Skip to content

Commit f4453c7

Browse files
humanzzhumanzz
authored
feat(kinesis): support stream consumers (#32087)
### Issue # (if applicable) Closes #32050 ### Reason for this change Support Enhanced fan-out consumers via `AWS::Kinesis::StreamConsumer` and facilitate cross-account stream consumption via Lambda ### Description of changes - introduce `StreamConsumer` construct to model `AWS::Kinesis::StreamConsumer` - introduce `addToResourcePolicy` to enable creating/configuring a resource policy for the consumer - introduce `grant` and `grantRead` for granting permissions - leverage `iam.Grant.addToPrincipalOrResource` in `grant` to be able to use `grant` methods cross environments to update the grantee's iam policy and the consumer's resource policy as needed - update `ResourcePolicy` to support both `Stream` and `StreamConsumer` - update `Stream`'s `grant` to leverage `iam.Grant.addToPrincipalOrResource` for cross-environment support - introduce `KinesisConsumerEventSource` to `lambda-event-sources` for use with the newly introduced `StreamConsumer` #### Useful links - https://docs.aws.amazon.com/streams/latest/dev/enhanced-consumers.html - https://aws.amazon.com/blogs/big-data/invoke-aws-lambda-functions-from-cross-account-amazon-kinesis-data-streams/ ### Description of how you validated changes unit and integration tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 8eeb8e4 commit f4453c7

File tree

46 files changed

+4163
-47
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+4163
-47
lines changed

Diff for: packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.cross-account-stream-consumption.js.snapshot/CrossAccountStack.assets.json

+20
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.cross-account-stream-consumption.js.snapshot/CrossAccountStack.template.json

+123
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,123 @@
1+
{
2+
"Resources": {
3+
"CrossAccountRoleFACE29D1": {
4+
"Type": "AWS::IAM::Role",
5+
"Properties": {
6+
"AssumeRolePolicyDocument": {
7+
"Statement": [
8+
{
9+
"Action": "sts:AssumeRole",
10+
"Effect": "Allow",
11+
"Principal": {
12+
"AWS": {
13+
"Fn::Join": [
14+
"",
15+
[
16+
"arn:",
17+
{
18+
"Ref": "AWS::Partition"
19+
},
20+
":iam::234567890123:root"
21+
]
22+
]
23+
}
24+
}
25+
}
26+
],
27+
"Version": "2012-10-17"
28+
},
29+
"RoleName": "stream-cross-account-consumer-role"
30+
}
31+
},
32+
"CrossAccountRoleDefaultPolicy212A317F": {
33+
"Type": "AWS::IAM::Policy",
34+
"Properties": {
35+
"PolicyDocument": {
36+
"Statement": [
37+
{
38+
"Action": [
39+
"kinesis:DescribeStream",
40+
"kinesis:DescribeStreamConsumer",
41+
"kinesis:DescribeStreamSummary",
42+
"kinesis:GetRecords",
43+
"kinesis:GetShardIterator",
44+
"kinesis:ListShards",
45+
"kinesis:ListStreams",
46+
"kinesis:PutRecord",
47+
"kinesis:PutRecords",
48+
"kinesis:SubscribeToShard"
49+
],
50+
"Effect": "Allow",
51+
"Resource": {
52+
"Fn::Join": [
53+
"",
54+
[
55+
"arn:",
56+
{
57+
"Ref": "AWS::Partition"
58+
},
59+
":kinesis:test-region:12345678:stream/test-stream"
60+
]
61+
]
62+
}
63+
},
64+
{
65+
"Action": [
66+
"kinesis:DescribeStreamConsumer",
67+
"kinesis:SubscribeToShard"
68+
],
69+
"Effect": "Allow",
70+
"Resource": {
71+
"Fn::Join": [
72+
"",
73+
[
74+
"arn:",
75+
{
76+
"Ref": "AWS::Partition"
77+
},
78+
":kinesis:test-region:12345678:stream/test-stream/consumer/test-stream-consumer:*"
79+
]
80+
]
81+
}
82+
}
83+
],
84+
"Version": "2012-10-17"
85+
},
86+
"PolicyName": "CrossAccountRoleDefaultPolicy212A317F",
87+
"Roles": [
88+
{
89+
"Ref": "CrossAccountRoleFACE29D1"
90+
}
91+
]
92+
}
93+
}
94+
},
95+
"Parameters": {
96+
"BootstrapVersion": {
97+
"Type": "AWS::SSM::Parameter::Value<String>",
98+
"Default": "/cdk-bootstrap/hnb659fds/version",
99+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
100+
}
101+
},
102+
"Rules": {
103+
"CheckBootstrapVersion": {
104+
"Assertions": [
105+
{
106+
"Assert": {
107+
"Fn::Not": [
108+
{
109+
"Fn::Contains": [
110+
["1", "2", "3", "4", "5"],
111+
{
112+
"Ref": "BootstrapVersion"
113+
}
114+
]
115+
}
116+
]
117+
},
118+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
119+
}
120+
]
121+
}
122+
}
123+
}

Diff for: packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.cross-account-stream-consumption.js.snapshot/CrossAccountStreamConsumptionDefaultTestDeployAssert5C2F0A19.assets.json

+19
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.cross-account-stream-consumption.js.snapshot/CrossAccountStreamConsumptionDefaultTestDeployAssert5C2F0A19.template.json

+36
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: packages/@aws-cdk-testing/framework-integ/test/aws-kinesis/test/integ.cross-account-stream-consumption.js.snapshot/StreamResourcesStack.assets.json

+20
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)