AWS uses role based authorization between the services. You will create two roles dojogluerole and dojiotrole which are used by AWS Glue and AWS IoT Core to call other AWS services to implement the scenario.
-
Login to AWS Console and goto IAM Management Console. Click on the Roles menu in the left and then click on the Create role button.
-
On the next screen, select Glue as the AWS Service and click on the Next: Permission button.
-
On the next screen, you select PowerUserAccess as the policy and click on the Next: Tags button. AWS Glue job will make call to many services like S3, Kinesis and Glue Catalog Table. The workshop is providing PowerUserAccess to simplify it but in actual production environment, you should go for specific permissions only.
-
Click on the Next: Review button on the next screen.
-
On the next screen, enter the role name as dojogluerole and click on the Create role button.
-
The role is created in no time. You now repeat the same process to create dojoiotrole. Click on the Create role button again. On the next screen, select IoT as the AWS Service and click on the Next: Permission button.
-
On the next screen, it shows the default policies assigned to the role. Keep them as it is and click on the Next: Tags button.
-
Click on the Next: Review button on the next screen.
-
On the next screen, enter the role name as dojoiotrole and click on the Create role button.
-
The role is again created in no time. Roles are in place; let’s create Kinesis data stream.