Permission Policy Requirements for Kinesis Analytics
Question
Your team is developing an application that will be making use of Kinesis Analytics.
The Analytics application will be reading records from Kinesis data streams. Which of the following actions need to be part of the permission policy? (Select all that apply)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A, C and D.
Options A, C, and D are CORRECT because if you are creating an IAM role to allow Amazon Kinesis Data Analytics to read from an application's streaming source, you must grant permissions for relevant read actions.
Option B is incorrect because the data is being read from the stream and not put in the stream.
The permission of Kinesis: PutRecords is not needed over here.
Permissions Policy for Reading a Kinesis Stream.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ReadInputKinesis",
"Effect": "Allow",
"Action": [
"kinesis:DescribeStream",
"kinesis:GetShardIterator",
"kinesis:GetRecords"
],
"Resource": [
"arn:aws:kinesis:aws-region:aws-account-id:stream/inputStreamName"
]
}
]
}
Reference:
https://docs.aws.amazon.com/kinesisanalytics/latest/dev/iam-role.htmlKinesis Analytics is a managed service provided by AWS for analyzing streaming data. It allows you to process and analyze streaming data using standard SQL queries. Kinesis Analytics reads records from Kinesis data streams, which are scalable and durable real-time data streams that can continuously capture gigabytes of data per second.
To allow an application to read records from a Kinesis data stream using Kinesis Analytics, you need to include the necessary permissions in the permission policy associated with the role or user that the application uses to access AWS resources.
The following actions need to be part of the permission policy:
A. Kinesis:GetRecords: This action is required to read records from a Kinesis data stream using Kinesis Analytics. It allows the Kinesis Analytics application to get records from the stream.
B. Kinesis:PutRecords: This action is not required for Kinesis Analytics. It is used to put records into a Kinesis data stream.
C. Kinesis:DescribeStream: This action is not required for Kinesis Analytics. It is used to get information about a Kinesis data stream.
D. Kinesis:GetShardIterator: This action is not required for Kinesis Analytics. It is used to get a shard iterator for a given shard in a Kinesis data stream.
Therefore, the correct answers are A. Kinesis:GetRecords.
