This guide details the process of setting up cross-account IAM roles to allow your StarTree Cloud Data Plane to access Kinesis streams residing in a separate AWS account.
Modify the trust policy of the newly created IAM role (KA-Source-Stream-Role) to allow the StarTree Cloud Data Plane (acting as a “Sink AWS Principal”) to assume this role. This establishes the cross-account trust.
Obtain the ARN of the EC2 Instance Profile Role attached to the EC2 instances running your StarTree Data Plane. This role is automatically created by StarTree during environment deployment.
2.2. Attach an Assume Role Policy to the Data Plane IAM Role
Create and attach an IAM policy to the Data Plane IAM Role (identified in the previous step). This policy grants the Data Plane permission to assume the KA-Source-Stream-Role in the Source Account.