Today, Amazon Kinesis Data Streams introduces support for tagging and Attribute-Based Access Control (ABAC) for enhanced fan-out consumers. You can register enhanced fan-out consumers to have dedicated low latency read throughput per shard, up to 2MB/s. ABAC is an authorization strategy that defines access permissions based on tags that can be attached to IAM users, roles, and AWS resources for fine-grained access control. This new feature enables you to apply tags for allocating costs and simplifying permission management for your enhanced fan-out consumers.
With this launch, you can now tag your enhanced fan-out consumers used by different business units to track and allocate costs in AWS Cost Explorer without manually tracking costs per consumer. You can apply tags to enhanced fan-out consumers using the Kinesis Data Streams API or AWS Command Line Interface (CLI). Additionally, ABAC support for enhanced fan-out consumers allows you to use IAM policies to allow or deny specific Kinesis Data Streams API actions when the IAM principal’s tags match the tags on a registered consumer.
Tagging and Attribute-Based Access Control for enhanced fan-out consumers are available in all AWS Regions
, including the AWS China and AWS GovCloud (US) Regions. To learn more about tagging and ABAC support for consumers, see Tag your resources
and Attribute-Based Access Control (ABAC) for AWS
.