abhishekagarwal87 commented on code in PR #12387: URL: https://github.com/apache/druid/pull/12387#discussion_r847956546
########## docs/development/extensions-core/kinesis-ingestion.md: ########## @@ -340,18 +340,63 @@ For Concise bitmaps: ## Operations -This section gives descriptions of how some supervisor APIs work specifically in Kinesis Indexing Service. -For all supervisor APIs, please check [Supervisor APIs](../../operations/api-reference.md#supervisors). +This section describes how some supervisor APIs work in Kinesis Indexing Service. +For all supervisor APIs, check [Supervisor APIs](../../operations/api-reference.md#supervisors). ### AWS Authentication -To authenticate with AWS, you must provide your AWS access key and AWS secret key via runtime.properties, for example: + +To authenticate with AWS, you must provide your AWS access key and AWS secret key via `runtime.properties`, for example: ``` -Ddruid.kinesis.accessKey=123 -Ddruid.kinesis.secretKey=456 ``` + The AWS access key ID and secret access key are used for Kinesis API requests. If this is not provided, the service will look for credentials set in environment variables, via [Web Identity Token](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html), in the default profile configuration file, and from the EC2 instance profile provider (in this order). +To ingest data from Kinesis, ensure that the policy attached to the IAM role contains the necessary permissions: Review Comment: @ektravel - can we re-write this as follows? To ingest data from Kinesis, ensure that the policy attached to the IAM role contains the necessary permissions: The permissions needed will depend on what value is `useListShards` set to. If that flag is set to true, you need following permissions * `ListStreams`: required for all resources * `Get*`: required for `GetShardIterator` * `GetRecords`: required for streams of interest * `ListShards` : required to get the shards for stream of interest **Example policy** ``` [ { "Effect": "Allow", "Action": ["kinesis:List*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["kinesis:Get*"], "Resource": [<ARN for shards to be ingested>] } ] ``` If that flag is set to false, you need the following permissions * `ListStreams`: required for all resources * `Get*`: required for `GetShardIterator` * `GetRecords`: required for streams of interest * `DescribeStream ` : required to get the shards for stream of interest **Example policy** ``` [ { "Effect": "Allow", "Action": ["kinesis:ListStreams"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["kinesis:DescribeStreams"], "Resource": ["*"] } { "Effect": "Allow", "Action": ["kinesis:Get*"], "Resource": [<ARN for shards to be ingested>] } ] ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
