Kinesis / Client / put_resource_policy



Attaches a resource-based policy to a data stream or registered consumer. If you are using an identity other than the root user of the Amazon Web Services account that owns the resource, the calling identity must have the PutResourcePolicy permissions on the specified Kinesis Data Streams resource and belong to the owner’s account in order to use this operation. If you don’t have PutResourcePolicy permissions, Amazon Kinesis Data Streams returns a 403 Access Denied error. If you receive a ResourceNotFoundException, check to see if you passed a valid stream or consumer resource.

Request patterns can be one of the following:

  • Data stream pattern: arn:aws.*:kinesis:.*:\d{12}:.*stream/\S+

  • Consumer pattern: ^(arn):aws.*:kinesis:.*:\d{12}:.*stream\/[a-zA-Z0-9_.-]+\/consumer\/[a-zA-Z0-9_.-]+:[0-9]+

For more information, see Controlling Access to Amazon Kinesis Data Streams Resources Using IAM.

See also: AWS API Documentation

Request Syntax

response = client.put_resource_policy(
  • ResourceARN (string) –


    The Amazon Resource Name (ARN) of the data stream or consumer.

  • Policy (string) –


    Details of the resource policy. It must include the identity of the principal and the actions allowed on this resource. This is formatted as a JSON string.




  • Kinesis.Client.exceptions.AccessDeniedException

  • Kinesis.Client.exceptions.ResourceNotFoundException

  • Kinesis.Client.exceptions.LimitExceededException

  • Kinesis.Client.exceptions.InvalidArgumentException

  • Kinesis.Client.exceptions.ResourceInUseException