Your development team is planning on using the Kinesis Client Library (KCL) for its application.
They have started developing and access the streams using their IAM user Access Keys, but the library keeps on throwing errors of not being able to perform functions pertinent to the streams. Which of the following could be the underlying issue?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is CORRECT because If you are developing an application when using the Kinesis Client Library (KCL), your policy must include permissions for Amazon DynamoDB and Amazon CloudWatch.
The KCL uses DynamoDB to track state information for the application and CloudWatch to send KCL metrics to CloudWatch on your behalf.
Option B is incorrect because KCL does not require access to SQS for the IAM user policy.
Options C is incorrect because you need to provide access to the IAM user policy and not the access keys themselves for your application to use KCL.
Options D is incorrect because you need to provide access to the IAM user policy and not the access key policy for AWS CloudWatch.
Reference:
https://docs.aws.amazon.com/streams/latest/dev/controlling-access.htmlThe Kinesis Client Library (KCL) is a software library that enables developers to read and process data from Amazon Kinesis streams. The KCL uses Amazon Kinesis API actions to communicate with the Kinesis streams.
In this scenario, the development team is accessing the streams using their IAM user Access Keys, but the library is throwing errors, indicating that the access keys might not have the necessary permissions to perform the required actions.
Option A suggests that the policy applied to the users needs to have access to DynamoDB and CloudWatch. However, DynamoDB is not directly related to Kinesis streams, and although CloudWatch can be used to monitor Kinesis streams, it is not the underlying issue with the KCL errors. Therefore, option A is incorrect.
Option B suggests that the policy applied to the users needs to have access to SQS and CloudWatch. However, SQS (Simple Queue Service) is not related to Kinesis streams, and it is unlikely to resolve the KCL errors. Therefore, option B is also incorrect.
Option C suggests that the access keys themselves need to have access to AWS Kinesis. This is a correct suggestion, as the access keys are used to communicate with Kinesis streams, and without the necessary permissions, the KCL library will throw errors. Therefore, option C could be the underlying issue.
Option D suggests that the access keys need to have access to CloudWatch. Although CloudWatch can be used to monitor Kinesis streams, it is not the underlying issue with the KCL errors. Therefore, option D is incorrect.
In conclusion, the correct answer is option C: Ensure that the access keys have access to AWS Kinesis.