---
source_url: https://www.pubnub.com/docs/serverless/events-and-actions/actions/create-kinesis-action
title: Create Kinesis action
updated_at: 2026-06-19T11:39:19.440Z
---

> Documentation Index
> For a curated overview of PubNub documentation, see: https://www.pubnub.com/docs/llms.txt
> For the full list of all documentation pages, see: https://www.pubnub.com/docs/llms-full.txt


# Create Kinesis action

You must first configure AWS to have an [Amazon data stream](#create-a-data-stream) and an [IAM role](#create-an-iam-role). If you already did this, go to [Admin Portal configuration](#configure-admin-portal).

Use
Terraform

```hcl
resource "aws_kinesis_stream" "pubnub_kinesis" {
  name        = "pubnub-example"
  shard_count = 1

  stream_mode_details {
    stream_mode = "PROVISIONED"
  }
}

data "aws_iam_policy_document" "pubnub_kinesis_role" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::535363102202:root"]
    }

    condition {
      test     = "StringLike"
      variable = "sts:ExternalId"

      values = [
        "<PubNub subscribe key>"
      ]
    }
  }
}

resource "aws_iam_role" "pubnub_kinesis_example" {
  name               = "pubnub-kinesis-example"
  path               = "/"
  assume_role_policy = data.aws_iam_policy_document.pubnub_kinesis_role.json
}

resource "aws_iam_policy" "pubnub_kinesis_example" {
  name        = "pubnub-kinesis-example"
  path        = "/"
  description = "Pubnub Example Kinesis policy"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "kinesis:PutRecord",
        ]
        Effect   = "Allow"
        Resource = aws_kinesis_stream.pubnub_kinesis.arn
      },
    ]
  })
}

resource "aws_iam_role_policy_attachment" "pubnub-kinesis-attach" {
  role       = aws_iam_role.pubnub_kinesis_example.name
  policy_arn = aws_iam_policy.pubnub_kinesis_example.arn
}
```

show all
59
lines

## Create a data stream

1. Open Amazon Kinesis and go to Data streams.
2. Click Create data stream and enter a name. Supported service typeEvents & Actions supports the Data Streams service type.
3. Click Create data stream to save.
4. Copy the stream ARN for later.

## Create an IAM role

Create an IAM role with write permission to Kinesis.

1. Open AWS Identity and Access Management and go to Roles.
2. Click Create role and name the role.
3. Set AWS account as the Trusted entity type.
4. In An AWS account, select Another AWS account. Enter 535363102202 as the Account ID. This is PubNub’s AWS account ID. This trust lets PubNub assume the role to write to your data stream.
5. Under Options, select Require external ID.
6. Paste your app’s subscribe key from the Admin Portal into External ID. Optional, recommended by AWS. It sets your subscribe key as the external ID for PubNub calls. Access policy example: 1{2 "Version": "2012-10-17",3 "Statement": [4 {5 "Effect": "Allow",6 "Principal": {7 "AWS": "arn:aws:iam::535363102202:root"8 },9 "Action": "sts:AssumeRole",10 "Condition": {11 "StringEquals": {12 "sts:ExternalId": "<PubNub subscribe key>"13 }14 }15 }16 ]17} Click Next.
7. Create a permissions policy with kinesis:PutRecord. Click Create policy. Switch to JSON and paste the snippet below. Replace Resource with your stream ARN: 1{2 "Statement": [3 {4 "Action": [5 "kinesis:PutRecord"6 ],7 "Effect": "Allow",8 "Resource": "<ARN of customer's Kinesis data stream>"9 }10 ],11 "Version": "2012-10-17"12} Complete the policy in the wizard.
8. Select the policy and click Next.
9. Name the role and click Create Role.
10. Copy the role ARN for later.

## Configure Admin Portal

1. In **Events & Actions** on the [Admin Portal](https://admin.pubnub.com/), click **+ Add Action**.
2. Click **Amazon Kinesis** to select the action type.
3. Paste the **Data Stream ARN** and **Role ARN** values.
4. (Optional) Enable and configure [retries](https://www.pubnub.com/docs/serverless/events-and-actions/events#retries) in **Kinesis retry**.
5. Pair the action with an event listener in **Actions**. Click **Add event listener** and select an existing listener or [create one](https://www.pubnub.com/docs/serverless/events-and-actions/configure-e&a#create-event-listener).
6. Click **Save changes**.

## Terms in this document

* **PubNub** - PubNub is a real-time messaging platform that provides APIs and SDKs for building scalable applications. It handles the complex infrastructure of real-time communication, including: Message delivery and persistence, Presence detection, Access control, Push notifications, File sharing, Serverless processing with Functions and Events & Actions, Analytics and monitoring with BizOps Workspace, AI-powered insights with Illuminate.
* **Subscribe Key** - A unique identifier that allows your application to receive messages from PubNub channels. It's part of your app's credentials and should be kept secure.