I configured Amazon Cognito Streams for my identity pool, but no data is being sent to my Amazon Kinesis stream. How do I configure an IAM role to allow Amazon Cognito Streams to send data to my Amazon Kinesis stream?

First, be sure that Amazon Cognito Streams is configured according to these instructions: Amazon Cognito Streams. In particular, make sure that Stream status is set to Enabled.

Next, be sure that an IAM role that has a trust relationship with your chosen Amazon Kinesis stream is associated with Amazon Cognito. The following example illustrates the permissions and syntax you might use:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "cognito-sync.amazonaws.com"
        },
            "Action": "sts:AssumeRole"
        }
    ]
}

Lastly, if you have an IAM role associated with your Amazon Cognito identity pool, but stream data is still not publishing successfully to your Amazon Kinesis stream, make sure that the IAM role associated with your Amazon Cognito identity pool has the necessary IAM permissions to publish data. The following is an example of the permissions and syntax of an IAM role that can interact with Amazon Kinesis:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kinesis:PutRecord"
            ],
            "Resource": [
                "arn:aws:kinesis:us-west-2:341474261430:stream/{my kinesis stream}"
            ]
        }
    ]
}

You might also use CloudWatch to monitor the IncomingRecords or PutRecord.Success metrics to be sure that your stream data is being received when you begin sync operations.

For information about designing IAM policies and roles that interact with Amazon Kinesis, along with example policies, see Controlling Access to Amazon Kinesis Streams Resources Using IAM.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-11-23

Updated: 2017-07-03