Your team is developing an application that will be making use of Kinesis Analytics. The Analytics application will be reading records from Kinesis data streams.
Which of the following actions need to be part of the permission policy? (Select all that apply)

Answer options:

A.Kinesis:GetRecords
B.Kinesis:PutRecords
C.Kinesis:DescribeStream
D.Kinesis:GetShardIterator

Answer: A, C and D
Options A, C, and D are CORRECT because if you are creating an IAM role to allow Amazon Kinesis Data Analytics to read from an application`s streaming source, you must grant permissions for relevant read actions.
Option B is incorrect because the data is being read from the stream and not put in the stream. The permission of Kinesis: PutRecords is not needed over here.
Permissions Policy for Reading a Kinesis Stream
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ReadInputKinesis",
"Effect": "Allow",
"Action": [
"kinesis:DescribeStream",
"kinesis:GetShardIterator",
"kinesis:GetRecords"
],
"Resource": [
"arn:aws:kinesis:aws-region:aws-account-id:stream/inputStreamName"
]
}
]
}
Reference:
https://docs.aws.amazon.com/kinesisanalytics/latest/dev/iam-role.html