设置AWS Kinesis cloudformation模板
[英]Set AWS Kinesis cloudformation template
问题描述
I am new to AWS cloudformation and in need to create a Kinesis datastream, then write records to this stream using python code. 
我是AWS Cloudformation的新手,需要创建Kinesis数据流,然后使用python代码将记录写入此流。 I was able to create a data stream through cloudformation template but not able to set the permissions. 我能够通过cloudformation模板创建数据流,但无法设置权限。 How I will attache a permission to allow certain usergroup to write to this kinesis data stream using the python library? 我将如何附加权限以允许某些用户组使用python库写入此运动数据流?
My current template code is, 我当前的模板代码是
AWSTemplateFormatVersion: '2010-09-09'
Description: 'This template will create an AWS Kinesis DataStream'
Parameters:
CFNStreamName:
Description: This will be used to name the Kinesis DataStream
Type: String
Default: 'data-stream'
CFNRetensionHours:
Description: This will be used to set the retension hours
Type: Number
Default: 168
CFNShardCount:
Description: This will be used to set the shard count
Type: Number
Default: 2
Resources:
MongoCDCStream:
Type: AWS::Kinesis::Stream
Properties:
Name: !Ref CFNStreamName
RetentionPeriodHours: !Ref CFNRetensionHours
ShardCount: !Ref CFNShardCount
StreamEncryption:
EncryptionType: KMS
KeyId: alias/aws/kinesis
Outputs:
MongoCDCStream:
Value: !Ref MongoCDCStream
Export:
Name: !Sub ${AWS::StackName}-MongoCDCStream
1 个解决方案
解决方案1
1 已采纳 2019-05-28 07:56:48
You will want to pass in (through the cloudformation parameter) either the IAM Role or User that your Python code runs on. 您将要(通过cloudformation参数)传递运行Python代码的IAM角色或用户。
Inside the template, create an IAM Policy or ManagedPolicy that attaches to the IAM Role / User you passed in and assign the correct permission. 在模板内,创建一个IAM策略或ManagedPolicy,该策略或策略附加到您传入的IAM角色/用户上,并分配正确的权限。
AWSTemplateFormatVersion: '2010-09-09'
Description: 'This template will create an AWS Kinesis DataStream'
Parameters:
CFNStreamName:
Description: This will be used to name the Kinesis DataStream
Type: String
Default: 'data-stream'
CFNRetensionHours:
Description: This will be used to set the retension hours
Type: Number
Default: 168
CFNShardCount:
Description: This will be used to set the shard count
Type: Number
Default: 2
PythonCodeRole:
Type: String
# ^- Pass in role here.
Resources:
# Assign permission here.
PythonCodePlicyAssignmen:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
<assign needed permission here>
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "kinesis:*"
Resource: !Ref MongoCDCStream
# ^- here, use !Ref to tie in the correct resource id cleanly.
PolicyName: python-code-permission
Roles: [!Ref PythonCodeRole]
MongoCDCStream:
Type: AWS::Kinesis::Stream
Properties:
Name: !Ref CFNStreamName
RetentionPeriodHours: !Ref CFNRetensionHours
ShardCount: !Ref CFNShardCount
StreamEncryption:
EncryptionType: KMS
KeyId: alias/aws/kinesis
Outputs:
MongoCDCStream:
Value: !Ref MongoCDCStream
Export:
Name: !Sub ${AWS::StackName}-MongoCDCStream
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.