Edit IAM role from console - Amazon Data Firehose
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Firehose supports database as a source in all Amazon Web Services Regions except China Regions, Amazon GovCloud (US) Regions, and Asia Pacific (Malaysia). This feature is in preview and is subject to change. Do not use it for your production workloads.

Edit IAM role from console

When you edit a Firehose stream, Firehose updates the corresponding permission policy accordingly to reflect the configuration and permission changes.

For example, when you edit the Firehose stream and enable Transform source records with Amazon Lambda feature using the latest version of Lambda function as exampleLambdaFunction, you get the following policy statement in the permission policy.

{ "Sid": "lambdaProcessing", "Effect": "Allow", "Action": [ "lambda:InvokeFunction", "lambda:GetFunctionConfiguration" ], "Resource": "arn:aws:lambda:us-east-1:<account id>:function:exampleLambdaFunction:$LATEST" }
Important

A console-managed IAM role is designed to be autonomous. We don't recommend that you modify the permission policy or trust policy outside of the console.

  1. Open the Firehose console at https://console.amazonaws.cn/firehose/.

  2. Choose Firehose streams and choose the name of a Firehose stream you want to update.

  3. On the Configuration tab, in the Server access section, choose Edit.

  4. Update the IAM role option.

    Note

    By default, the console always updates an IAM role with the pattern service-role in its ARN. When you choose the existing IAM role option, make sure to select an IAM role without the service-role string in its ARN so that console doesn’t make any changes to it.

  5. Choose Save changes.