mhausenblas/firehose-delivery-policy.json

## firehose-delivery-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "glue:GetTableVersions"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::mh9-firelens-demo",
        "arn:aws:s3:::mh9-firelens-demo/*",
        "arn:aws:s3:::%FIREHOSE_BUCKET_NAME%",
        "arn:aws:s3:::%FIREHOSE_BUCKET_NAME%/*"
      ]
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "lambda:InvokeFunction",
        "lambda:GetFunctionConfiguration"
      ],
      "Resource": "arn:aws:lambda:us-west-2:XXXXXXXXXXXX:function:%FIREHOSE_DEFAULT_FUNCTION%:%FIREHOSE_DEFAULT_VERSION%"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "logs:PutLogEvents"
      ],
      "Resource": [
        "arn:aws:logs:us-west-2:XXXXXXXXXXXX:log-group:/aws/kinesisfirehose/eks-stream:log-stream:*"
      ]
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "kinesis:DescribeStream",
        "kinesis:GetShardIterator",
        "kinesis:GetRecords"
      ],
      "Resource": "arn:aws:kinesis:us-west-2:XXXXXXXXXXXX:stream/%FIREHOSE_STREAM_NAME%"
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:Decrypt"
      ],
      "Resource": [
        "arn:aws:kms:us-west-2:XXXXXXXXXXXX:key/%SSE_KEY_ID%"
      ],
      "Condition": {
        "StringEquals": {
          "kms:ViaService": "kinesis.%REGION_NAME%.amazonaws.com"
        },
        "StringLike": {
          "kms:EncryptionContext:aws:kinesis:arn": "arn:aws:kinesis:%REGION_NAME%:XXXXXXXXXXXX:stream/%FIREHOSE_STREAM_NAME%"
        }
      }
    }
  ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"glue:GetTableVersions"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"s3:AbortMultipartUpload",
	"s3:GetBucketLocation",
	"s3:GetObject",
	"s3:ListBucket",
	"s3:ListBucketMultipartUploads",
	"s3:PutObject"
	],
	"Resource": [
	"arn:aws:s3:::mh9-firelens-demo",
	"arn:aws:s3:::mh9-firelens-demo/*",
	"arn:aws:s3:::%FIREHOSE_BUCKET_NAME%",
	"arn:aws:s3:::%FIREHOSE_BUCKET_NAME%/*"
	]
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"lambda:InvokeFunction",
	"lambda:GetFunctionConfiguration"
	],
	"Resource": "arn:aws:lambda:us-west-2:XXXXXXXXXXXX:function:%FIREHOSE_DEFAULT_FUNCTION%:%FIREHOSE_DEFAULT_VERSION%"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"logs:PutLogEvents"
	],
	"Resource": [
	"arn:aws:logs:us-west-2:XXXXXXXXXXXX:log-group:/aws/kinesisfirehose/eks-stream:log-stream:*"
	]
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"kinesis:DescribeStream",
	"kinesis:GetShardIterator",
	"kinesis:GetRecords"
	],
	"Resource": "arn:aws:kinesis:us-west-2:XXXXXXXXXXXX:stream/%FIREHOSE_STREAM_NAME%"
	},
	{
	"Effect": "Allow",
	"Action": [
	"kms:Decrypt"
	],
	"Resource": [
	"arn:aws:kms:us-west-2:XXXXXXXXXXXX:key/%SSE_KEY_ID%"
	],
	"Condition": {
	"StringEquals": {
	"kms:ViaService": "kinesis.%REGION_NAME%.amazonaws.com"
	},
	"StringLike": {
	"kms:EncryptionContext:aws:kinesis:arn": "arn:aws:kinesis:%REGION_NAME%:XXXXXXXXXXXX:stream/%FIREHOSE_STREAM_NAME%"
	}
	}
	}
	]
	}