Table of Contents
Overview
This article aims to guide you through the process of setting up a Kinesis Stream on your end. This mainly includes granting Buyer Cloud permissions to stream data to your Kinesis location.
AWS Kinesis Setup:
Considerations & Best Practices:
Before you decide to set up a Kinesis stream, it is worth noting a few things before getting started:
1. We recommend that you provision Kinesis for at least 2x the number of bids per second ("bidding QPS"). For most customers, provisioning a 2 shard stream will be more than enough. We find that under-provisioned Kinesis streams may experience missing events due to Kinesis throttling.
2. Kinesis Streams must be regionally deployed - meaning you must have a Kinesis stream in each matching region where you are buying traffic with Buyer Cloud.
3. We recommend that customers create alarms for the WriteProvisionedThroughputExceeded & ReadProvisionedThroughputExceeded under Kinesis Cloudwatch Metrics.
Setup:
In order to set up your Kinesis stream on the Buyer Cloud end, your Buyer Cloud Account Manager or Support member will require two things:
1. Your AWS Stream Name (defined by you)
2. Your AWS Stream Role (example below)
arn:aws:iam::1234567890123:role/beeswax
Step 1: Setting up a IAM role with "Permission Policy"
Note: <stream name> is a placeholder for the Stream Name (decided by you).
Note: <account_id> is a placeholder for your AWS account ID
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1448997493000",
"Effect": "Allow",
"Action": [
"kinesis:DescribeStream",
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Resource": [
"arn:aws:kinesis:*:<account_id>:stream/<stream_name>"
]
}
]
}
Step 2: Add the following "Trust Relationship"
Note: <buzz_key> should be replaced with your actual buzz key. Your buzz key is the subdomain of your UI - if your UI is https://abcde.beeswax.com/, your buzz key is "abcde".
Note: If the customer has a key policy in place, they will have to whitelist our role. An extra permission is needed. "kms:GenerateDataKey" will need to be added to the Permissions Policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::164891057361:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "<buzz_key>"
}
}
}
]
}
Step 3: Send over details
Send over the 'Stream Name' and 'Stream Role' your account representative. With this information, your account representative can implement these details into the system in order to begin sending data via Kinesis stream to the location specified.