Use * syntax for faster search

Table of Contents


Overview

This article aims to guide you through the process of setting up a Kinesis Stream on your end.  This mainly includes granting Beeswax permissions to stream data to your Kinesis location.     

AWS Kinesis Setup:

Considerations & Best Practices:

Before you decide to set up a Kinesis stream, it is worth noting a few things before getting started:

1. We recommend that you provision Kinesis for at least 2x the number of bids per second ("bidding QPS"). For most customers, provisioning a 2 shard stream will be more than enough. We find that under-provisioned Kinesis streams may experience missing events due to Kinesis throttling.

2. Kinesis Streams must be regionally deployed - meaning you must have a Kinesis stream in each matching region where you are buying traffic with Beeswax.

3. We recommend that customers create alarms for the WriteProvisionedThroughputExceeded & ReadProvisionedThroughputExceeded under Kinesis Cloudwatch Metrics.

Setup:

In order to set up your Kinesis stream on the Beeswax end, your Beeswax AM or Support member will require two things:

1. Your AWS Stream Name (defined by you)

2. Your AWS Stream Role (example below)

arn:aws:iam::1234567890123:role/beeswax

Step 1: Setting up a IAM role with "Permission Policy"

Note: <stream name> is a placeholder for the Stream Name (decided by you).

Note: <account_id> is a placeholder for your AWS account ID

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1448997493000",
            "Effect": "Allow",
            "Action": [
                "kinesis:DescribeStream",
                "kinesis:PutRecord",
                "kinesis:PutRecords"
            ],
            "Resource": [
                "arn:aws:kinesis:*:<account_id>:stream/<stream_name>"
            ]
        }
    ]
}
Step 2: Add the following "Trust Relationship"

Note: <buzz_key> should be replaced with your actual buzz key. Your buzz key is the subdomain of your UI - if your UI is https://abcde.beeswax.com/, your buzz key is "abcde".

Note: If the customer has a key policy in place, they will have to whitelist our role. An extra permission is needed. "kms:GenerateDataKey" will need to be added to the Permissions Policy.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::164891057361:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "<buzz_key>"
        }
      }
    }
  ]
}
Step 3: Send over details

Send over the 'Stream Name' and 'Stream Role' your your Beeswax content.  With this information, your Beeswax contact can implement these details into our system in order to begin sending data via Kinesis stream to the location you specified.

  • No labels
Provide feedback on this article