search

awslabs / amazon-kinesis-client-nodejs

Amazon Kinesis Client Library for Node.js
Apache License 2.0
296 stars 204 forks source link

Is there a way to use other credentials for dynamoDB? #84

Open makssie opened 2 years ago

makssie commented 2 years ago

The kinesis will be consumed by an user that hasn't dynamodb permissions.

So I need a way to create a dynamodb table in other aws account that has dynamodb permissions.

Is there a way to use two distincts credentials??

gavinvangent commented 1 year ago

in your kinesis.properties file:

AWSCredentialsProvider = com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider|arn:aws:iam::XXXXXXXXXXXX:role/some-role-name|some-session-name
AWSCredentialsProviderDynamoDB = com.amazonaws.auth.DefaultAWSCredentialsProviderChain
AWSCredentialsProviderCloudWatch = com.amazonaws.auth.DefaultAWSCredentialsProviderChain

This setup allows me to read from a kinesis stream not in my aws account (assuming a role from an aws account i do not own) but read and write to dynamodb and cloudwatch in my own aws account.

You can tailor this example to your needs