For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Request featuresContact support
DocsAPI ReferenceGraphQLIntegrationsDeveloper Tools
DocsAPI ReferenceGraphQLIntegrationsDeveloper Tools
    • Overview
  • Data Streamer
    • AWS S3 and Kinesis
  • OpenVPN
    • Linux
    • macOS
    • Windows
  • Webhooks
    • Jira Service Desk
    • Zendesk Support
LogoLogo
Request featuresContact support
On this page
  • S3 AWS configuration
  • Kinesis AWS configuration
Data Streamer

AWS (S3 and Kinesis) Data Streamer integration

Was this page helpful?

Last updated June 16, 2021

Previous

Integration guides

Next

Integrate OpenVPN on Linux

Built with

AWS integrations are securely configured by means of a trust relationship of the emnify Data Streamer role (arn:aws:iam::884047677700:role/datastreamer). The trust relationship can be added to new or existing roles.

The following JSON shows an example policy document that should be added in the trust relationship:

1{
2  "Version": "2012-10-17",
3  "Statement": [
4    {
5      "Sid": "",
6      "Effect": "Allow",
7      "Principal": {
8        "AWS": [
9          "arn:aws:iam::884047677700:role/datastreamer"
10        ]
11      },
12      "Action": "sts:AssumeRole",
13      "Condition": {
14        "ForAnyValue:StringEquals": {
15          "sts:ExternalId": [
16            "org-1234"
17          ]
18        }
19      }
20    }
21  ]
22}

The ExternalID must match with the emnify organization number, so for an organization with a numeric ID of 1234, this value shows org-1234. The numeric ID of an organization can be retrieved with a call to /organisation/my.

S3 AWS configuration

This section covers the steps necessary to create a new role with S3 write access.

1

In the AWS console, navigate to S3 and create a new bucket.

2

In IAM > Policies, click Create Policy to create a policy which allows PutObject permissions to the S3 bucket.

3

In IAM > Roles, click Create Role for the S3 use case and click Next: Permissions.

4

Attach the policy created in step 2 and click Next: Tags, then Create Role.

5

Edit the newly created role and click Trust Relationships > Edit Trust Relationships.

6

Copy the policy document JSON from the beginning of this guide with your organization ID in place to allow emnify’s Data Streamer role write access.

Bucket names should be DNS-compliant, see Bucket Naming Rules in the AWS documentation.

Kinesis AWS configuration

This section covers the steps necessary to create a new role with Kinesis write access.

1

In the AWS console, navigate to Kinesis and create a new stream.

2

In IAM > Policies click Create Policy, which allows PutRecord and PutRecords write permissions to the Kinesis stream.

3

In IAM > Roles, click Create Role for Kinesis Analytics and click Next: Permissions.

4

Attach the policy created in step 2 and click Next: Tags > Create Role.

5

Edit the newly created role and click Trust Relationships > Edit Trust Relationships.

6

Copy the policy document JSON from the beginning of this guide with your organization ID in place to allow emnify’s Data Streamer role write access.