AWS for AI/Agent Developers — Day 2: Agent State with DynamoDB Global Tables

Day 1 deployed the MCP server. Now we give it a memory.

Agents are fundamentally stateful. Every tool call, every LLM response, every decision builds on what came before. Without persistent state, your agent forgets everything when a container restarts or a region fails over.

DynamoDB is the perfect state store for agents:

Single-digit millisecond latency — fast enough for real-time agent sessions
Managed scaling — handles burst traffic from popular agents
Global Tables — multi-region replication with last-writer-wins conflict resolution
TTL — automatically expire stale sessions
DAX — in-memory cache for hot session data

Today we build the state layer from the AI Agents in Production series (Day 5) but with real DynamoDB instead of an in-memory mock:

1
┌──────────────┐     ┌──────────────┐     ┌──────────────┐
2
│   Agent      │────▶│  Agent       │────▶│  DynamoDB    │
3
│   Runtime    │     │  State       │     │              │
4
│              │     │  Service     │     │  ┌────────┐  │
5
│  Tool Call   │     │              │     │  │ Session│  │
6
│  LLM Request │     │  Read/Write  │     │  │ Table  │  │
7
│  Session     │     │  with TTL    │     │  └────────┘  │
8
│  Checkpoint  │     │  Versioning  │     │  ┌────────┐  │
9
└──────────────┘     └──────────────┘     │  │ Tools  │  │
10
                                          │  │ Cache  │  │
11
                                          │  └────────┘  │
12
                                          └──────────────┘

What We’re Storing#

An agent needs three types of state:

Data	Table	Key	TTL	Example
Session	`agent-sessions`	`session#<id>`	1 hour	Conversation history, agent state
Tool cache	`agent-tool-cache`	`tool#<name>#<hash>`	5-60 min	Tool results (from Day 2 of AI Agents series)
User preferences	`agent-user-preferences`	`user#<id>#<agent>`	7 days	Per-user agent settings

Step 1: Create the DynamoDB Tables#

Session table — the main state store#

1
# Session table with Global Tables support
2
aws dynamodb create-table \
3
  --table-name agent-sessions \
4
  --attribute-definitions \
5
    AttributeName=pk,AttributeType=S \
6
    AttributeName=sk,AttributeType=S \
7
  --key-schema \
8
    AttributeName=pk,KeyType=HASH \
9
    AttributeName=sk,KeyType=RANGE \
10
  --billing-mode PAY_PER_REQUEST \
11
  --tags Key=Environment,Key=production
12

13
# Enable TTL (auto-delete after 1 hour)
14
aws dynamodb update-time-to-live \
15
  --table-name agent-sessions \
16
  --time-to-live-specification Enabled=true,AttributeName=ttl

Key design:

Attribute	Type	Example	Purpose
`pk`	String	`session#abc123`	Partition key — session identifier
`sk`	String	`meta`	Sort key — `meta`, `msg#001`, `msg#002`
`data`	Map	—	Session data blob
`version`	Number	42	Monotonic for conflict resolution
`ttl`	Number	1719427200	DynamoDB TTL (epoch seconds)
`lastActiveRegion`	String	`us-east-1`	Track active region

Tool cache table#

1
aws dynamodb create-table \
2
  --table-name agent-tool-cache \
3
  --attribute-definitions AttributeName=pk,AttributeType=S \
4
  --key-schema AttributeName=pk,KeyType=HASH \
5
  --billing-mode PAY_PER_REQUEST
6

7
aws dynamodb update-time-to-live \
8
  --table-name agent-tool-cache \
9
  --time-to-live-specification Enabled=true,AttributeName=ttl

Step 2: Agent State Service with DynamoDB#

`src/state/dynamo-state.ts`#

1
// src/state/dynamo-state.ts — Agent state store backed by DynamoDB
2

3
import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
4
import {
5
  DynamoDBDocumentClient,
6
  GetCommand,
7
  PutCommand,
8
  QueryCommand,
9
  DeleteCommand,
10
  BatchWriteCommand,
11
} from "@aws-sdk/lib-dynamodb";
12

