CreateDeliveryStream - Amazon Data Firehose


Creates a Firehose delivery stream.

By default, you can create up to 50 delivery streams per AWS Region.

This is an asynchronous operation that immediately returns. The initial status of the delivery stream is CREATING. After the delivery stream is created, its status is ACTIVE and it now accepts data. If the delivery stream creation fails, the status transitions to CREATING_FAILED. Attempts to send data to a delivery stream that is not in the ACTIVE state cause an exception. To check the state of a delivery stream, use DescribeDeliveryStream.

If the status of a delivery stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it.

A Firehose delivery stream can be configured to receive records directly from providers using PutRecord or PutRecordBatch, or it can be configured to use an existing Kinesis stream as its source. To specify a Kinesis data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource, and provide the Kinesis stream Amazon Resource Name (ARN) and role ARN in the KinesisStreamSourceConfiguration parameter.

To create a delivery stream with server-side encryption (SSE) enabled, include DeliveryStreamEncryptionConfigurationInput in your request. This is optional. You can also invoke StartDeliveryStreamEncryption to turn on SSE for an existing delivery stream that doesn't have SSE enabled.

A delivery stream is configured with a single destination, such as Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon OpenSearch Service, Amazon OpenSearch Serverless, Splunk, and any custom HTTP endpoint or HTTP endpoints owned by or supported by third-party service providers, including Datadog, Dynatrace, LogicMonitor, MongoDB, New Relic, and Sumo Logic. You must specify only one of the following destination configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration, ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration, or SplunkDestinationConfiguration.

When you specify S3DestinationConfiguration, you can also provide the following optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat. By default, if no BufferingHints value is provided, Firehose buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied first. BufferingHints is a hint, so there are some cases where the service cannot adhere to these conditions strictly. For example, record boundaries might be such that the size is a little over or under the configured buffering size. By default, no encryption is performed. We strongly recommend that you enable encryption to ensure secure data storage in Amazon S3.

A few notes about Amazon Redshift as a destination:

  • An Amazon Redshift destination requires an S3 bucket as intermediate location. Firehose first delivers data to Amazon S3 and then uses COPY syntax to load data into an Amazon Redshift table. This is specified in the RedshiftDestinationConfiguration.S3Configuration parameter.

  • The compression formats SNAPPY or ZIP cannot be specified in RedshiftDestinationConfiguration.S3Configuration because the Amazon Redshift COPY operation that reads from the S3 bucket doesn't support these compression formats.

  • We strongly recommend that you use the user name and password you provide exclusively with Firehose, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.

Firehose assumes the IAM role that is configured as part of the destination. The role should allow the Firehose principal to assume the role, and the role should have permissions that allow the service to deliver the data. For more information, see Grant Firehose Access to an Amazon S3 Destination in the Amazon Firehose Developer Guide.

