Skip to main content

Prerequisites

Before you can use Amazon Kinesis Data Streams as a target endpoint in a Replicate task, the following prerequisites must be met:

  • Replicate connects to AWS using SSL. This requires an appropriate CA certificate to reside on the Replicate machine; otherwise, the connection will fail. The purpose of the CA certificate is to authenticate the ownership of the AWS server certificate.

    On Windows, the required CA certificate is always present whereas on Linux it may sometimes be missing. Therefore, if you are using Replicate for Linux, make sure that the required CA certificate exists in the following location on the Linux machine:

    /etc/pki/tls/certs/ca-bundle.crt

    If it does not exist, the simplest solution is to copy the certificates bundle from another Linux machine.

  • The target streams must already exist before starting the replication task.

  • Create a stream named attrep_apply_exceptionsbefore starting the replication task. Note that if this stream does not exist, the task will always fail when it encounters a data error, regardless of the error handling policy.

    For a description of the attrep_apply_exceptions table, see Apply exceptions

  • The AWS account specified in the General tab must have the following permissions:

    Information note

    All strings that begin with YOUR should be replaced with the actual value.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "kinesis:PutRecords",
                    "kinesis:DescribeStream"
                ],
                "Resource": "arn:aws:kinesis:YOUR_AWS_REGION:YOUR_ACCOUNT_NAME:stream/YOUR_STREAM_NAME"
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": "kinesis:ListStreams",
                "Resource": "*"
            }
        ]
    }

     

    Additionally, if the Kinesis Stream was configured in Amazon to encrypt the data at rest, the following additional KMS permissions should be set:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "kms:Encrypt",
                    "kms:DescribeKey"
                ],
                "Resource": "arn:aws:kms:YOUR_AWS_REGION:YOUR_ACCOUNT_NAME:key/YOUR_KEY_GUID"
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": "kms:GenerateDataKey",
                "Resource": "*"
            }
        ]
    }

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!