Sample IAM Policies
The following are sample IAM policies in JSON format.
Twilio role. Permissions to write to Kinesis stream
Copy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Quickstart0",
"Effect": "Allow",
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Resource": "arn:aws:kinesis:us-east-1:122222222222:stream/twilio-events"
},
{
"Sid": "Quickstart1",
"Effect": "Allow",
"Action": [
"kinesis:ListShards",
"kinesis:DescribeLimits"
],
"Resource": "*"
}
]
}Verint role. Permissions to read from Kinesis stream
If you are using encryption on your Kinesis stream, additional permissions are required to grant access to the encryption keys.
To limit access further, the permissions can be scoped to individual resources, such as the specific Kinesis stream and specific DynamoDB table.
Copy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"cloudwatch:PutMetricData",
"dynamodb:PutItem",
"kinesis:ListShards",
"dynamodb:DeleteItem",
"kinesis:GetShardIterator",
"dynamodb:Scan",
"kinesis:DescribeStream",
"dynamodb:UpdateItem",
"dynamodb:CreateTable",
"dynamodb:DescribeTable",
"kms:Encrypt",
"dynamodb:GetItem",
"kms:GenerateDataKey",
"kinesis:GetRecords"
],
"Resource": "*"
}
]
}Verint role. Permissions to read from S3 Bucket
If recorded content is being store in an S3 bucket, additional permissions are required to grant access to the bucket.
Copy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::bucket-name"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::bucket-name/*"
}
]
}