Subscribing the Firehose delivery stream to the Amazon SNS topic
This page describes how to create the following for the message archiving and analytics example use case:
-
The AWS Identity and Access Management (IAM) role that allows the Amazon SNS subscription to put records on the Amazon Data Firehose delivery stream
-
The Firehose delivery stream subscription to the SNS topic
To create the IAM role for the Amazon SNS subscription
-
Open the Roles page
of the IAM console. -
Choose Create role.
-
For Select type of trusted entity, choose AWS service.
-
For Choose a use case, choose SNS. Then choose Next: Permissions.
-
Choose Next: Tags.
-
Choose Next: Review.
-
On the Review page, for Role name, enter
ticketUploadStreamSubscriptionRole
. Then choose Create role. -
When the role is created, choose its name (ticketUploadStreamSubscriptionRole).
-
On the role's Summary page, choose Add inline policy.
-
On the Create policy page, choose the JSON tab, and then paste the following policy into the box:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch" ], "Resource": [ "arn:aws:firehose:us-east-1:123456789012:deliverystream/ticketUploadStream" ], "Effect": "Allow" } ] }
In this policy, replace the AWS account number (
123456789012
) with your own, and change the AWS Region (us-east-1
) accordingly. -
Choose Review policy.
-
On the Review policy page, for Name, enter
FirehoseSnsPolicy
. Then choose Create policy. -
On the role's Summary page, note the Role ARN for later.
For more information on creating IAM roles, see Creating a role to delegate permissions to an AWS service in the IAM User Guide.
To subscribe the Firehose delivery stream to the SNS topic
-
Open the Topics page
of the Amazon SNS console. -
On the Subscriptions, tab, choose Create subscription.
-
Under Details, for Protocol, choose Amazon Data Firehose.
-
For Endpoint, enter the Amazon Resource Name (ARN) of the ticketUploadStream delivery stream that you created earlier. For example, enter
arn:aws:firehose:us-east-1:123456789012:deliverystream/ticketUploadStream
. -
For Subscription role ARN, enter the ARN of the ticketUploadStreamSubscriptionRole IAM role that you created earlier. For example, enter
arn:aws:iam::123456789012:role/ticketUploadStreamSubscriptionRole
. -
Select the Enable raw message delivery check box.
-
Choose Create subscription.
You've created the IAM role and SNS topic subscription. To continue, see Testing and querying an Amazon SNS configuration for effective data management.