13
export interface AgentSession {
14
  sessionId: string;
15
  conversation: Array<{
16
    role: "user" | "assistant" | "tool";
17
    content: string;
18
    timestamp: number;
19
    metadata?: Record<string, unknown>;
20
  }>;
21
  state: Record<string, unknown>;
22
  version: number;
23
  lastToolCall: string | null;
24
  lastActiveRegion: string;
25
  lastActiveAt: number;
26
}
27

28
export interface ToolCacheEntry {
29
  toolName: string;
30
  paramsHash: string;
31
  result: unknown;
32
  cachedAt: number;
33
  expiresAt: number;
34
  hitCount: number;
35
}
36

37
export class DynamoAgentState {
38
  private docClient: DynamoDBDocumentClient;
39
  private sessionTable: string;
40
  private cacheTable: string;
41

42
  constructor(options: {
43
    region: string;
44
    sessionTable?: string;
45
    cacheTable?: string;
46
  }) {
47
    const client = new DynamoDBClient({ region: options.region });
48
    this.docClient = DynamoDBDocumentClient.from(client);
49
    this.sessionTable = options.sessionTable || "agent-sessions";
50
    this.cacheTable = options.cacheTable || "agent-tool-cache";
51
  }
52

53
  // ──── Session Operations ────
54

55
  /**
56
   * Save or update a session checkpoint.
57
   * Uses conditional write for version-wins conflict resolution.
58
   */
59
  async saveSession(session: AgentSession): Promise<void> {
60
    const ttl = Math.floor(Date.now() / 1000) + 3600; // 1 hour TTL
61

62
    const item = {
63
      pk: `session#${session.sessionId}`,
64
      sk: "meta",
65
      data: {
66
        conversation: session.conversation.slice(-50), // Keep last 50 messages
67
        state: session.state,
68
      },
69
      version: session.version,
70
      lastToolCall: session.lastToolCall,
71
      lastActiveRegion: session.lastActiveRegion,
72
      lastActiveAt: session.lastActiveAt,
73
      ttl,
74
    };
75

76
    await this.docClient.send(new PutCommand({
77
      TableName: this.sessionTable,
78
      Item: item,
79
      // Only write if version is higher (prevent stale writes)
80
      ConditionExpression: "attribute_not_exists(version) OR version < :newVersion",
81
      ExpressionAttributeValues: {
82
        ":newVersion": session.version,
83
      },
84
    }));
85
  }
86

87
  /**
88
   * Load a session from DynamoDB.
89
   */
90
  async loadSession(sessionId: string): Promise<AgentSession | null> {
91
    const result = await this.docClient.send(new GetCommand({
92
      TableName: this.sessionTable,
93
      Key: {
94
        pk: `session#${sessionId}`,
95
        sk: "meta",
96
      },
97
      ConsistentRead: true, // Strong consistency for session reads
98
    }));
99

100
    if (!result.Item) return null;
101

102
    return this.hydrateSession(sessionId, result.Item);
103
  }
104

105
  /**
106
   * Append a single message to a session.
107
   * More efficient than rewriting the entire conversation.
108
   */
109
  async appendMessage(
110
    sessionId: string,
111
    message: AgentSession["conversation"][0]
112
  ): Promise<void> {
113
    const msgId = `msg#${String(message.timestamp).padStart(14, "0")}`;
114
    const ttl = Math.floor(Date.now() / 1000) + 3600;
115

116
    await this.docClient.send(new PutCommand({
117
      TableName: this.sessionTable,
118
      Item: {
119
        pk: `session#${sessionId}`,
120
        sk: msgId,
121
        role: message.role,
122
        content: message.content,
123
        timestamp: message.timestamp,
124
        metadata: message.metadata,
125
        ttl,
126
      },
127
    }));
128
  }
129

130
  /**
131
   * Load full conversation (meta + all messages).
132
   */
133
  async loadConversation(sessionId: string): Promise<AgentSession["conversation"]> {
134
    const result = await this.docClient.send(new QueryCommand({
135
      TableName: this.sessionTable,
136
      KeyConditionExpression: "pk = :pk",
137
      ExpressionAttributeValues: {
138
        ":pk": `session#${sessionId}`,
139
      },
140
      ConsistentRead: true,
141
    }));
142

143
    if (!result.Items || result.Items.length === 0) return [];
144

145
    // Sort messages by timestamp and extract conversation
146
    const messages = result.Items
147
      .filter(item => item.sk !== "meta")
148
      .sort((a, b) => (a.timestamp || 0) - (b.timestamp || 0))
149
      .map(item => ({
150
        role: item.role as "user" | "assistant" | "tool",
151
        content: item.content as string,
152
        timestamp: item.timestamp as number,
153
        metadata: item.metadata as Record<string, unknown> | undefined,
154
      }));
155

156
    return messages;
157
  }
158

159
  /**
160
   * Delete a session (cleanup on session end).
161
   */
162
  async deleteSession(sessionId: string): Promise<void> {
163
    // Get all items for this session
164
    const items = await this.docClient.send(new QueryCommand({
165
      TableName: this.sessionTable,
166
      KeyConditionExpression: "pk = :pk",
167
      ExpressionAttributeValues: { ":pk": `session#${sessionId}` },
168
    }));
169

170
    if (!items.Items || items.Items.length === 0) return;
171

172
    // Batch delete all items
173
    const deleteRequests = items.Items.map(item => ({
174
      DeleteRequest: {
175
        Key: { pk: item.pk, sk: item.sk },
176
      },
177
    }));
178

179
    // Batch in chunks of 25 (DynamoDB limit)
180
    for (let i = 0; i < deleteRequests.length; i += 25) {
181
      await this.docClient.send(new BatchWriteCommand({
182
        RequestItems: {
183
          [this.sessionTable]: deleteRequests.slice(i, i + 25),
184
        },
185
      }));
186
    }
187
  }
188

189
  // ──── Tool Cache Operations ────
190

191
  /**
192
   * Store a tool result in the cache table.
193
   */
194
  async cacheToolResult(
195
    toolName: string,
196
    params: Record<string, unknown>,
197
    result: unknown,
198
    ttlMs: number
199
  ): Promise<void> {
200
    const paramsHash = this.hashParams(params);
201
    const now = Date.now();
202
    const ttl = Math.floor((now + ttlMs) / 1000);
203

204
    await this.docClient.send(new PutCommand({
205
      TableName: this.cacheTable,
206
      Item: {
207
        pk: `tool#${toolName}#${paramsHash}`,
208
        result: typeof result === "string" ? result : JSON.stringify(result),
209
        cachedAt: now,
210
        expiresAt: now + ttlMs,
211
        hitCount: 0,
212
        ttl,
213
      },
214
    }));
215
  }
216

217
  /**
218
   * Get a cached tool result.
219
   */
220
  async getCachedToolResult<T>(
221
    toolName: string,
222
    params: Record<string, unknown>
223
  ): Promise<{ result: T; hitCount: number } | null> {
224
    const paramsHash = this.hashParams(params);
225

226
    const result = await this.docClient.send(new GetCommand({
227
      TableName: this.cacheTable,
228
      Key: { pk: `tool#${toolName}#${paramsHash}` },
229
    }));
230

231
    if (!result.Item) return null;
232

233
    // Update hit count (fire and forget)
234
    this.incrementCacheHit(toolName, paramsHash).catch(() => {});
235

236
    return {
237
      result: typeof result.Item.result === "string"
238
        ? JSON.parse(result.Item.result)
239
        : result.Item.result as T,
240
      hitCount: (result.Item.hitCount || 0) + 1,
241
    };
242
  }
243

244
  /**
245
   * Invalidate cache for a tool pattern.
246
   */
247
  async invalidateCache(toolName: string, paramsHash?: string): Promise<void> {
248
    if (paramsHash) {
249
      // Delete specific entry
250
      await this.docClient.send(new DeleteCommand({
251
        TableName: this.cacheTable,
252
        Key: { pk: `tool#${toolName}#${paramsHash}` },
253
      }));
254
    } else {
255
      // Query all entries for this tool and delete
256
      const items = await this.docClient.send(new QueryCommand({
257
        TableName: this.cacheTable,
258
        KeyConditionExpression: "begins_with(pk, :prefix)",
259
        ExpressionAttributeValues: { ":prefix": `tool#${toolName}#` },
260
      }));
261

262
      if (items.Items && items.Items.length > 0) {
263
        const deletes = items.Items.map(item => ({
264
          DeleteRequest: { Key: { pk: item.pk } },
265
        }));
266
        for (let i = 0; i < deletes.length; i += 25) {
267
          await this.docClient.send(new BatchWriteCommand({
268
            RequestItems: { [this.cacheTable]: deletes.slice(i, i + 25) },
269
          }));
270
        }
271
      }
272
    }
273
  }
274

275
  // ──── Admin / Stats ────
276

277
  /**
278
   * Get table statistics.
279
   */
280
  async getStats(): Promise<{
281
    activeSessions: number;
282
    cacheEntries: number;
283
  }> {
284
    const [sessionInfo, cacheInfo] = await Promise.all([
285
      this.docClient.send(new GetCommand({
286
        TableName: this.sessionTable,
287
        Key: { pk: "stats", sk: "meta" },
288
      })),
289
      this.docClient.send(new GetCommand({
290
        TableName: this.cacheTable,
291
        Key: { pk: "stats", sk: "meta" },
292
      })),
293
    ]);
294

295
    return {
296
      activeSessions: (sessionInfo.Item?.count as number) || 0,
297
      cacheEntries: (cacheInfo.Item?.count as number) || 0,
298
    };
299
  }
300

301
  // ──── Private ────
302

303
  private hydrateSession(sessionId: string, item: Record<string, any>): AgentSession {
304
    const data = item.data || {};
305
    return {
306
      sessionId,
307
      conversation: data.conversation || [],
308
      state: data.state || {},
309
      version: item.version || 1,
310
      lastToolCall: item.lastToolCall || null,
311
      lastActiveRegion: item.lastActiveRegion || "unknown",
312
      lastActiveAt: item.lastActiveAt || Date.now(),
313
    };
314
  }
315

316
  private hashParams(params: Record<string, unknown>): string {
317
    const crypto = require("crypto");
318
    return crypto
319
      .createHash("sha256")
320
      .update(JSON.stringify(params))
321
      .digest("hex")
322
      .slice(0, 16);
323
  }
324

325
  private async incrementCacheHit(
326
    toolName: string,
327
    paramsHash: string
328
  ): Promise<void> {
329
    await this.docClient.send(new PutCommand({
330
      TableName: this.cacheTable,
331
      Item: {
332
        pk: `tool#${toolName}#${paramsHash}`,
333
        hitCount: 1,
334
      },
335
      // Atomic increment using UpdateItem would be better
336
      // This is a simplified example
337
    }));
338
  }
339
}

Step 3: DAX — In-Memory Cache for Hot Sessions#

DynamoDB is fast (single-digit ms), but DAX cuts that to microseconds — important for sessions that get read repeatedly during a single agent interaction.

1
# Create DAX cluster
2
aws dax create-cluster \
3
  --cluster-name agent-state-dax \
4
  --node-type dax.r5.large \
5
  --replication-factor 2 \
6
  --iam-role-arn "arn:aws:iam::<account>:role/dax-service-role" \
7
  --subnet-group-name <dax-subnet-group> \
8
  --security-group-ids <dax-sg-id>
9

10
# Deploy DAX client endpoint
11
# DAX endpoint: dax://agent-state-dax.xxxxx.clusters.dax.amazonaws.com

DAX integration:#

1
import { DynamoDBDocumentClient } from "@aws-sdk/lib-dynamodb";
2
import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
3

4
// Standard DynamoDB (for writes and cache misses)
5
const standardClient = DynamoDBDocumentClient.from(
6
  new DynamoDBClient({ region: "us-east-1" })
7
);
8

