DEV Community

ccc_stc
ccc_stc

Posted on

How to subscribe Kinesis Data Firehose to SNS in other account

This post gathers the steps how to subscribe Kinesis Data Firehose to SNS in other account via the AWS Console.

Glossary:
Kinesis Data Firehose - ETL service to deliver real-time streaming data to destinations such as S3, Redshift, OpenSearch Service, Splunk, Custom HTTP endpoints
SNS - Amazon Simple Notification Service, a notification service

Diagram of how SNS and Firehose connect

Step to subscribe

  1. Create SNS topic in Account A
  2. Setup the Access policy in SNS topic of Account A to allow Account B to subscribe (Make sure Access policy contains)
{
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam:<account_b_id>:root"
  },
  "Action": "SNS:Subscribe",
  "Resource": "arn:aws:sns:eu-west-1:<account_a_id>:<SNS-Topic-name>"
}
Enter fullscreen mode Exit fullscreen mode
  1. Create Kinesis Data Firehose in Account B
  2. Create IAM role which will be used for subscription in Account B
Permissions: AmazonSNSRole, AmazonKinesisFirehoseFullAccess, AmazonSNSFullAccess
Enter fullscreen mode Exit fullscreen mode
  1. In Account B, Go to SNS page > Subscriptions > Create subscription
    • Enter Topic ARN (Get this information SNS topic from Account A)
    • Select "Amazon Kinesis Data Firehose" as Protocal
    • Enter ARN of Delivery stream as Endpoint
    • Enter ARN of IAM role we created in step 4 as Subscription role ARN

How to test

  1. Go to SNS topic in Account A, Publish a test message
  2. Go to Kinesis Data Firehose in Account B, Find the S3 bucket and go the file that is recently created and click download
  3. In terminal, open the file or cat the file to check the content of the message. You should see the test message we send from SNS topic in Account A

Top comments (0)