This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::Kinesis::ResourcePolicy
Attaches a resource-based policy to a data stream or registered consumer. If you are using an identity other than the root user of 
            the AWS account that owns the resource, the calling identity must have the PutResourcePolicy permissions on the 
            specified Kinesis Data Streams resource and belong to the owner's account in order to use this operation.
            If you don't have PutResourcePolicy permissions, Amazon Kinesis Data Streams returns a 403 Access Denied error. 
            If you receive a ResourceNotFoundException, check to see if you passed a valid stream or consumer resource.
        
Request patterns can be one of the following:
- 
                    Data stream pattern: arn:aws.*:kinesis:.*:\d{12}:.*stream/\S+
- 
                    Consumer pattern: ^(arn):aws.*:kinesis:.*:\d{12}:.*stream\/[a-zA-Z0-9_.-]+\/consumer\/[a-zA-Z0-9_.-]+:[0-9]+
For more information, see Controlling Access to Amazon Kinesis Data Streams Resources Using IAM.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Kinesis::ResourcePolicy", "Properties" : { "ResourceArn" :String, "ResourcePolicy" :Json} }
YAML
Type: AWS::Kinesis::ResourcePolicy Properties: ResourceArn:StringResourcePolicy:Json
Properties
- ResourceArn
- 
                    Returns the Amazon Resource Name (ARN) of the resource-based policy. Required: Yes Type: String Pattern: arn:aws.*:kinesis:.*:\d{12}:stream/\S+Minimum: 1Maximum: 2048Update requires: Replacement 
- ResourcePolicy
- 
                    This is the description for the resource policy. Required: Yes Type: Json Update requires: No interruption 
Return values
Ref
Examples
Resource policy that gives write access to a specific data stream
This policy allows Account12345 to perform the DescribeStreamSummary,
                        ListShards, PutRecord, and PutRecords
                    operations on the specified stream datastreamABC.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Kinesis Data Streams resource policy example", "Resources": { "SampleStreamPolicy": { "Type": "AWS::Kinesis::ResourcePolicy", "Properties": { "ResourceArn": "arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC", "ResourcePolicy": { "Version": "2012-10-17", "Statement": [ { "Sid": "WriteStatement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:root" }, "Action": [ "kinesis:DescribeStreamSummary", "kinesis:ListShards", "kinesis:PutRecord", "kinesis:PutRecords" ], "Resource": "arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC" } ] } } } } }
YAML
SampleResourcePolicy: Type: AWS::Kinesis::ResourcePolicy Properties: ResourceArn: arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC ResourcePolicy: Version: 2012-10-17 Statement: - Action: - 'kinesis:DescribeStreamSummary' - 'kinesis:ListShards' - 'kinesis:PutRecord' - 'kinesis:PutRecords' Effect: Allow Resource: - 'arn:aws:kinesis:us-east-2:123456789012:stream/datastreamABC' Principal: AWS: 'arn:aws:iam::123456789012:root'