Custom Email Domain
      Back to home
      1. Support Center
      2. School Settings
      3. Custom Email Domain

      Creating a Role ARN for Amazon SES to Amazon Kinesis Data Firehose Integration

      A Step-by-Step Guide to Establishing Role-based Access for Seamless Data Flow from Amazon Simple Email Service (SES) to Amazon Kinesis Data Firehose


      Navigate to the Identity and Access Management (IAM) server, select "Roles," and proceed to create a new role.

      Role ARN 1


      Choose "AWS Service" as the service type, then select the Kinesis service. Specify the Kinesis use case for the chosen service and proceed by clicking the "Next" button.

      Role ARN 2

      Scroll down once more and proceed by clicking the "Next" button.

      Role ARN 3


      Next, grant the necessary permissions to the created role and provide a descriptive explanation for the permissions.

      Role ARN 4

      Scroll down and click on the "Create Role" button.

      Role ARN 5


      The role has been successfully created. Locate the role by conducting a search and then select the specific role you've just created.

      Role ARN 6


      Proceed to the "Permission Boundary" section and click on it. In the permissions policies, click on "Add Permissions," then opt for "Create Inline Policy."

      Role ARN 7


      Now, in the policy editor, remove any existing JSON script and replace it with the provided script.

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "VisualEditor0",
                  "Effect": "Allow",
                  "Action": [
                      "firehose:PutRecord",
                      "firehose:PutRecordBatch"
                  ],
                  "Resource": "arn:aws:firehose:*:YOUR_ACC_ID:deliverystream/*"
              },
              {
                  "Sid": "VisualEditor1",
                  "Effect": "Allow",
                  "Action": "iam:PassRole",
                  "Resource": "arn:aws:iam::YOUR_ACC_ID:role/*"
              }
          ]
      }

       

      Insert your AWS account ID as indicated.

      Role ARN 7


      After completing the previous step, proceed by clicking on "Next." Enter the desired policy name, and finalize the process by clicking on "Create Policy."

      Role ARN 8


      Upon successful creation of the policy, copy the ARN (Amazon Resource Name) credentials associated with the policy.

      Role ARN 9


      After copying the credentials, navigate to your Admin Dashboard, then access the "Settings" menu and proceed to "Custom Email Domain."

      Role ARN 10


      Paste the copied ARN value into the Role ARN(Ses To Firehose) placeholder and save the changes by clicking on the "Save" button.

      Role ARN 11


      To create a Trust Policy for the role, navigate to "Roles" in your Identity and Access Management (IAM). Search for the role that was created earlier in this article and select it.

      Role ARN 12

      Choose "Trust relationships" and proceed by clicking on "Edit trust policy."

      Role ARN 13

       

      Copy the JSON script provided in the below code block

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Principal": {
                      "Service": "ses.amazonaws.com"
                  },
                  "Action": "sts:AssumeRole"
              }
          ]
      }

       

      Paste it into the policy editor window, and then click on "Update Policy" to save the changes.

      Role ARN 15