Posted On: Jan 31, 2024

Amazon Kinesis Data Streams now supports resource-based policies, so you can process data ingested into a stream in one account with an Amazon Lambda function in another account. Amazon Kinesis Data Streams is a serverless real-time data streaming service that can continuously capture gigabytes of data per second from hundreds of thousands of sources. Amazon Lambda is a serverless compute service that lets you run code without provisioning or managing servers. Together with Kinesis Data Streams and Lambda, you can build a completely serverless data streaming pipeline.

With a resource policy, you can specify Amazon Web Services accounts, IAM users, or IAM roles and the exact Kinesis Data Streams actions for which you want to grant access. Once you grant access, you can configure a Lambda function in another account to start processing the data stream belonging to your account. This reduces your cost and simplifies the data processing pipeline as you don’t have to copy streaming data across accounts for more teams to benefit from real-time data. Sharing access to your data streams or registered consumers does not incur an additional charge to your account. Cross-account usage of Kinesis Data Streams resources will continue to be billed to resource owners. 

To get started, go to the Kinesis Data Streams Console or use the new API PutResourcePolicy to attach a resource policy to your data stream or consumer. Attaching a resource-based policy is supported in both Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. Learn more by reading the Amazon Kinesis Data Streams Developer Guide.