AWS Firehose Role

Firehose assume role

How to resolve KMS access problem in firehose:

  1. go to kms console, find the key
  2. add role arn in the key policy as follows
          "Sid": "Allow use of the key",
          "Effect": "Allow",
          "Principal": {"AWS": [
          "Action": [
          "Resource": "*"
  3. Make sure the following is defined in the access role:
    - Effect: Allow
             - kms:Decrypt
             - kms:Encrypt
             - kms:GenerateDataKey
               - key arn