Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@aws-cdk/aws-kinesis
Advanced tools
Amazon Kinesis provides collection and processing of large streams of data records in real time. Kinesis data streams can be used for rapid and continuous data intake and aggregation.
Amazon Kinesis Data Streams ingests a large amount of data in real time, durably stores the data, and makes the data available for consumption.
Using the CDK, a new Kinesis stream can be created as part of the stack using the construct's constructor. You may specify the streamName
to give
your own identifier to the stream. If not, CloudFormation will generate a name.
new Stream(this, "MyFirstStream", {
streamName: "my-awesome-stream"
});
You can also specify properties such as shardCount
to indicate how many shards the stream should choose and a retentionPeriod
to specify how long the data in the shards should remain accessible.
Read more at Creating and Managing Streams
new Stream(this, "MyFirstStream", {
streamName: "my-awesome-stream",
shardCount: 3,
retentionPeriod: Duration.hours(48)
});
Stream encryption enables server-side encryption using an AWS KMS key for a specified stream.
Encryption is enabled by default on your stream with the master key owned by Kinesis Data Streams in regions where it is supported.
new Stream(this, 'MyEncryptedStream');
You can enable encryption on your stream with a user-managed key by specifying the encryption
property.
A KMS key will be created for you and associated with the stream.
new Stream(this, "MyEncryptedStream", {
encryption: StreamEncryption.KMS
});
You can also supply your own external KMS key to use for stream encryption by specifying the encryptionKey
property.
import * as kms from "@aws-cdk/aws-kms";
const key = new kms.Key(this, "MyKey");
new Stream(this, "MyEncryptedStream", {
encryption: StreamEncryption.KMS,
encryptionKey: key
});
Any Kinesis stream that has been created outside the stack can be imported into your CDK app.
Streams can be imported by their ARN via the Stream.fromStreamArn()
API
const stack = new Stack(app, "MyStack");
const importedStream = Stream.fromStreamArn(
stack,
"ImportedStream",
"arn:aws:kinesis:us-east-2:123456789012:stream/f3j09j2230j"
);
Encrypted Streams can also be imported by their attributes via the Stream.fromStreamAttributes()
API
import { Key } from "@aws-cdk/aws-kms";
const stack = new Stack(app, "MyStack");
const importedStream = Stream.fromStreamAttributes(
stack,
"ImportedEncryptedStream",
{
streamArn: "arn:aws:kinesis:us-east-2:123456789012:stream/f3j09j2230j",
encryptionKey: kms.Key.fromKeyArn(
"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
)
}
);
IAM roles, users or groups which need to be able to work with Amazon Kinesis streams at runtime should be granted IAM permissions.
Any object that implements the IGrantable
interface (has an associated principal) can be granted permissions by calling:
grantRead(principal)
- grants the principal read accessgrantWrite(principal)
- grants the principal write permissions to a StreamgrantReadWrite(principal)
- grants principal read and write permissionsGrant read
access to a stream by calling the grantRead()
API.
If the stream has an encryption key, read permissions will also be granted to the key.
const lambdaRole = new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
description: 'Example role...',
}
const stream = new Stream(this, 'MyEncryptedStream', {
encryption: StreamEncryption.KMS
});
// give lambda permissions to read stream
stream.grantRead(lambdaRole);
The following read permissions are provided to a service principal by the grantRead()
API:
kinesis:DescribeStreamSummary
kinesis:GetRecords
kinesis:GetShardIterator
kinesis:ListShards
kinesis:SubscribeToShard
Grant write
permissions to a stream is provided by calling the grantWrite()
API.
If the stream has an encryption key, write permissions will also be granted to the key.
const lambdaRole = new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
description: 'Example role...',
}
const stream = new Stream(this, 'MyEncryptedStream', {
encryption: StreamEncryption.KMS
});
// give lambda permissions to write to stream
stream.grantWrite(lambdaRole);
The following write permissions are provided to a service principal by the grantWrite()
API:
kinesis:ListShards
kinesis:PutRecord
kinesis:PutRecords
You can add any set of permissions to a stream by calling the grant()
API.
const user = new iam.User(stack, 'MyUser');
const stream = new Stream(stack, 'MyStream');
// give my user permissions to list shards
stream.grant(user, 'kinesis:ListShards');
1.78.0 (2020-12-11)
HttpOrigin
and LoadBalancerOrigin
changed from SSLv3 to TLSv1.2.domainName
property under DomainName
has been
renamed to name
.dnsHostName
and awsCloudMap
of VirtualNodeProps
have been replaced with the property serviceDiscovery
metricFailed
uses Average
instead of Sum
by default (#11941) (3530e8c)FAQs
The CDK Construct Library for AWS::Kinesis
The npm package @aws-cdk/aws-kinesis receives a total of 47,944 weekly downloads. As such, @aws-cdk/aws-kinesis popularity was classified as popular.
We found that @aws-cdk/aws-kinesis demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.