We’re in the process of migrating from an out of date release of the Clojure Snowplow. And we’d like to jump directly to the latest Scala/Kinesis version of the package.
The roadblock I’ve hit is defining the IAM permissions I need to create than assign to the collector instances. The documentation I’ve found so far only talks about creating users, not policies/roles. And the permissions listed in those docs are very broad, with things like “iam:", "s3:”, and “redshift:" applied to "Resource:”.
What I really need is a more targeted list of permissions that the various parts of the pipeline need so I can build policies, the aggregate those to roles, and apply the appropriate roles to the instances handling the stages of the pipeline.
Any pointer to anything related to IAM permissions needed by the Scala/Kinesis version of the Snowplow software would be appreciated.
I’m plowing through the process of setting things up too. If we continue to pursue using the Kinesis based Snowplow pipeline I’ll post the final IAM settings that worked for me.