Syntax Properties Return values Examples

AWS::Kinesis::ResourcePolicy

Attaches a resource-based policy to a data stream or registered consumer. If you are using an identity other than the root user of the AWS account that owns the resource, the calling identity must have the PutResourcePolicy permissions on the specified Kinesis Data Streams resource and belong to the owner's account in order to use this operation. If you don't have PutResourcePolicy permissions, Amazon Kinesis Data Streams returns a 403 Access Denied error. If you receive a ResourceNotFoundException, check to see if you passed a valid stream or consumer resource.

Request patterns can be one of the following:

Data stream pattern: arn:aws.*:kinesis:.*:\d{12}:.*stream/\S+
Consumer pattern: ^(arn):aws.*:kinesis:.*:\d{12}:.*stream\/[a-zA-Z0-9_.-]+\/consumer\/[a-zA-Z0-9_.-]+:[0-9]+

For more information, see Controlling Access to Amazon Kinesis Data Streams Resources Using IAM.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::Kinesis::ResourcePolicy",
  "Properties" : {
      "ResourceArn" : String,
      "ResourcePolicy" : Json
    }
}

YAML


Type: AWS::Kinesis::ResourcePolicy
Properties:
  ResourceArn: String
  ResourcePolicy: Json

Properties

ResourceArn

This is the name for the resource policy.

Required: Yes

Type: String

Pattern: arn:aws.*:kinesis:.*:\d{12}:stream/\S+

Minimum: 1

Maximum: 2048

Update requires: Replacement

ResourcePolicy

This is the description for the resource policy.

Required: Yes

Type: Json

Update requires: No interruption

Return values

Ref

Examples

Resource policy that gives write access to a specific data stream

This policy allows Account12345 to perform the DescribeStreamSummary, ListShards, PutRecord, and PutRecords operations on the specified stream datastreamABC.

JSON


{
    "SampleBucketPolicy": {
        "Type": "AWS::Kinesis::ResourcePolicy",
        "Properties": {
            "ResourceArn": "arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC",
            "ResourcePolicy": {
                "Version": "2012-10-17",
                "Id": "__default_write_policy_ID",
                "Statement": [{
                    "Sid": "writestatement",
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "arn:aws:iam::123456789012:root"
                    },
                    "Action": [
                        "kinesis:DescribeStreamSummary",
                        "kinesis:ListShards",
                        "kinesis:PutRecord",
                        "kinesis:PutRecords"
                    ],
                    "Resource": "arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC"
                }]
           }
       }
   }     
}

YAML


SampleResourcePolicy:
  Type: AWS::Kinesis::ResourcePolicy
  Properties:
    ResourceArn: arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC
    ResourcePolicy:
      Version: 2012-10-17
      Statement:
        - Action:
            - 'kinesis:DescribeStreamSummary'
            - 'kinesis:ListShards'
            - 'kinesis:PutRecord'
            - 'kinesis:PutRecords'
          Effect: Allow
          Resource: 
            - 'arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC'
          Principal: 
            AWS: 'arn:aws:iam::123456789012:root'

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Amazon Kinesis

AWS::Kinesis::Stream