Posted On: Nov 22, 2023

Amazon Kinesis Data Streams now supports resource-based policies, so you can process data ingested into a stream in one account with an AWS Lambda function in another account. Amazon Kinesis Data Streams is a serverless real-time data streaming service that can continuously capture gigabytes of data per second from hundreds of thousands of sources. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. Together with Kinesis Data Streams and Lambda, you can build a completely serverless data streaming pipeline.

With a resource policy, you can specify AWS accounts, IAM users, or IAM roles and the exact Kinesis Data Streams actions for which you want to grant access. Once you grant access, you can configure a Lambda function in another account to start processing the data stream belonging to your account. This reduces your cost and simplifies the data processing pipeline as you don’t have to copy streaming data across accounts for more teams to benefit from real-time data. Sharing access to your data streams or registered consumers does not incur an additional charge to your account. Cross-account usage of Kinesis Data Streams resources will continue to be billed to resource owners. 

To get started, go to the Kinesis Data Streams Console or use the new API PutResourcePolicy to attach a resource policy to your data stream or consumer. Attaching a resource-based policy is supported in all regions except AWS GovCloud (US) and AWS China regions. Learn more by reading the Amazon Kinesis Data Streams Developer Guide.