Scalable Data Streaming with Amazon Kinesis by Tarik Makota Brian Maguire Danny Gagne Rajeev Chakrabarti

Author:Tarik Makota, Brian Maguire, Danny Gagne, Rajeev Chakrabarti
Language: eng
Format: epub
Publisher: Packt Publishing Pvt Ltd
Published: 2021-03-30T00:00:00+00:00

Create an IAM policy and IAM role in Account B that provides permissions to read the S3 objects, and grant access to Account C to assume the role. This role is not for KDF to be able to deliver the objects but for consumers in Account C to be able to assume to read the objects in the S3 bucket delivered by KDF.

The following screenshot shows the setup as described:

Figure 5.8 – S3 cross-account delivery setup

An alternate mechanism to achieve the same outcome could be to run the KDF delivery stream in Account B and create an IAM role in Account B with permissions to access the KDF delivery stream, and grant Account A permissions to assume the role. Then, producers in Account A sending data to the KDF delivery stream in Account B would first need to assume the role before sending data to the KDF delivery stream. In this case, since Account B owns the delivered objects in S3, it can then use a bucket policy to provide permissions to Account C, which can then delegate permissions to identities (for consumers) in Account C.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.