- DNS failover to alternate region endpoint
- Application-level routing based on health checks
- DynamoDB global table handles data sync automatically
ValidationException: The provided key element does not match the schema
How to fix "ValidationException: The provided key element does not match the schema" in DynamoDB
UnrecognizedClientException: The security token included in the request is invalid
How to fix "UnrecognizedClientException: The security token included in the request is invalid" in DynamoDB
TransactionCanceledException: Transaction cancelled
How to fix "TransactionCanceledException: Transaction cancelled" in DynamoDB
RequestLimitExceeded: Throughput exceeds the current throughput limit for your account
How to fix "RequestLimitExceeded: Throughput exceeds the current throughput limit for your account" in DynamoDB
InternalServerError: Internal Server Error
How to fix "InternalServerError" in DynamoDB