Configure access to Amazon Kinesis
This section covers how to configure an Amazon Kinesis Connection in SQLake to read from an Amazon Kinesis stream managed by another AWS account.
In order to create an IAM role and a trust relationship, please visit the Role Based AWS Credentials documentation, and use the following documentation to create the IAM policy with the required Amazon Kinesis permissions.
SQLake requires the following permissions:
When creating an Amazon Kinesis connection in SQLake, you can include the
STREAM_DISPLAY_FILTERSproperty, which allows you to restrict the Amazon Kinesis streams that users can see in the SQLake navigation tree. However, this does not limit the user’s ability to read objects; that is still managed by the permissions in the IAM role attached to the connection. This property is not to be used to restrict access to data.
STREAMS_DISPLAY_FILTERSproperty is omitted, SQLake attempts to list all streams in the account. The available streams are listed in the SQLake navigation tree to make it easier for users to discover datasets. For this to function correctly, SQLake requires the IAM policy to include
STREAMS_DISPLAY_FILTERSis included when creating the Amazon Kinesis connection, you do not need to add the
When creating the IAM policy, add the policy statements that allow SQLake to access the data in your Amazon Kinesis: