You can use the following Bash script to automate the creation of a Kinesis Stream. Copy the code and save it to your computer, for example as create_kinesis_stream.sh
.
Run chmod +x create_kinesis_stream.sh
to make it executable.
You will also need to install jq, a command line JSON processor on which the script depends. For installation instructions for your OS, please see the jq download page.
The script also depends upon the AWS CLI, which you will need to install and configure before executing the script.
The script takes two arguments: your chosen AWS Kinesis Stream name and a shard count.
_110#!/bin/bash_110_110JQ_CHECK=$(which jq)_110if [ -z "$JQ_CHECK" ]; then_110 echo_110 echo "This script requires the jq JSON processor. Please install for your OS from https://stedolan.github.io/jq/download/"_110 echo_110 exit 1_110fi_110_110if [ $# -ne 2 ]; then_110 echo_110 echo "usage: $0 <stream_name> <shard_count>"_110 echo_110 exit 1_110fi_110_110# Set the stream name_110STREAM_NAME=${1:-twilio-events}_110SHARD_COUNT=${2:-1}_110_110# Create the initial stream_110aws kinesis create-stream --stream-name $STREAM_NAME --shard-count $SHARD_COUNT_110if [ $? -ne 0 ]; then_110 echo "Kinesis create failed"_110 exit 1_110fi_110_110# Get the ARN for the Kinesis Stream_110KINESIS_ARN=$(aws kinesis describe-stream --stream-name $STREAM_NAME | jq -r .StreamDescription.StreamARN)_110_110# Create the policy for the Kinesis Stream_110POLICY_ARN=$(aws iam create-policy --policy-name twilio-events-kinesis-write --policy-document '{_110 "Version": "2012-10-17",_110 "Statement": [_110 {_110 "Sid": "Quickstart0",_110 "Effect": "Allow",_110 "Action": [_110 "kinesis:PutRecord",_110 "kinesis:PutRecords"_110 ],_110 "Resource": "'$KINESIS_ARN'"_110 },_110 {_110 "Sid": "Quickstart1",_110 "Effect": "Allow",_110 "Action": [_110 "kinesis:ListShards",_110 "kinesis:DescribeLimits"_110 ],_110 "Resource": "*"_110 }_110 ]_110}' | jq -r .Policy.Arn)_110_110if [ -z "$POLICY_ARN" ]; then_110 echo "Failed to create IAM policy"_110 exit 1_110fi_110_110# Generate a random external ID_110EXTERNAL_ID=$(openssl rand -hex 40)_110if [ -z "$EXTERNAL_ID" ]; then_110 echo "Failed to generate external ID"_110 exit 1_110fi_110_110# This is the Twilio account that needs permissions to be able to assume the role_110TWILIO_ASSUME_ROLE_ACCOUNT=${TWILIO_ASSUME_ROLE_ACCOUNT:-arn:aws:iam::177261743968:root}_110_110# Add the random external ID to the the role ARN_110# More information can be found here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html_110ROLE_ARN=$(aws iam create-role --role-name twilio-events-kinesis-write --assume-role-policy-document '{_110 "Version": "2012-10-17",_110 "Statement": [_110 {_110 "Effect": "Allow",_110 "Principal": {_110 "AWS": "'$TWILIO_ASSUME_ROLE_ACCOUNT'"_110 },_110 "Action": "sts:AssumeRole",_110 "Condition": {_110 "StringEquals": {_110 "sts:ExternalId": "'$EXTERNAL_ID'"_110 }_110 }_110 }_110 ]_110}' | jq -r .Role.Arn)_110_110if [ -z "$ROLE_ARN" ]; then_110 echo "Failed to create IAM role"_110 exit 1_110fi_110_110# Finally attach the policy and the role_110aws iam attach-role-policy --role-name twilio-events-kinesis-write --policy-arn $POLICY_ARN_110_110if [ $? -ne 0 ]; then_110 echo "Attaching policy to role failed"_110 exit 1_110fi_110_110# Print out the values needed for creating the sink in nice JSON_110echo "{"_110echo '"arn":"'$KINESIS_ARN'",'_110echo '"role_arn":"'$ROLE_ARN'",'_110echo '"external_id":"'$EXTERNAL_ID'"'_110echo "}"