Data Streamer

AWS (S3 and Kinesis) Data Streamer integration

AWS integrations are securely configured by means of a trust relationship of the emnify Data Streamer role (arn:aws:iam::884047677700:role/datastreamer). The trust relationship can be added to new or existing roles.

The following JSON shows an example policy document that should be added in the trust relationship:

1{
2  "Version": "2012-10-17",
3  "Statement": [
4    {
5      "Sid": "",
6      "Effect": "Allow",
7      "Principal": {
8        "AWS": [
9          "arn:aws:iam::884047677700:role/datastreamer"
10        ]
11      },
12      "Action": "sts:AssumeRole",
13      "Condition": {
14        "ForAnyValue:StringEquals": {
15          "sts:ExternalId": [
16            "org-1234"
17          ]
18        }
19      }
20    }
21  ]
22}

The ExternalID must match with the emnify organization number, so for an organization with a numeric ID of 1234, this value shows org-1234. The numeric ID of an organization can be retrieved with a call to /organisation/my.

S3 AWS configuration

This section covers the steps necessary to create a new role with S3 write access.

1

In the AWS console, navigate to S3 and create a new bucket.

2

In IAM > Policies, click Create Policy to create a policy which allows PutObject permissions to the S3 bucket.

3

In IAM > Roles, click Create Role for the S3 use case and click Next: Permissions.

4

Attach the policy created in step 2 and click Next: Tags, then Create Role.

5

Edit the newly created role and click Trust Relationships > Edit Trust Relationships.

6

Copy the policy document JSON from the beginning of this guide with your organization ID in place to allow emnify’s Data Streamer role write access.

Bucket names should be DNS-compliant, see Bucket Naming Rules in the AWS documentation.

Kinesis AWS configuration

This section covers the steps necessary to create a new role with Kinesis write access.

1

In the AWS console, navigate to Kinesis and create a new stream.

2

In IAM > Policies click Create Policy, which allows PutRecord and PutRecords write permissions to the Kinesis stream.

3

In IAM > Roles, click Create Role for Kinesis Analytics and click Next: Permissions.

4

Attach the policy created in step 2 and click Next: Tags > Create Role.

5

Edit the newly created role and click Trust Relationships > Edit Trust Relationships.

6

Copy the policy document JSON from the beginning of this guide with your organization ID in place to allow emnify’s Data Streamer role write access.