Kinesis Data Streams
The Amazon Kinesis Data Streams connector uses the AWS SDK to communicate to Amazon Kinesis Data Streams, which is REST based. The Access Key and Secret Key must be acquired for an IAM user that is in a group with access to the Amazon Kinesis Data Streams API. This permission in AWS is called AmazonKinesisFullAccess. This role is used to publish data to Amazon Kinesis Data Streams.
Connection Settings
Authentication Type
| Setting | Description |
|---|---|
| Token | Enter an IAM Access and Secret Key that have permissions to write to Kinesis Data Streams. See below section on IAM permission best practices. |
| Assume EC2 IAM Role | If running on an EC2 instance with an IAM role attached, automatically assumes that role. No credentials are required. See below section on IAM permission best practices. |
Region
Region of the Amazon Kinesis Data Streams instance (e.g., us-east-1)
Input Settings
Inputs are not currently supported
Output Settings
Data Stream
The name of data stream to write to.
Partition Key
An optional field to specify a partition key for the data stream. Outputs with a specified partition key will all write to the same shard. If no partition key is given, the output will disperse requests among all existing shards for the data stream.
AWS IAM Best Practices
Please see AWS documentation on IAM best practices. HighByte strongly recommends following the policy of least privilege when granting the IAM role for the connection.
https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html
https://docs.aws.amazon.com/streams/latest/dev/security-best-practices.html
It is also recommended that users occasionally rotate new IAM credentials and manually update the Intelligence Hub configuration with the new credentials.
The following IAM permissions are used by the Kinesis Data Stream Connection.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
}