This post gathers the steps how to subscribe Kinesis Data Firehose to SNS in other account via the AWS Console.
Glossary:
Kinesis Data Firehose - ETL service to deliver real-time streaming data to destinations such as S3, Redshift, OpenSearch Service, Splunk, Custom HTTP endpoints
SNS - Amazon Simple Notification Service, a notification service
Step to subscribe
- Create SNS topic in Account A
- Setup the Access policy in SNS topic of Account A to allow Account B to subscribe (Make sure Access policy contains)
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:<account_b_id>:root"
},
"Action": "SNS:Subscribe",
"Resource": "arn:aws:sns:eu-west-1:<account_a_id>:<SNS-Topic-name>"
}
- Create Kinesis Data Firehose in Account B
- Create IAM role which will be used for subscription in Account B
Permissions: AmazonSNSRole, AmazonKinesisFirehoseFullAccess, AmazonSNSFullAccess
- In Account B, Go to SNS page > Subscriptions > Create subscription
- Enter Topic ARN (Get this information SNS topic from Account A)
- Select "Amazon Kinesis Data Firehose" as Protocal
- Enter ARN of Delivery stream as Endpoint
- Enter ARN of IAM role we created in step 4 as Subscription role ARN
How to test
- Go to SNS topic in Account A, Publish a test message
- Go to Kinesis Data Firehose in Account B, Find the S3 bucket and go the file that is recently created and click download
- In terminal, open the file or cat the file to check the content of the message. You should see the test message we send from SNS topic in Account A
Top comments (0)