Amazon Kinesis Data Streams now supports tagging and Attribute-Based Access Control for consumers

Today, Amazon Kinesis Data Streams introduces support for tagging and Attribute-Based Access Control (ABAC) for enhanced fan-out consumers. You can register enhanced fan-out consumers to have dedicated low latency read throughput per shard, up to 2MB/s. ABAC is an authorization strategy that defines access permissions based on tags that can be attached to IAM users, roles, and AWS resources for fine-grained access control. This new feature enables you to apply tags for allocating costs and simplifying permission management for your enhanced fan-out consumers. With this launch, you can now tag your enhanced fan-out consumers used by different business units to track and allocate costs in AWS Cost Explorer without manually tracking costs per consumer. You can apply tags to enhanced fan-out consumers using the Kinesis Data Streams API or AWS Command Line Interface (CLI). Additionally, ABAC support for enhanced fan-out consumers allows you to use IAM policies to allow or deny specific Kinesis Data Streams API actions when the IAM principal's tags match the tags on a registered consumer. Tagging and Attribute-Based Access Control for enhanced fan-out consumers are available in all [AWS Regions](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/), including the AWS China and AWS GovCloud (US) Regions. To learn more about tagging and ABAC support for consumers, see [Tag your resources](https://docs.aws.amazon.com/streams/latest/dev/tagging.html) and [Attribute-Based Access Control (ABAC) for AWS](https://aws.amazon.com/identity/attribute-based-access-control/).