AWS – Amazon Kinesis Data Streams announces support for Attribute-Based Access Control (ABAC)
Amazon Kinesis Data Streams announces support for attribute-based access control (ABAC) using stream tags, enabling customers to enhance their overall security postures with a scalable access control solution. Amazon Kinesis Data Streams is a serverless data streaming service that enables customers to capture, process, and store data streams at any scale. ABAC is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources, such as IAM users and roles, and to AWS resources for fine-grained access control.
ABAC support for Kinesis Data Streams makes it simple for you to give granular access to developers without requiring a policy update when a user or project is added, removed or updated. With ABAC support for Kinesis Data Streams, IAM policies can be used to allow or deny specific Kinesis Data Streams API actions when the IAM principal’s tags match the tags on a data stream.
Getting started with ABAC for Kinesis Data Streams is easy. Kinesis Data Streams supports using stream tags and attaching them to IAM policies that allow or deny access to the Kinesis Data Stream based on your tags. You can use the Amazon APIs, the Amazon CLI, or the Amazon Web Services Management Console to tag your resources.
Read More for the details.