CODEWITHSUNDEEP
amazon-web-servicesaws-cloudformationamazon-iamamazon-kinesisresource-based-authorization
Kiran Pabbu
Kiran Pabbu

Reputation: 43

How to add Resource based policy to AWS kinesis stream using Cloudformation

I want to write to Kinesis from an external AWS account and I managed to do it by adding a resource based policy to kinesis stream. Is there a way to add a resource based policy to kinesis stream using Cloudformation? I know we have AWS::Lambda::Permission for lambda resource based policy. Trying to find something similar for kinesis.

I tried the type below but it says it is invalid type.

  MyKinesisStreamPolicy:
    Type: AWS::Kinesis::StreamPolicy
    Properties:
      StreamName: !Ref StreamName
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: StreamWriteStatementID
            Effect: Allow
            Principal:
              AWS:
                - !Ref SourceAccountNumber
                - !Sub 'arn:aws:iam::${SourceAccountNumber}:role/${SourceIAMRole}'
            Action:
              - 'kinesis:DescribeStreamSummary'
              - 'kinesis:ListShards'
              - 'kinesis:PutRecord'
              - 'kinesis:PutRecords'
            Resource: !GetAtt StreamName.Arn

Upvotes: -1

Views: 253

Answers (1)

Shawn
Shawn

Reputation: 9472

CloudFormation doesn't yet support that resource type (as of the time of this answer). See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Kinesis.html

So if you want to create a policy for a Kinesis stream via CloudFormation you would need to make a CustomResource and do it yourself via APIs. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html for info on that process.

Upvotes: 1

Related Questions