How-to create stream assume role in AWS customer account
Step 1: Click Create Role
Step 2: In order to give permission to our Bluzone AWS account to access the client AWS resources, select “Another AWS account” option and enter our Bluzone AWS account ID and click Next.
Note: Account ID can be taken from the Bluzone UI:
Step 3: Click on Attach policy button.
Step 4: Click on create policy.
Step 5: Select the Kinesis service and choose the following permissions PutRecord for the stream. Also specify the stream name in the resource section as below. Then Click review and create.
Step 6: Now we can able to see the below policy is attached to the role. Click next.
Click JSON tab to view the policy permissions in JSON format.
Json bucket policy template:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "kinesis:PutRecord",
"Resource": "<stream_arn>"
}
]
}Step 7: Add tags and click next
Step 8: Enter the Role name, description and click Create role.
Assume role created, now Bluzone can access the User/Client AWS account resources through the role ARN.