Is it possible to ingest data using Kinesis Data streams without creating an IAM user?

Question

I was looking at ways in which we can ingest data using Kinesis data streams without creating an IAM user & generating access & security tokens. 
Possible alternatives I have found include:

1. Let api gateway assume a role with correct permissions & use it to send data. I think this might be prohibitively expensive. Any insights?
2.  Generate temporary credentials using STS & send it to end user. Drawback would be needing to replace credentials every now and then.
3.  Maybe use anonymous users functionality in Cognito identity pool & allow access to Kinesis that way. Not sure if this is even viable.

Any insight would be very valuable. Thanks in advance!

Answer

Using AWS Lambda to process Kinesis Data Streams is a way to do this. You can specify the permissions in the IAM Role assigned to the Lambda function. See: https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html

Answer

1. using IoT Core  
    You can use IoT Core rules to work with Kinesis. In this case, you need a device certificate.  
    https://docs.aws.amazon.com/iot/latest/developerguide/kinesis-rule-action.html

1. use device certificate to get STS  
    https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html
    This also uses a device certificate, but you can get an STS token to access Kinesis directly.

1. use Lambda function URLs  
    https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html  
    Lambda function URLs can be made without authentication, so it is possible to call Kinesis from Lambda. We do not know if it can withstand high loads or how much it will cost.

1. Using AWS SigV4 Proxy    
    https://github.com/awslabs/aws-sigv4-proxy
    No authentication information is required for the application, but authentication information is required for the Proxy.

Sorry, I couldn't come up with a good idea. 😥😥.

Is it possible to ingest data using Kinesis Data streams without creating an IAM user?

相關內容