Step 4: Create an IAM role - Amazon Kinesis Video Streams
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 4: Create an IAM role

The role that you create in this step can be assumed by Amazon IoT in order to obtain temporary credentials from the Amazon Security Token Service (Amazon STS). This is done when performing credential authorization requests from the Amazon Kinesis Video Streams Edge Agent.

Create the service role for Amazon Kinesis Video Streams (IAM console)

  1. Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/.

  2. In the navigation pane of the IAM console, choose Roles, and then choose Create role.

  3. Choose the Custom trust policy role type and paste the following policy:

    {
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Principal": {
            "Service": "credentials.iot.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }
}

  4. Select the box next to the IAM policy that you created in Step 3: Create an IAM permissions policy.

  5. Choose Next.

  6. Enter a role name or role name suffix to help you identify the purpose of this role.

    Example: KvsEdgeAgentRole

  7. (Optional) For Description, enter a description for the new role.

  8. (Optional) Add metadata to the role by attaching tags as key/value pairs.

    For more information about using tags in IAM, see Tagging IAM resources in the IAM User Guide.

  9. Review the role and then choose Create role.