AWS – Amazon Kinesis Data Streams now supports tagging and Attribute-Based Access Control for consumers

Today, Amazon Kinesis Data Streams introduces support for tagging and Attribute-Based Access Control (ABAC) for enhanced fan-out consumers. You can register enhanced fan-out consumers to have dedicated low latency read throughput per shard, up to 2MB/s. ABAC is an authorization strategy that defines access permissions based on tags that can be attached to IAM users, roles, and AWS resources for fine-grained access control. This new feature enables you to apply tags for allocating costs and simplifying permission management for your enhanced fan-out consumers.

With this launch, you can now tag your enhanced fan-out consumers used by different business units to track and allocate costs in AWS Cost Explorer without manually tracking costs per consumer. You can apply tags to enhanced fan-out consumers using the Kinesis Data Streams API or AWS Command Line Interface (CLI). Additionally, ABAC support for enhanced fan-out consumers allows you to use IAM policies to allow or deny specific Kinesis Data Streams API actions when the IAM principal’s tags match the tags on a registered consumer.

Tagging and Attribute-Based Access Control for enhanced fan-out consumers are available in all AWS Regions, including the AWS China and AWS GovCloud (US) Regions. To learn more about tagging and ABAC support for consumers, see Tag your resources and Attribute-Based Access Control (ABAC) for AWS.
 

Read More for the details.