Arun Vasu
Reputation: 367
Set AWS Kinesis cloudformation template
I am new to AWS cloudformation and in need to create a Kinesis datastream, then write records to this stream using python code. I was able to create a data stream through cloudformation template but not able to set the permissions. How I will attache a permission to allow certain usergroup to write to this kinesis data stream using the python library?
My current template code is,
AWSTemplateFormatVersion: '2010-09-09'
Description: 'This template will create an AWS Kinesis DataStream'
Parameters:
CFNStreamName:
Description: This will be used to name the Kinesis DataStream
Type: String
Default: 'data-stream'
CFNRetensionHours:
Description: This will be used to set the retension hours
Type: Number
Default: 168
CFNShardCount:
Description: This will be used to set the shard count
Type: Number
Default: 2
Resources:
MongoCDCStream:
Type: AWS::Kinesis::Stream
Properties:
Name: !Ref CFNStreamName
RetentionPeriodHours: !Ref CFNRetensionHours
ShardCount: !Ref CFNShardCount
StreamEncryption:
EncryptionType: KMS
KeyId: alias/aws/kinesis
Outputs:
MongoCDCStream:
Value: !Ref MongoCDCStream
Export:
Name: !Sub ${AWS::StackName}-MongoCDCStream
Upvotes: 0
Views: 2557
Answers (1)
Sleeper Smith
Reputation: 3242
You will want to pass in (through the cloudformation parameter) either the IAM Role or User that your Python code runs on.
Inside the template, create an IAM Policy or ManagedPolicy that attaches to the IAM Role / User you passed in and assign the correct permission.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'This template will create an AWS Kinesis DataStream'
Parameters:
CFNStreamName:
Description: This will be used to name the Kinesis DataStream
Type: String
Default: 'data-stream'
CFNRetensionHours:
Description: This will be used to set the retension hours
Type: Number
Default: 168
CFNShardCount:
Description: This will be used to set the shard count
Type: Number
Default: 2
PythonCodeRole:
Type: String
# ^- Pass in role here.
Resources:
# Assign permission here.
PythonCodePlicyAssignmen:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
<assign needed permission here>
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "kinesis:*"
Resource: !Ref MongoCDCStream
# ^- here, use !Ref to tie in the correct resource id cleanly.
PolicyName: python-code-permission
Roles: [!Ref PythonCodeRole]
MongoCDCStream:
Type: AWS::Kinesis::Stream
Properties:
Name: !Ref CFNStreamName
RetentionPeriodHours: !Ref CFNRetensionHours
ShardCount: !Ref CFNShardCount
StreamEncryption:
EncryptionType: KMS
KeyId: alias/aws/kinesis
Outputs:
MongoCDCStream:
Value: !Ref MongoCDCStream
Export:
Name: !Sub ${AWS::StackName}-MongoCDCStream
Upvotes: 1
Related Questions
- AWS Cloudformation template storage
- Is it possible to create a Cloudfromation template to deploy to AWS EKS?
- aws cloudformation template sns sqs
- AWS select the CloudFormer template
- AWS CloudFormation template
- Adding a Lambda function into Kinesis Firehose via Cloudformation Template
- AWS CloudFormation EC2 Template getting failed
- What parameter is missing for AWS CloudFormation template?
- CloudFormation template to bring up EC2 instance
- Aws cloud formation template: how to provide StreamName for Kinesis resource?