9
// With DAX — install: npm install amazon-dax-client
10
// import AmazonDaxClient from "amazon-dax-client";
11
// const daxClient = DynamoDBDocumentClient.from(
12
//   new AmazonDaxClient({ endpoints: ["agent-state-dax.xxxxx.clusters.dax.amazonaws.com"] })
13
// );
14

15
export class ReadOptimizedState extends DynamoAgentState {
16
  /**
17
   * Load session from DAX, fall back to DynamoDB.
18
   */
19
  async loadSessionFast(sessionId: string): Promise<AgentSession | null> {
20
    try {
21
      // Try DAX first
22
      // const result = await daxClient.send(...);
23
      // return result;
24
      return await this.loadSession(sessionId);
25
    } catch {
26
      return await this.loadSession(sessionId);
27
    }
28
  }
29
}

Step 4: Enable Global Tables for Multi-Region#

From AI Agents in Production Day 5: sessions must survive region failovers.

1
# Enable Global Tables on the session table
2
aws dynamodb update-table \
3
  --table-name agent-sessions \
4
  --replica-updates \
5
    RegionName=eu-west-1 \
6
    RegionName=ap-southeast-1
7

8
# Same for tool cache
9
aws dynamodb update-table \
10
  --table-name agent-tool-cache \
11
  --replica-updates \
12
    RegionName=eu-west-1 \
13
    RegionName=ap-southeast-1

How it works:

1
us-east-1 (primary)
2
  ├── Replica: eu-west-1       ← reads  + writes
3
  └── Replica: ap-southeast-1  ← reads  + writes
4

5
Write conflict resolution: Last writer wins (based on timestamp)
6
Read: Strong consistency within region, eventual across regions
7
Failover: Any replica can become primary — just change client endpoint

DynamoDB Global Tables are multi-master — you can read and write from any region. Conflict resolution uses last-writer-wins, which works well for our versioned session model.

Step 5: Integration with Agent Runtime#

1
import { DynamoAgentState } from "./state/dynamo-state.js";
2
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
3
import crypto from "crypto";
4

5
const currentRegion = process.env.AWS_REGION || "us-east-1";
6
const state = new DynamoAgentState({
7
  region: currentRegion,
8
  sessionTable: "agent-sessions",
9
  cacheTable: "agent-tool-cache",
10
});
11

12
const server = new McpServer({
13
  name: "github-issue-manager",
14
  version: "2.0.0", // Now with state!
15
});
16

17
/**
18
 * Middleware: load or create session on each request.
19
 */
20
server.tool("list_issues", "List issues", {
21
  sessionId: String,  // Client provides session ID
22
  owner: String,
23
  repo: String,
24
  state: { type: String, optional: true },
25
}, async (args) => {
26
  const { sessionId, ...params } = args;
27

28
  try {
29
    // Load session
30
    let session = await state.loadSession(sessionId);
31

32
    if (!session) {
33
      // New session — create it
34
      session = {
35
        sessionId,
36
        conversation: [],
37
        state: { created: Date.now() },
38
        version: 1,
39
        lastToolCall: null,
40
        lastActiveRegion: currentRegion,
41
        lastActiveAt: Date.now(),
42
      };
43
    }
44

45
    // Add user message to conversation
46
    const userMsg = {
47
      role: "user" as const,
48
      content: `List issues for ${params.owner}/${params.repo} (${params.state || "open"})`,
49
      timestamp: Date.now(),
50
    };
51
    session.conversation.push(userMsg);
52

53
    // Execute tool (simulated — replace with real GitHub API call)
54
    const result = { issues: ["#1 Fix login bug", "#2 Add tests"] };
55
    session.version++;
56

57
    // Add result to conversation
58
    session.conversation.push({
59
      role: "tool" as const,
60
      content: JSON.stringify(result),
61
      timestamp: Date.now(),
62
    });
63

64
    // Checkpoint to DynamoDB
65
    await state.saveSession(session);
66

67
    // Cache the tool result
68
    await state.cacheToolResult("list_issues", params, result, 60_000);
69

