CODEWITHSUNDEEP
amazon-web-servicesaws-event-bridgeamazon-kinesis-firehoseamazon-connect
Kode Charlie
Kode Charlie

Reputation: 1489

For Amazon EventBridge rule, does default event bus need to be permissions to dispatch events to Kinesis Firehose?

Related query is here.

When I create a rule for Amazon EventBridge to subscribe to Contact Events from Amazon Connect, and then dispatch them to a Kinesis Firehose, the process of creating that rule in turn creates a new permissions policy, named something like Amazon_EventBridge_Invoke_Firehose_12345678. That policy looks like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "firehose:PutRecord",
                "firehose:PutRecordBatch"
            ],
            "Resource": [
                "arn:aws:firehose:us-west-2:1234567890:deliverystream/my-firehose"
            ]
        }
    ]
}

I presume this permissions policy is attached to the rule. But nowhere in the EventBridge dashboard can I see where this policy is used.

QUESTION: does said policy need to be attached to the EventBridge in some way? And does the default event bus need to be explicitly permissioned to dispatch events to Kinesis Firehose?

Upvotes: 0

Views: 739

Answers (1)

codeninja.sj
codeninja.sj

Reputation: 4129

If you use the AWS console, EventBridge will automatically configure the proper permissions for the selected targets. The IAM role created will be displayed in the Target section of the EventBridge rule.

enter image description here

Upvotes: 1

Related Questions