Documentation

Integrations / Connection guides / AWS Kinesis

AWS Kinesis

Amazon Kinesis is a fully managed platform for streaming data on Amazon Web Services. We can easily setup integrations to let your data (such as measurements) flow in and out of Kinesis.

We deprecated our support for static IAM credentials and recommend existing integrations to migrate to cross-account role-based access.
Goal

The goal is to set up an integration between a Amazon Kinesis and Blockbax.

Prerequisites
Steps to set up AWS policies and roles

Depending on whether you want to stream data from Amazon Kinesis to Blockbax or vice versa you need to set up the appropriate policies and role.

Amazon Kinesis to Blockbax policy

To allow Blockbax to read data from your Amazon Kinesis stream create the following AWS IAM policy called Blockbax-Read-Stream-Policy. Replace arn:aws:kinesis:eu-west-1:123456789012:stream/ExampleStream with the correct ARN (including the ID of your AWS account).

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ReadStream",
            "Effect": "Allow",
            "Action": [
                "kinesis:DescribeStream",
                "kinesis:GetRecords",
                "kinesis:GetShardIterator",
                "kinesis:ListShards"
            ],
            "Resource":
               "arn:aws:kinesis:eu-west-1:123456789012:stream/ExampleStream"
        }
    ]
}
Blockbax to Amazon Kinesis policy

To allow Blockbax to write data to your Amazon Kinesis stream create the following AWS IAM policy called Blockbax-Write-Stream-Policy. Replace arn:aws:kinesis:eu-west-1:123456789012:stream/ExampleStream with the correct ARN (including the ID of your AWS account).

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "WriteStream",
            "Effect": "Allow",
            "Action": [
                "kinesis:ListShards",
                "kinesis:DescribeStream",
                "kinesis:DescribeStreamSummary",
                "kinesis:ListTagsForStream",
                "kinesis:PutRecord",
                "kinesis:PutRecords"
            ],
            "Resource":
               "arn:aws:kinesis:eu-west-1:123456789012:stream/ExampleStream"
        }
    ]
}
Blockbax role
  1. In the IAM Management Console, choose Create Role.
  2. Choose Another AWS account as type of trusted entity.
  3. As Account ID fill in the ID provided by us.
  4. Make sure to Require external ID and enter your Blockbax project ID as external ID.
  5. Choose Next: Permissions.
  6. Add the Blockbax-Read-Stream-Policy and/or Blockbax-Write-Stream-Policy permissions policy you created in the previous step. Choose Next:Tags.
  7. Choose Next: Review.
  8. Name the role Blockbax-Role.

Once the role is in place please share the role’s ARN with our support and we can set up the inbound / outbound streaming connectors for you. Just contact us.