Request Syntax

{ "AmazonOpenSearchServerlessDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CollectionEndpoint": "string", "IndexName": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "VpcConfiguration": { "RoleARN": "string", "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ] } }, "AmazonopensearchserviceDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ClusterEndpoint": "string", "DocumentIdOptions": { "DefaultDocumentIdFormat": "string" }, "DomainARN": "string", "IndexName": "string", "IndexRotationPeriod": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "TypeName": "string", "VpcConfiguration": { "RoleARN": "string", "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ] } }, "DeliveryStreamEncryptionConfigurationInput": { "KeyARN": "string", "KeyType": "string" }, "DeliveryStreamName": "string", "DeliveryStreamType": "string", "ElasticsearchDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ClusterEndpoint": "string", "DocumentIdOptions": { "DefaultDocumentIdFormat": "string" }, "DomainARN": "string", "IndexName": "string", "IndexRotationPeriod": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "TypeName": "string", "VpcConfiguration": { "RoleARN": "string", "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ] } }, "ExtendedS3DestinationConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "CustomTimeZone": "string", "DataFormatConversionConfiguration": { "Enabled": boolean, "InputFormatConfiguration": { "Deserializer": { "HiveJsonSerDe": { "TimestampFormats": [ "string" ] }, "OpenXJsonSerDe": { "CaseInsensitive": boolean, "ColumnToJsonKeyMappings": { "string" : "string" }, "ConvertDotsInJsonKeysToUnderscores": boolean } } }, "OutputFormatConfiguration": { "Serializer": { "OrcSerDe": { "BlockSizeBytes": number, "BloomFilterColumns": [ "string" ], "BloomFilterFalsePositiveProbability": number, "Compression": "string", "DictionaryKeyThreshold": number, "EnablePadding": boolean, "FormatVersion": "string", "PaddingTolerance": number, "RowIndexStride": number, "StripeSizeBytes": number }, "ParquetSerDe": { "BlockSizeBytes": number, "Compression": "string", "EnableDictionaryCompression": boolean, "MaxPaddingBytes": number, "PageSizeBytes": number, "WriterVersion": "string" } } }, "SchemaConfiguration": { "CatalogId": "string", "DatabaseName": "string", "Region": "string", "RoleARN": "string", "TableName": "string", "VersionId": "string" } }, "DynamicPartitioningConfiguration": { "Enabled": boolean, "RetryOptions": { "DurationInSeconds": number } }, "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "FileExtension": "string", "Prefix": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RoleARN": "string", "S3BackupConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "S3BackupMode": "string" }, "HttpEndpointDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "EndpointConfiguration": { "AccessKey": "string", "Name": "string", "Url": "string" }, "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RequestConfiguration": { "CommonAttributes": [ { "AttributeName": "string", "AttributeValue": "string" } ], "ContentEncoding": "string" }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" } }, "KinesisStreamSourceConfiguration": { "KinesisStreamARN": "string", "RoleARN": "string" }, "MSKSourceConfiguration": { "AuthenticationConfiguration": { "Connectivity": "string", "RoleARN": "string" }, "MSKClusterARN": "string", "TopicName": "string" }, "RedshiftDestinationConfiguration": { "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ClusterJDBCURL": "string", "CopyCommand": { "CopyOptions": "string", "DataTableColumns": "string", "DataTableName": "string" }, "Password": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" }, "Username": "string" }, "S3DestinationConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SnowflakeDestinationConfiguration": { "AccountUrl": "string", "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ContentColumnName": "string", "Database": "string", "DataLoadingOption": "string", "KeyPassphrase": "string", "MetaDataColumnName": "string", "PrivateKey": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "Schema": "string", "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" }, "SnowflakeRoleConfiguration": { "Enabled": boolean, "SnowflakeRole": "string" }, "SnowflakeVpcConfiguration": { "PrivateLinkVpceId": "string" }, "Table": "string", "User": "string" }, "SplunkDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "HECAcknowledgmentTimeoutInSeconds": number, "HECEndpoint": "string", "HECEndpointType": "string", "HECToken": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" } }, "Tags": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

The request accepts the following data in JSON format.


The destination in the Serverless offering for Amazon OpenSearch Service. You can specify only one destination.

Type: AmazonOpenSearchServerlessDestinationConfiguration object

Required: No


The destination in Amazon OpenSearch Service. You can specify only one destination.

Type: AmazonopensearchserviceDestinationConfiguration object

Required: No


Used to specify the type and Amazon Resource Name (ARN) of the KMS key needed for Server-Side Encryption (SSE).

Type: DeliveryStreamEncryptionConfigurationInput object

Required: No


The name of the delivery stream. This name must be unique per AWS account in the same AWS Region. If the delivery streams are in different accounts or different Regions, you can have multiple delivery streams with the same name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [a-zA-Z0-9_.-]+

Required: Yes


The delivery stream type. This parameter can be one of the following values:

  • DirectPut: Provider applications access the delivery stream directly.

