top | item 29664868

(no title)

schlarpc | 4 years ago

Kinesis Firehose uses an IAM role to deliver data, so delivery within the same account does not necessarily depend on permissions on the bucket. Removing s3:* permissions from that IAM role or adding an explicit deny statement to the bucket policy would stop the flow of data.

https://docs.aws.amazon.com/firehose/latest/dev/controlling-...

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_p...

discuss

No comments yet.