AWS Firehose (IAM)

aws analytics

Amazon Kinesis Data Firehose is a fully managed service for delivering real-time streaming data to destinations such as Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk.

Common permissions

firehose:PutRecordfirehose:PutRecordBatchfirehose:ListDeliveryStreamsfirehose:DescribeDeliveryStreamfirehose:TagDeliveryStreamfirehose:ListTagsForDeliveryStream

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "firehose:PutRecord",
        "firehose:PutRecordBatch",
        "firehose:ListDeliveryStreams",
        "firehose:DescribeDeliveryStream",
        "firehose:TagDeliveryStream",
        "firehose:ListTagsForDeliveryStream"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid firehose:* — grants full control including stream deletion and destination updates.
Avoid firehose:DeleteDeliveryStream — can permanently remove a delivery stream and stop data delivery.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/firehose/firehose.json ↗

API

full doc /v1/iam/firehose