roleARN property

String roleARN
final

The ARN of the IAM role that the delivery stream uses to create endpoints in the destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can specify a new role. In either case, make sure that the role trusts the Kinesis Data Firehose service principal and that it grants the following permissions:

  • ec2:DescribeVpcs
  • ec2:DescribeVpcAttribute
  • ec2:DescribeSubnets
  • ec2:DescribeSecurityGroups
  • ec2:DescribeNetworkInterfaces
  • ec2:CreateNetworkInterface
  • ec2:CreateNetworkInterfacePermission
  • ec2:DeleteNetworkInterface
If you revoke these permissions after you create the delivery stream, Kinesis Data Firehose can't scale out by creating more ENIs when necessary. You might therefore see a degradation in performance.

Implementation

final String roleARN;