  • KinesisStreamAsSource: The delivery stream uses a Kinesis data stream as a source.

Type: String

Valid Values: DirectPut | KinesisStreamAsSource | MSKAsSource

Required: No


The destination in Amazon ES. You can specify only one destination.

Type: ElasticsearchDestinationConfiguration object

Required: No


The destination in Amazon S3. You can specify only one destination.

Type: ExtendedS3DestinationConfiguration object

Required: No


Enables configuring Kinesis Firehose to deliver data to any HTTP endpoint destination. You can specify only one destination.

Type: HttpEndpointDestinationConfiguration object

Required: No


When a Kinesis data stream is used as the source for the delivery stream, a KinesisStreamSourceConfiguration containing the Kinesis data stream Amazon Resource Name (ARN) and the role ARN for the source stream.

Type: KinesisStreamSourceConfiguration object

Required: No


The configuration for the Amazon MSK cluster to be used as the source for a delivery stream.

Type: MSKSourceConfiguration object

Required: No


The destination in Amazon Redshift. You can specify only one destination.

Type: RedshiftDestinationConfiguration object

Required: No


[Deprecated] The destination in Amazon S3. You can specify only one destination.

Type: S3DestinationConfiguration object

Required: No


Configure Snowflake destination

Type: SnowflakeDestinationConfiguration object

Required: No


The destination in Splunk. You can specify only one destination.

Type: SplunkDestinationConfiguration object

Required: No


A set of tags to assign to the delivery stream. A tag is a key-value pair that you can define and assign to AWS resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide.

You can specify up to 50 tags when creating a delivery stream.

If you specify tags in the CreateDeliveryStream action, Amazon Data Firehose performs an additional authorization on the firehose:TagDeliveryStream action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose delivery streams with IAM resource tags will fail with an AccessDeniedException such as following.


User: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.

For an example IAM policy, see Tag example.

Type: Array of Tag objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

Response Syntax

{ "DeliveryStreamARN": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The ARN of the delivery stream.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: arn:.*


For information about the errors that are common to all actions, see Common Errors.


The specified input parameter has a value that is not valid.

HTTP Status Code: 400


Firehose throws this exception when an attempt to put records or to start or stop delivery stream encryption fails. This happens when the KMS service throws one of the following exception types: AccessDeniedException, InvalidStateException, DisabledException, or NotFoundException.

HTTP Status Code: 400


You have already reached the limit for a requested resource.

HTTP Status Code: 400


The resource is already in use and not available for this operation.

HTTP Status Code: 400



The following JSON example creates a delivery stream named exampleStreamName with an Amazon S3 destination. To use this example, first replace the placeholders for the RoleARN and BucketARN keys with valid strings. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.

Sample Request

POST / HTTP/1.1 Host: firehose.<region>.<domain> Content-Length: <PayloadSizeBytes> User-Agent: <UserAgentString> Content-Type: application/x-amz-json-1.1 Authorization: <AuthParams> Connection: Keep-Alive X-Amz-Date: <Date> X-Amz-Target: Firehose_20150804.CreateDeliveryStream { "DeliveryStreamName": "exampleStreamName", "S3DestinationConfiguration": { "RoleARN": "insert-role-ARN", "BucketARN": "insert-bucket-ARN", "BufferingHints": { "SizeInMBs": 3, "IntervalInSeconds": 60 }, "CompressionFormat": "ZIP" } }

Sample Response

HTTP/1.1 200 OK x-amzn-RequestId: <RequestId> Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes> Date: <Date> { "DeliveryStreamARN": "arn:aws:firehose:us-east-1:814985986679:deliverystream/exampleStreamName" }

Example IAM policy to create a delivery stream and apply tags

The following example demonstrates a policy that allows users to create a delivery stream and apply tags.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "firehose:CreateDeliveryStream", "Resource": "*", } }, { "Effect": "Allow", "Action": "firehose:TagDeliveryStream", "Resource": "*", } } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: