堆栈内存溢出
  繁体   English   中英

设置AWS Kinesis cloudformation模板

[英]Set AWS Kinesis cloudformation template

 原文  2019-04-23 06:23:37       amazon-web-services/ amazon-cloudformation/ amazon-kinesis

问题描述

我是AWS Cloudformation的新手,需要创建Kinesis数据流,然后使用python代码将记录写入此流。 我能够通过cloudformation模板创建数据流,但无法设置权限。 我将如何附加权限以允许某些用户组使用python库写入此运动数据流?

我当前的模板代码是 

AWSTemplateFormatVersion: '2010-09-09'
Description: 'This template will create an AWS Kinesis DataStream'

Parameters:

CFNStreamName:
    Description: This will be used to name the Kinesis DataStream
    Type: String
    Default: 'data-stream'

CFNRetensionHours:
    Description: This will be used to set the retension hours
    Type: Number
    Default: 168

CFNShardCount:
    Description: This will be used to set the shard count
    Type: Number
    Default: 2

Resources:
    MongoCDCStream:
Type: AWS::Kinesis::Stream
Properties:
  Name: !Ref CFNStreamName
  RetentionPeriodHours: !Ref CFNRetensionHours
  ShardCount: !Ref CFNShardCount
  StreamEncryption:
      EncryptionType: KMS
      KeyId: alias/aws/kinesis
Outputs:
    MongoCDCStream:
    Value: !Ref MongoCDCStream
    Export:
        Name: !Sub ${AWS::StackName}-MongoCDCStream

1 个解决方案

解决方案1
 1 已采纳  2019-05-28 07:56:48

您将要(通过cloudformation参数)传递运行Python代码的IAM角色或用户。

在模板内,创建一个IAM策略或ManagedPolicy,该策略或策略附加到您传入的IAM角色/用户上,并分配正确的权限。 

AWSTemplateFormatVersion: '2010-09-09'
Description: 'This template will create an AWS Kinesis DataStream'

Parameters:

CFNStreamName:
    Description: This will be used to name the Kinesis DataStream
    Type: String
    Default: 'data-stream'

CFNRetensionHours:
    Description: This will be used to set the retension hours
    Type: Number
    Default: 168

CFNShardCount:
    Description: This will be used to set the shard count
    Type: Number
    Default: 2

PythonCodeRole:
    Type: String
# ^- Pass in role here.

Resources:
    # Assign permission here.
    PythonCodePlicyAssignmen:
        Type: AWS::IAM::Policy
        Properties: 
            PolicyDocument: 
                <assign needed permission here>
                Version: "2012-10-17"
                Statement:
                  - Effect: "Allow"
                    Action:
                      - "kinesis:*"
                    Resource: !Ref MongoCDCStream
                    # ^- here, use !Ref to tie in the correct resource id cleanly.
            PolicyName: python-code-permission
            Roles: [!Ref PythonCodeRole]

    MongoCDCStream:
        Type: AWS::Kinesis::Stream
        Properties:
            Name: !Ref CFNStreamName
            RetentionPeriodHours: !Ref CFNRetensionHours
            ShardCount: !Ref CFNShardCount
            StreamEncryption:
              EncryptionType: KMS
              KeyId: alias/aws/kinesis
Outputs:
    MongoCDCStream:
    Value: !Ref MongoCDCStream
    Export:
        Name: !Sub ${AWS::StackName}-MongoCDCStream

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有 Kinesis 事件使用者的 AWS CloudFormation 模板 如何在CloudFormation中将目标设置为Lambda以进行AWS Kinesis数据分析 AWS CloudFormation模板 AWS Cloudformation模板存储 AWS 上的 CloudFormation 模板错误 AWS刷新CloudFormation模板 AWS Cloudformation模板 - 在S3存储桶中设置区域 如何在 AWS CodeBuild cloudformation 模板中设置分支过滤器选项? 如何在 Cloudformation 模板上为 AWS EC2 实例设置 MemorySize? 使用AWS Lambda / CloudFormation在AWS Kinesis Firehose中转换数据
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM