使用lambda函数将数据发送到kinesis流(在不同的AWS账户中) [英] Sending data to kinesis stream (in different AWS account) using lambda function

问题描述

我有一个lambda函数，可以写入运动流.但是现在，我想写一个属于另一个AWS账户的运动流.假设我具有所有必需的跨帐户权限，如何将数据发送到此流?调用kinesis构造函数或putRecord函数时应如何更改参数?

I have a lambda function that writes to a kinesis stream. But now, I want to write to a kinesis stream which belongs to a different AWS account. Assuming I have all the necessary cross account permissions, how can I send data to this stream? How should I change the parameters when I call the kinesis constructor or the putRecord function?

推荐答案

上面的方法在技术上是可行的，但是硬编码凭据甚至将凭据配置为lambda对我来说似乎有点多余，因为lambda本身要求您具有职务.您需要做的是创建跨帐户信任并使用sts承担角色.

There is the method above which would technically work, however hardcoding creds or even configuring creds into a lambda seems a bit extraneous to me since lambdas themselves require that you have a role. What you need to do is create a cross account trust and assume role using sts.

在带有kinesis流的帐户中创建一个角色，并将其设置为信任您的lambda角色.

Create a role in the account with the kinesis stream, and set it to trust your lambda role.

为该角色提供一个允许其进入运动学流的策略.

Give that role a policy that allows it to put to the kinesis stream.

在您的lambda代码中，使用sts在具有kinesis流的帐户中创建一个会话并放置您的记录.

In your lambda code use sts to create a session in the account with the kinesis stream and put your record.

请注意，您的lambda需要一个允许其进入第二个帐户角色的策略.

Note your lambda will need a policy that allows it to sts into the second account's role.

此处访问您拥有的帐户

这篇关于使用lambda函数将数据发送到kinesis流(在不同的AWS账户中)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！