aws-cdk-kinesis: Implement Kinesis Stream L2 construct.

[sam-goodwin]

Implement a L2 construct for a Kinesis stream:

• Supports unencrypted and KMS encrypted streams
• User can provide a KMS key or have one generated
• User can grant read, write and read/write permissions which defines a policy with permissions to the Stream and Key (if required)
• Streams can be exported and imported by an Arn token.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[eladb]

Looks 🥇 - minor fixes and merge!

[eladb]

add tslint.json (new)

[eladb]

It might be redundant to describe this idiom in every README.

@Doug-AWS can you create a doc topic on "importing and exporting constructs across stacks" and have that content there?

[eladb]

To improve the readability at the call site, I would bundle these into an interface:

grant(identity: IIdentityResource, actions: { streamActions: string[], keyActions: string[] }) {
  // ...
}

Then, the call site will look like this:

grant(role, { 
  streamActions: [ ... ], 
  keyActions: [ ... ]
});

[eladb]

Remove for now, we will introduce tags across the board (#91)

[eladb]

#92

[eladb]

Streams should also implement IEventRuleTarget so they can be used as a target for CloudWatch event rules.

Take a look at the events framework.

[sam-goodwin]

From what I can understand, IEventRuleTarget is required so events can be routed to the kinesis stream. Having a StreamRef implement the interface means the IAM Role and Partition Key JSON path would have to be the same for all events using this stream as a target. Perhaps we need a method to create the IEventRuleTarget from the StreamRef instead of having the stream implement it by default? stream.consumeEvent(..) ..

I also need to add support for AWS::Lambda::EventSourceMapping so it's easy to attach a function to it. Would this belong in the stream package or lambda? stream.attachFunction(..) vs lambda.streamEventSource(streamRef, ..))

[eladb]

From what I can understand, IEventRuleTarget is required so events can be routed to the kinesis stream. Having a StreamRef implement the interface means the IAM Role and Partition Key JSON path would have to be the same for all events using this stream as a target. Perhaps we need a method to create the IEventRuleTarget from the StreamRef instead of having the stream implement it by default? stream.consumeEvent(..) ..

That's interesting and sounds like a the design of our CWE programming model. The ability to include a specifier when adding a target sounds like something we should add to the framework and not special-case for Kinesis. Let's punt that to a subsequent PR and discuss over as issue. Can you open one?

I also need to add support for AWS::Lambda::EventSourceMapping so it's easy to attach a function to it. Would this belong in the stream package or lambda? stream.attachFunction(..) vs lambda.streamEventSource(streamRef, ..))

It should probably be layered. Lambda should have a polymorphic method (i.e. anything that implements ILambdaEventSource):

lambda.addEventSource(source)

And then, StreamRef should have:

stream.attachToLambda(lambda) // or streamToLambda or invokeLambda, use the same terminology as the one in Kinesis docs?

Which will Do The Right Thing:

1. Call addEventSource
2. Any permissions are needed as well, or the event source is sufficient?

[eladb]

Great job, looks awesome!