sink.tf

data "aws_caller_identity" "current" {}

data "aws_region" "current" {}

variable "source_account_id" {
  description = "id of source AWS account"
  type        = string
}

data "aws_iam_policy_document" "trust_relationship_document" {
  statement {
    sid = "1"
    actions = [
      "sts:AssumeRole"
    ]
    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::${var.source_account_id}:role/lambda-execution-role"]
    }
    effect = "Allow"
  }
}

data "aws_iam_policy_document" "policy_document" {
  statement {
    sid = "1"

    actions = [
      "kinesis:DescribeStream",
      "kinesis:ListStreams",
      "kinesis:PutRecord",
      "kinesis:PutRecords"
    ]

    resources = [
        "arn:aws:kinesis:us-east-1:${data.aws_region.current.name}:stream/destination-stream"
    ]

    effect = "Allow"
  }
}

resource "aws_iam_role" "assume_lambda_role" {
  name               = "assume-lambda-role"
  assume_role_policy = data.aws_iam_policy_document.trust_relationship_document.json
}

resource "aws_iam_role_policy" "assume_lambda_policy" {
  policy = data.aws_iam_policy_document.policy_document.json
  role   = aws_iam_role.assume_lambda_role.id
}