A Step-by-Step Guide to Establishing Role-based Access for Seamless Data Flow from Amazon Simple Email Service (SES) to Amazon Kinesis Data Firehose
Navigate to the Identity and Access Management (IAM) server, select "Roles," and proceed to create a new role.
Choose "AWS Service" as the service type, then select the Kinesis service. Specify the Kinesis use case for the chosen service and proceed by clicking the "Next" button.
Scroll down once more and proceed by clicking the "Next" button.
Next, grant the necessary permissions to the created role and provide a descriptive explanation for the permissions.
Scroll down and click on the "Create Role" button.
The role has been successfully created. Locate the role by conducting a search and then select the specific role you've just created.
Proceed to the "Permission Boundary" section and click on it. In the permissions policies, click on "Add Permissions," then opt for "Create Inline Policy."
Now, in the policy editor, remove any existing JSON script and replace it with the provided script.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Resource": "arn:aws:firehose:*:YOUR_ACC_ID:deliverystream/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "arn:aws:iam::YOUR_ACC_ID:role/*"
}
]
}
Insert your AWS account ID as indicated.
After completing the previous step, proceed by clicking on "Next." Enter the desired policy name, and finalize the process by clicking on "Create Policy."
Upon successful creation of the policy, copy the ARN (Amazon Resource Name) credentials associated with the policy.
After copying the credentials, navigate to your Admin Dashboard, then access the "Settings" menu and proceed to "Custom Email Domain."
Paste the copied ARN value into the Role ARN(Ses To Firehose) placeholder and save the changes by clicking on the "Save" button.
To create a Trust Policy for the role, navigate to "Roles" in your Identity and Access Management (IAM). Search for the role that was created earlier in this article and select it.
Choose "Trust relationships" and proceed by clicking on "Edit trust policy."
Copy the JSON script provided in the below code block
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ses.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Paste it into the policy editor window, and then click on "Update Policy" to save the changes.