70
    return {
71
      content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
72
    };
73
  } catch (error) {
74
    return {
75
      content: [{ type: "text", text: `Error: ${error}` }],
76
      isError: true,
77
    };
78
  }
79
});
80

81
server.tool("check_session", "Check session state", {
82
  sessionId: String,
83
}, async (args) => {
84
  const session = await state.loadSession(args.sessionId);
85
  return {
86
    content: [{
87
      type: "text",
88
      text: session
89
        ? `Session found. Version: ${session.version}. Messages: ${session.conversation.length}`
90
        : "No session found",
91
    }],
92
  };
93
});

Step 6: Admin API Endpoints#

1
// Express endpoints for state management
2

3
// Get session details
4
app.get("/state/sessions/:id", async (req, res) => {
5
  const session = await state.loadSession(req.params.id);
6
  if (!session) return res.status(404).json({ error: "Session not found" });
7
  res.json({
8
    sessionId: session.sessionId,
9
    version: session.version,
10
    messageCount: session.conversation.length,
11
    lastActiveRegion: session.lastActiveRegion,
12
    lastActiveAt: session.lastActiveAt,
13
  });
14
});
15

16
// Get full conversation
17
app.get("/state/sessions/:id/conversation", async (req, res) => {
18
  const conversation = await state.loadConversation(req.params.id);
19
  res.json(conversation);
20
});
21

22
// Delete session
23
app.delete("/state/sessions/:id", async (req, res) => {
24
  await state.deleteSession(req.params.id);
25
  res.json({ status: "deleted" });
26
});
27

28
// Cache operations
29
app.delete("/state/cache/:toolName", async (req, res) => {
30
  await state.invalidateCache(req.params.toolName);
31
  res.json({ status: "cache-invalidated", tool: req.params.toolName });
32
});
33

34
// Stats
35
app.get("/state/stats", async (req, res) => {
36
  const stats = await state.getStats();
37
  res.json(stats);
38
});

Step 7: Cost Estimation#

Component	Configuration	Monthly cost
DynamoDB sessions	10K RCU/WCU on-demand, 1GB	~$15-30
DynamoDB tool cache	5K RCU/WCU on-demand, 500MB	~$8-15
Global Tables (3 regions)	3× replication write cost	~$20-40
DAX (2 nodes)	dax.r5.large	~$200
Total with DAX		~$250-300/mo
Total without DAX		~$45-85/mo

DAX is expensive. Start without it — DynamoDB’s single-digit ms latency is sufficient for most agent workloads. Add DAX when you see >1000 reads/second per session.

Summary#

Concept	Implementation	What it solves
Session storage	`agent-sessions` table with meta + messages	Structured state, not just a blob
Version-wins writes	`ConditionExpression` in PutCommand	Prevents stale data in concurrent sessions
Tool cache	`agent-tool-cache` table with TTL	Fast reads for repeated tool calls
Message appending	Individual items with sort key	Efficient partial updates
Multi-region	DynamoDB Global Tables	Session survival across region failover
Read optimization	DAX (optional)	Microsecond reads for hot sessions
TTL cleanup	DynamoDB TTL at item level	Auto-expire stale sessions, no Lambda needed

Checklist:#

agent-sessions table created with pk/sk and TTL
agent-tool-cache table created with TTL
State service integrated with agent runtime
Version-wins conflict resolution implemented
Message appending uses individual items (not full rewrite)
Global Tables enabled for multi-region (if applicable)
Admin endpoints exposed for debugging
Cost monitored — add DAX only when needed

Day	Topic
1	Deploy MCP Server on ECS Fargate ✅
2	Agent State with DynamoDB Global Tables ✅
3	LLM Caching with ElastiCache + Bedrock
4	Serverless Agent with Lambda + Bedrock
5	Multi-Region Agent Routing with Route53
6	CI/CD for AI Agents with CodePipeline

Series: AWS for AI/Agent Developers. Day 2: Agent state management with DynamoDB — sessions, tool cache, Global Tables for multi-region replication, and DAX for hot reads. Full TypeScript source code included.