From 3518de48e73b54caa638ae727ea0517afe4a5023 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20Miguel=20Mej=C3=ADa=20Su=C3=A1rez?=
 <BalmungSan@users.noreply.github.com>
Date: Thu, 25 Jul 2024 17:22:15 -0500
Subject: [PATCH 1/4] Fix Kinesis Stream EventBridge target

---
 .../aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts    | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts
index b0f33fbee5fc8..3859bf8a97e26 100644
--- a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts
+++ b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts
@@ -1,6 +1,5 @@
 import { singletonEventRole } from './util';
 import * as events from '../../aws-events';
-import * as iam from '../../aws-iam';
 import * as kinesis from '../../aws-kinesis';
 
 /**
@@ -46,10 +45,7 @@ export class KinesisStream implements events.IRuleTarget {
    */
   public bind(_rule: events.IRule, _id?: string): events.RuleTargetConfig {
     const role = singletonEventRole(this.stream);
-    role.addToPrincipalPolicy(new iam.PolicyStatement({
-      actions: ['kinesis:PutRecord', 'kinesis:PutRecords'],
-      resources: [this.stream.streamArn],
-    }));
+    this.stream.grantWrite(role)
 
     return {
       arn: this.stream.streamArn,

From bde2785b5cfae0b629130af3d36d6fab332cbce1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20Miguel=20Mej=C3=ADa=20Su=C3=A1rez?=
 <BalmungSan@users.noreply.github.com>
Date: Thu, 25 Jul 2024 17:51:04 -0500
Subject: [PATCH 2/4] Add missing semicolon

---
 packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts
index 3859bf8a97e26..081d34822b80b 100644
--- a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts
+++ b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-stream.ts
@@ -45,7 +45,7 @@ export class KinesisStream implements events.IRuleTarget {
    */
   public bind(_rule: events.IRule, _id?: string): events.RuleTargetConfig {
     const role = singletonEventRole(this.stream);
-    this.stream.grantWrite(role)
+    this.stream.grantWrite(role);
 
     return {
       arn: this.stream.streamArn,

From 8b01ed72e25fdc0fb9b90324c18855fa2aefada6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20Miguel=20Mej=C3=ADa=20Su=C3=A1rez?=
 <BalmungSan@users.noreply.github.com>
Date: Thu, 25 Jul 2024 18:42:11 -0500
Subject: [PATCH 3/4] Fix kinesis-stream.test.ts

---
 .../aws-events-targets/test/kinesis/kinesis-stream.test.ts    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts
index a16b007a193ff..df3bcb9b6d1e0 100644
--- a/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts
+++ b/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts
@@ -41,12 +41,12 @@ describe('KinesisStream event target', () => {
         });
       });
 
-      test("creates a policy that has PutRecord and PutRecords permissions on the stream's ARN", () => {
+      test("creates a policy that has PutRecord, PutRecords, and ListShards permissions on the stream's ARN", () => {
         Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
           PolicyDocument: {
             Statement: [
               {
-                Action: ['kinesis:PutRecord', 'kinesis:PutRecords'],
+                Action: ['kinesis:PutRecord', 'kinesis:PutRecords', 'kinesis:ListShards'],
                 Effect: 'Allow',
                 Resource: streamArn,
               },

From 9cbd3e1088c337df688e92662fe44d09df121f16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20Miguel=20Mej=C3=ADa=20Su=C3=A1rez?=
 <BalmungSan@users.noreply.github.com>
Date: Thu, 25 Jul 2024 19:01:00 -0500
Subject: [PATCH 4/4] Fix kinesis-stream.test.ts

---
 .../aws-events-targets/test/kinesis/kinesis-stream.test.ts    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts
index df3bcb9b6d1e0..115b5c4613152 100644
--- a/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts
+++ b/packages/aws-cdk-lib/aws-events-targets/test/kinesis/kinesis-stream.test.ts
@@ -41,12 +41,12 @@ describe('KinesisStream event target', () => {
         });
       });
 
-      test("creates a policy that has PutRecord, PutRecords, and ListShards permissions on the stream's ARN", () => {
+      test("creates a policy that has ListShards, PutRecord, and PutRecords permissions on the stream's ARN", () => {
         Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
           PolicyDocument: {
             Statement: [
               {
-                Action: ['kinesis:PutRecord', 'kinesis:PutRecords', 'kinesis:ListShards'],
+                Action: ['kinesis:ListShards', 'kinesis:PutRecord', 'kinesis:PutRecords'],
                 Effect: 'Allow',
                 Resource: streamArn,
               },