Trying to create a Firehose Delivery Stream with this resource definition;
SignatureFirehose:
Type: AWS::KinesisFirehose::DeliveryStream
Properties:
DeliveryStreamName: ${self:service}-signature-firehose-${self:provider.stage}
DeliveryStreamType: KinesisStreamAsSource
KinesisStreamSourceConfiguration:
KinesisStreamARN:
Fn::GetAtt: [SignatureStream, Arn]
S3DestinationConfiguration:
BucketARN:
Fn::GetAtt: [S3Store, Arn]
BufferingHints:
IntervalInSeconds: 300
SizeInMBs: 5
CompressionFormat: GZIP
EncryptionConfiguration:
KMSEncryptionConfig:
AWSKMSKeyARN: 'alias/aws/kinesis'
Prefix: "fh/"
RoleARN: # Note, nested directly under 'Properties'
Fn::GetAtt: [FirehoseDelegateRole, Arn]
However, when I fire this up, I get An error occurred: SignatureFirehose - Encountered unsupported property RoleARN
So if i indent the RoleARN so that it’s a child of the S3 Config, I get this helpful little fella
An error occurred: SignatureFirehose - Property RoleARN cannot be empty..
What am I missing!?
For the record this is the FirehoseDelegateRole
FirehoseDelegateRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-fhdelegate
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- firehose.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-fhdelegate
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:ListAllMyBuckets
- s3:GetBucketLocations
Resource: '*'
- Effect: Allow
Action:
- s3:ListBucket
Resource:
- "arn:aws:s3:::*/**"
- Effect: Allow
Action:
- s3:GetObject
Resource:
- "arn:aws:s3:::*/**"
