Open makssie opened 2 years ago
in your kinesis.properties file:
AWSCredentialsProvider = com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider|arn:aws:iam::XXXXXXXXXXXX:role/some-role-name|some-session-name
AWSCredentialsProviderDynamoDB = com.amazonaws.auth.DefaultAWSCredentialsProviderChain
AWSCredentialsProviderCloudWatch = com.amazonaws.auth.DefaultAWSCredentialsProviderChain
This setup allows me to read from a kinesis stream not in my aws account (assuming a role from an aws account i do not own) but read and write to dynamodb and cloudwatch in my own aws account.
You can tailor this example to your needs
The kinesis will be consumed by an user that hasn't dynamodb permissions.
So I need a way to create a dynamodb table in other aws account that has dynamodb permissions.
Is there a way to use two distincts credentials??