Creating the service-linked role Editing the service-linked role Deleting the service-linked role

Using the AmazonChimeSDKEvents service-linked role

The Amazon Chime SDK uses a service-linked role named AmazonChimeSDKEvents. The role grants access to the AWS services and resources used or managed by the Amazon Chime SDK, such as the Kinesis firehose used for data streaming.

The AmazonChimeSDKEvents service-linked role allows the Amazon Chime SDK to complete kinesis:PutRecord and kinesis:PutRecordBatch on streams with this format: arn:aws:firehose:::deliverystream/AmazonChimeSDKEvents-*.

You must configure permissions to allow an IAM entity such as a user, group, or role to create, edit, or delete a service-linked role. For more information, see Service-linked role permissions in the IAM User Guide.

Creating the service-linked role

The service-linked role is part of the Chime SDK Events CloudFormation template in the quick-create link.

You can also use the IAM console to create a service-linked role with the Amazon Chime SDK Events use case. In the AWS CLI or the AWS API, create a service-linked role with the events.chime.amazonaws.com service name. For more information, see Using service-linked roles in the IAM User Guide. If you delete this role, you can repeat this process to create it again.

Editing the service-linked role

After you create a service-linked role, you can only edit its description, and you do that using IAM. For more information, see Using service-linked roles in the IAM User Guide.

Deleting the service-linked role

As a best practice, delete the Amazon Chime SDKEvents role when you no longer need a feature or service that requires it. Otherwise, you have an unused entity that is not actively monitored or maintained.

To manually delete the role, you first delete the resources that the role uses. The following sets of steps explain how to do both tasks.

Deleting role resources

You delete resources by deleting the Kinesis firehose used to stream data.

Note

Deletions can fail if you try to delete resources while the role uses them. If a deletion fails, wait a few minutes and try the operation again.

To delete the role resources

Turn off the Kinesis firehose by invoking the following API.


aws firehose delete-delivery-stream --delivery-stream-name delivery_stream_name

To delete the service-linked role

Use the IAM console, AWS CLI, or the AWS API to delete the AmazonChimeSDKEvents service-linked role. For more information, see Using service-linked roles and Deleting a service-linked role in the IAM user Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using roles with media pipelines

Logging and monitoring