I configured Amazon Cognito Streams for my identity pool, but no data is being sent to my Amazon Kinesis stream. How do I configure an AWS Identity and Access Management (IAM) role to allow Amazon Cognito Streams to send data to my Amazon Kinesis stream?

Troubleshoot the issue by confirming the following:

  • Your Amazon Cognito stream is configured correctly, and that Stream status is set to Enabled.
  • An IAM role with a trust relationship with your Amazon Kinesis stream is associated with Amazon Cognito.
  • The IAM role associated with Amazon Cognito has permissions to publish data to your Amazon Kinesis stream.

1.    Be sure that your stream is configured correctly, and that Stream status is set to Enabled.

2.    Confirm that an IAM role that has a trust relationship with your chosen Amazon Kinesis stream is associated with Amazon Cognito. The following example illustrates the permissions and syntax you might use:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "cognito-sync.amazonaws.com"
        },
            "Action": "sts:AssumeRole"
        }
    ]
}

3.    Be sure that the IAM role associated with your Amazon Cognito identity pool has the necessary IAM permissions to publish data. The following is an example of the permissions and syntax of an IAM role that can interact with Kinesis:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kinesis:PutRecord"
            ],
            "Resource": [
                "arn:aws:kinesis:<REGION>:<ACCOUNTID>:stream/{my kinesis stream}"
            ]
        }
    ]
}

4.    (Optional) To monitor that stream data is being received when you begin sync operations, use CloudWatch to monitor the IncomingRecords or PutRecord.Success metrics.

For information about designing IAM policies and roles that interact with Kinesis, along with example policies, see Controlling Access to Amazon Kinesis Streams Resources Using IAM.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-11-23

Updated: 2018-08-29