Skip to main content

Privacera Documentation

Access Kinesis with the Data Access Server on Privacera Platform

Create Kinesis datastream query

  1. Open your terminal and execute the following command to create a new datastream called SalesDataStream.

    aws kinesis create-stream --stream-name SalesDataStream --shard-count 1 --region us-east-1
    
    • Options: –stream-name : datastream name

    The following result is displayed: An error occured (403). This means that the current user does not have the required permissions to perform this operation.

  2. Check the Audit page for the previously executed command by selecting Access Management > Audit from the Privacera portal navigation menu.

    The Audit page displays.

  3. Create a Ranger policy that provides the user with CreateStream permission for SalesDataStream.

    1. From the navigation menu, select Access Management > Resource Policies.

    2. Select privacera_kinesis > Add New Policy.

    3. Enter the following details:

      • Policy Name: SalesDataStreamPolicy

      • kinesis_datastream: SalesDataStream (The Kinesis Datastream that you want the user to create)

      • In Allow Conditions, click + and select the following:

        • User: The username you want to provide access to.

        • Add Permission as: CreateStream

  4. Run the query from Step 1.

    The user will now be able to Create Data Stream.

List Kinesis datastream query

  1. Open your terminal and execute following command.

    aws kinesis list-streams --region us-east-1
    

    The following result is displayed: An error occured (403). This means that the current user does not have the required permissions to perform this operation.

  2. The following result displays: An error occurred (403). This means that the current user does not have the required permissions to perform this operation.

  3. Create a Ranger policy that provides the user with ListStreams permission.

    1. From the navigation menu, select Access Management > Resource Policies.

    2. Select privacera_kinesis > Add New Policy.

    3. Enter the following details:

      • Policy Name: ListStreamsPolicy

      • kinesis_datastream: *

      • In Allow Conditions, click + and enter the following:

        • User: The username you want to provide access to.

        • Add Permission as: ListStreams

  4. Run the query from Step 1.

    The user will now be able to view Data Streams - SalesDataStream.

Describe Kinesis datastream query

  1. Open your terminal and execute the following command.

    aws kinesis describe-stream --stream-name SalesDataStream --region us-east-1
    aws kinesis describe-stream-summary --stream-name SalesDataStream --region us-east-1
    

    The following result displays: An error occurred (403). This means that the current user does not have the required permissions to perform this operation.

  2. Check the Audit page for the previously executed command by selecting Access Management > Audit from the Privacera portal navigation menu.

  3. Create a Ranger policy that provides the user with DescribeStream and DescribeStreamSummary permissions.

    1. From the navigation menu, select Access Management > Resource Policies.

    2. Select privacera_kinesis > Add New Policy.

    3. Enter the following details:

      • Policy Name: SalesDataStreamPolicy

      • kinesis_datastream: SalesDataStream (the Kinesis datastream that you want to allow the user to describe).

      • In Allow Conditions, click + and enter the following:

        • User: The username you want to provide access to.

        • Add Permission as: DescribeStream, DescribeStreamSummary

  4. Run the query from Step 1.

    The user will now be able to view SalesDataStream details.

PutRecord Kinesis datastream query

  1. Open your and execute the following command to putRecord into datastream SalesDataStream.

    aws kinesis put-record --stream-name SalesDataStream --data testdata --partition-key pkey --region us-east-1
    

    The following result displays: An error occurred (403). This means that the current user does not have the required permissions to perform this operation.

  2. Check the Audit page for the previously executed command by selecting Access Management > Audit from the Privacera portal navigation menu.

  3. Create a Ranger policy that provides the user with putRecord permissions.

    1. From the navigation menu, select Access Management > Resource Policies.

    2. Select privacera_kinesis > Add New Policy.

    3. Enter the following details:

      • kinesis_datastream: SalesDataStream (Kinesis Datastream which you want to allow the user to putRecord).

      • In Allow Conditions, click + and enter the following:

        • User: The username you want to provide access to.

        • Add Permission as: DescribeStream, DescribeStreamSummary

  4. Run the query from Step 1.

    The user will now be able to putRecord into Data Streams - SalesDataStream

GetRecord Kinesis datastream query

  1. Open your terminal and execute the following command to getRecord into datastream SalesDataStream.

    aws kinesis list-shards --stream-name SalesDataStream --region us-east-1
    

    The following result displays: An error occurred (403). This means that the current user does not have the required permissions to perform this operation.

  2. Check the Audit page for the previously executed command by selecting Access Management > Audit from the Privacera portal navigation menu.

  3. Create a Ranger policy to give the user GetRecord permission.

    1. From the navigation menu, select Access Management > Resource Policies.

    2. Select privacera_kinesis > Add New Policy.

    3. Enter the following details:

      • kinesis_datastream: SalesDataStream (Kinesis Datastream which you want to allow the user to GetRecord).

      • In Allow Conditions, click + and enter the following:

        • User: The username you want to provide access to.

        • Add Permission as: GetRecords, GetShardIterator, ListShards

  4. Run the query from Step 1.

  5. Copy the Shard id from the previous command output.

    aws kinesis get-shard-iterator --stream-name SalesDataStream --shard-id <shard_Id> --shard-iterator-type TRIM_HORIZON --region us-east-1
    
  6. Copy Shard Iterator from the previous command output.

    aws kinesis get-records --shard-iterator <shard_iterator> --region us-east-1
    
  7. Copy Data from the above command output.

    You received the Base64 decoded Data, Copy Data.

  8. Use the Base64 decoded Data and Copy Data in the following command

    echo <data> | base64 --decode

    User will be able to getRecord into Data Streams - SalesDataStream.