By using AWS re:Post, you agree to the Terms of Use
/Is it possible to ingest data using Kinesis Data streams without creating an IAM user?/

Is it possible to ingest data using Kinesis Data streams without creating an IAM user?


I was looking at ways in which we can ingest data using Kinesis data streams without creating an IAM user & generating access & security tokens. Possible alternatives I have found include:

  1. Let api gateway assume a role with correct permissions & use it to send data. I think this might be prohibitively expensive. Any insights?
  2. Generate temporary credentials using STS & send it to end user. Drawback would be needing to replace credentials every now and then.
  3. Maybe use anonymous users functionality in Cognito identity pool & allow access to Kinesis that way. Not sure if this is even viable.

Any insight would be very valuable. Thanks in advance!

2 Answers
  1. using IoT Core
    You can use IoT Core rules to work with Kinesis. In this case, you need a device certificate.

  2. use device certificate to get STS This also uses a device certificate, but you can get an STS token to access Kinesis directly.  

  3. use Lambda function URLs
    Lambda function URLs can be made without authentication, so it is possible to call Kinesis from Lambda. We do not know if it can withstand high loads or how much it will cost.

  4. Using AWS SigV4 Proxy No authentication information is required for the application, but authentication information is required for the Proxy.

Sorry, I couldn't come up with a good idea. 😥😥.

answered a month ago

Using AWS Lambda to process Kinesis Data Streams is a way to do this. You can specify the permissions in the IAM Role assigned to the Lambda function. See:

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions