A Script to Create a Kinesis Stream

You can use the following Bash script to automate the creation of a Kinesis Stream. Copy the code and save it to your computer, for example as create_kinesis_stream.sh.

Run chmod +x create_kinesis_stream.sh to make it executable.

You will also need to install jq, a command line JSON processor on which the script depends. For installation instructions for your OS, please see the jq download page.

The script also depends upon the AWS CLI, which you will need to install and configure before executing the script.

The script takes two arguments: your chosen AWS Kinesis Stream name and a shard count.

1#!/bin/bash
2
3JQ_CHECK=$(which jq)
4if [ -z "$JQ_CHECK" ]; then
5  echo
6  echo "This script requires the jq JSON processor. Please install for your OS from https://stedolan.github.io/jq/download/"
7  echo
8  exit 1
9fi
10
11if [ $# -ne 2 ]; then
12  echo
13  echo "usage: $0 <stream_name> <shard_count>"
14  echo
15  exit 1
16fi
17
18# Set the stream name
19STREAM_NAME=${1:-twilio-events}
20SHARD_COUNT=${2:-1}
21
22# Create the initial stream
23aws kinesis create-stream --stream-name $STREAM_NAME --shard-count $SHARD_COUNT
24if [ $? -ne 0 ]; then
25  echo "Kinesis create failed"
26  exit 1
27fi
28
29# Get the ARN for the Kinesis Stream
30KINESIS_ARN=$(aws kinesis describe-stream --stream-name $STREAM_NAME | jq -r .StreamDescription.StreamARN)
31
32# Create the policy for the Kinesis Stream
33POLICY_ARN=$(aws iam create-policy --policy-name twilio-events-kinesis-write --policy-document '{
34   "Version": "2012-10-17",
35   "Statement": [
36       {
37           "Sid": "Quickstart0",
38           "Effect": "Allow",
39           "Action": [
40               "kinesis:PutRecord",
41               "kinesis:PutRecords"
42           ],
43           "Resource": "'$KINESIS_ARN'"
44       },
45       {
46           "Sid": "Quickstart1",
47           "Effect": "Allow",
48           "Action": [
49               "kinesis:ListShards",
50               "kinesis:DescribeLimits"
51           ],
52           "Resource": "*"
53       }
54   ]
55}' | jq -r .Policy.Arn)
56
57if [ -z "$POLICY_ARN" ]; then
58  echo "Failed to create IAM policy"
59  exit 1
60fi
61
62# Generate a random external ID
63EXTERNAL_ID=$(openssl rand -hex 40)
64if [ -z "$EXTERNAL_ID" ]; then
65  echo "Failed to generate external ID"
66  exit 1
67fi
68
69# This is the Twilio account that needs permissions to be able to assume the role
70TWILIO_ASSUME_ROLE_ACCOUNT=${TWILIO_ASSUME_ROLE_ACCOUNT:-arn:aws:iam::177261743968:root}
71
72# Add the random external ID to the the role ARN
73# More information can be found here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
74ROLE_ARN=$(aws iam create-role --role-name twilio-events-kinesis-write --assume-role-policy-document '{
75 "Version": "2012-10-17",
76 "Statement": [
77   {
78     "Effect": "Allow",
79     "Principal": {
80       "AWS": "'$TWILIO_ASSUME_ROLE_ACCOUNT'"
81     },
82     "Action": "sts:AssumeRole",
83     "Condition": {
84       "StringEquals": {
85         "sts:ExternalId": "'$EXTERNAL_ID'"
86       }
87     }
88   }
89 ]
90}' | jq -r .Role.Arn)
91
92if [ -z "$ROLE_ARN" ]; then
93  echo "Failed to create IAM role"
94  exit 1
95fi
96
97# Finally attach the policy and the role
98aws iam attach-role-policy --role-name twilio-events-kinesis-write --policy-arn $POLICY_ARN
99
100if [ $? -ne 0 ]; then
101  echo "Attaching policy to role failed"
102  exit 1
103fi
104
105# Print out the values needed for creating the sink in nice JSON
106echo "{"
107echo '"arn":"'$KINESIS_ARN'",'
108echo '"role_arn":"'$ROLE_ARN'",'
109echo '"external_id":"'$EXTERNAL_ID'"'
110echo "}"