Data Firehose
The AWS Data Firehose connector uses the AWS SDK to communicate to Amazon Data Firehose, which is REST based. The Access Key and Secret Key must be acquired for an IAM user that is in a group with access to the Amazon Data Firehose API. This permission in AWS is called AmazonKinesisFirehoseFullAccess. This role is used to publish data to Amazon Data Firehose.
Connection Settings
Authentication Type
| Setting | Description |
|---|---|
| Token | Enter an IAM Access and Secret Key with AmazonKinesisFirehoseFullAccess. See below section on IAM permission best practices. |
| Assume EC2 IAM Role | If running on an EC2 instance with an IAM role attached, automatically assumes that role. No credentials are required. See below section on IAM permission best practices. |
Access Key
IAM created user access key with AmazonKinesisFirehoseFullAccess permission.
Secret Key
IAM provided secret key.
Region
Region of the Amazon Data Firehose instance (e.g., us-east-1)
Input Settings
Inputs are not currently supported
Output Settings
Delivery Stream
The name of the delivery stream to write to.
AWS IAM Best Practices
Please see AWS documentation on IAM best practices. HighByte strongly recommends following the policy of least privilege when granting the IAM role for the connection.
https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html
https://docs.aws.amazon.com/firehose/latest/dev/security-best-practices.html
It is also recommended that users occasionally rotate new IAM credentials and manually update the Intelligence Hub configuration with the new credentials.
The following IAM permissions are used by the Data Firehose Connection.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"firehose:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}