Configure access to Amazon Kinesis
This section covers how to configure an Amazon Kinesis Connection in SQLake to read from an Amazon Kinesis stream managed by another AWS account.
In order to create an IAM role and a trust relationship, please visit the Role Based AWS Credentials documentation, and use the following documentation to create the IAM policy with the required Amazon Kinesis permissions.
SQLake requires the following permissions:
ListStreams
ListShards
GetShardIterator
GetRecords
DescribeStream
When creating an Amazon Kinesis connection in SQLake, you can include the
STREAM_DISPLAY_FILTERS property, which allows you to restrict the Amazon Kinesis streams that users can see in the SQLake navigation tree. However, this does not limit the user’s ability to read objects; that is still managed by the permissions in the IAM role attached to the connection. This property is not to be used to restrict access to data.If the
STREAMS_DISPLAY_FILTERS property is omitted, SQLake attempts to list all streams in the account. The available streams are listed in the SQLake navigation tree to make it easier for users to discover datasets. For this to function correctly, SQLake requires the IAM policy to include kinesis:ListStreams.If
STREAMS_DISPLAY_FILTERS is included when creating the Amazon Kinesis connection, you do not need to add the kinesis:ListStreams permission.When creating the IAM policy, add the policy statements that allow SQLake to access the data in your Amazon Kinesis:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kinesis:ListStreams"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"kinesis:Get*",
"kinesis:DescribeStream"
],
"Resource": [
"arn:aws:kinesis:us-east-1:111122223333:stream/stream1"
]
}
]
}
To learn more about setting permissions for Amazon Kinesis, see Policies and Permissions in Amazon Kinesis.
Last modified 4mo ago