Menu
Amazon Rekognition
Developer Guide

Giving Amazon Rekognition Video Access to Your Kinesis Streams

You use an AWS Identity and Access Management (IAM) service role to give Amazon Rekognition Video read access to Kinesis video streams and write access to Kinesis data streams.

Giving Access to Your Kinesis Video Streams and Kinesis Data Streams

IAM provides the Rekognition service role use case that, when used with the AmazonRekognitionServiceRole permissions policy, can write to multiple Kinesis data streams and read from all your Kinesis video streams. To give Amazon Rekognition Video write access to multiple Kinesis data streams, you can prepend the names of the Kinesis data streams with AmazonRekognition—for example, AmazonRekognitionMyDataStreamName.

To give Amazon Rekognition Video access to your Kinesis video stream and Kinesis data stream

  1. Create an IAM service role. Use the following information to create the IAM service role:

    1. Choose Rekognition for the service name.

    2. Choose Rekognition for the service role use case.

    3. Choose the AmazonRekognitionServiceRole permissions policy, which gives Amazon Rekognition Video write access to Kinesis data streams that are prefixed with AmazonRekognition and read access to all your Kinesis video streams.

  2. Note the Amazon Resource Name (ARN) of the service role. You need it to start video analysis operations.

Giving Access to Individual Kinesis Streams

You can create a permissions policy that allows Amazon Rekognition Video access to individual Kinesis video streams and Kinesis data streams.

To give Amazon Rekognition Video access to an individual Kinesis video stream and Kinesis data stream

  1. Create a new permissions policy with the IAM JSON policy editor, and use the following policy. Replace data-arn with the ARN of the desired Kinesis data stream and video-arn with the ARN of the desired Kinesis video stream.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesis:PutRecord", "kinesis:PutRecords" ], "Resource": "data-arn" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "video-arn" } ] }
  2. Create an IAM service role, or update an existing IAM service role. Use the following information to create the IAM service role:

    1. Choose Rekognition for the service name.

    2. Choose Rekognition for the service role use case.

    3. Attach the permissions policy that you created in step 1.

  3. Note the ARN of the service role. You need it to start video analysis operations.