After careful consideration, we have decided to discontinue Amazon Kinesis Data Analytics for SQL applications in two steps:

1. From October 15, 2025, you will not be able to create new Kinesis Data Analytics for SQL applications.

2. We will delete your applications starting January 27, 2026. You will not be able to start or operate your Amazon Kinesis Data Analytics for SQL applications. Support will no longer be available for Amazon Kinesis Data Analytics for SQL from that time. For more information, see Amazon Kinesis Data Analytics for SQL Applications discontinuation.

API Permissions: Actions, Permissions, and Resources Reference

When you are setting up Access Control and writing a permissions policy that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each API operation, the corresponding actions for which you can grant permissions to perform the action, and the Amazon resource for which you can grant the permissions. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.

You can use Amazon-wide condition keys in your policies to express conditions. For a complete list of Amazon-wide keys, see Available Keys in the IAM User Guide.

Note

To specify an action, use the kinesisanalytics prefix followed by the API operation name (for example, kinesisanalytics:AddApplicationInput).

If you see an expand arrow (↗) in the upper-right corner of the table, you can open the table in a new window. To close the window, choose the close button (X) in the lower-right corner.

API and Required Permissions for Actions
API Operations	Required Permissions (API Actions)	Resources
AddApplicationInput	`kinesisanalytics:AddApplicationInput`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
AddApplicationOutput	`kinesisanalytics:AddApplicationOutput`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
AddApplicationReferenceDataSource	`kinesisanalytics:AddApplicationReferenceDataSource`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
CreateApplication	`kinesisanalytics:CreateApplication`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
DeleteApplication	`kinesisanalytics:DeleteApplication`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
DeleteApplicationOutput	`kinesisanalytics:DeleteApplicationOutput`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
DeleteApplicationReferenceDataSource	`kinesisanalytics:DeleteApplicationReferenceDataSource`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
DescribeApplication	`kinesisanalytics:DescribeApplication`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
DiscoverInputSchema	`kinesisanalytics:DiscoverInputSchema`	*
ListApplications	`kinesisanalytics:ListApplications`	*
StartApplication	`kinesisanalytics:StartApplication`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
StopApplication	`kinesisanalytics:StopApplication`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
UpdateApplication	`kinesisanalytics:UpdateApplication`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`
Access or sample data in the console	`kinesisanalytics:GetApplicationState`	`arn:aws:kinesisanalytics: region:accountId:application/application-name`

GetApplicationState

The console uses an internal method called GetApplicationState to sample or access application data. Your service application needs to have permissions for the internal kinesisanalytics:GetApplicationState API to sample or access application data through the Amazon Web Services Management Console.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Using Identity-Based Policies (IAM Policies)

Monitoring