CreateDeliveryStream - Amazon Data Firehose

CreateDeliveryStream

Creates a Firehose stream.

By default, you can create up to 50 Firehose streams per AWS Region.

This is an asynchronous operation that immediately returns. The initial status of the Firehose stream is CREATING. After the Firehose stream is created, its status is ACTIVE and it now accepts data. If the Firehose stream creation fails, the status transitions to CREATING_FAILED. Attempts to send data to a delivery stream that is not in the ACTIVE state cause an exception. To check the state of a Firehose stream, use DescribeDeliveryStream.

If the status of a Firehose stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it.

A Firehose stream can be configured to receive records directly from providers using PutRecord or PutRecordBatch, or it can be configured to use an existing Kinesis stream as its source. To specify a Kinesis data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource, and provide the Kinesis stream Amazon Resource Name (ARN) and role ARN in the KinesisStreamSourceConfiguration parameter.

To create a Firehose stream with server-side encryption (SSE) enabled, include DeliveryStreamEncryptionConfigurationInput in your request. This is optional. You can also invoke StartDeliveryStreamEncryption to turn on SSE for an existing Firehose stream that doesn't have SSE enabled.

A Firehose stream is configured with a single destination, such as Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon OpenSearch Service, Amazon OpenSearch Serverless, Splunk, and any custom HTTP endpoint or HTTP endpoints owned by or supported by third-party service providers, including Datadog, Dynatrace, LogicMonitor, MongoDB, New Relic, and Sumo Logic. You must specify only one of the following destination configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration, ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration, or SplunkDestinationConfiguration.

When you specify S3DestinationConfiguration, you can also provide the following optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat. By default, if no BufferingHints value is provided, Firehose buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied first. BufferingHints is a hint, so there are some cases where the service cannot adhere to these conditions strictly. For example, record boundaries might be such that the size is a little over or under the configured buffering size. By default, no encryption is performed. We strongly recommend that you enable encryption to ensure secure data storage in Amazon S3.

A few notes about Amazon Redshift as a destination:

  • An Amazon Redshift destination requires an S3 bucket as intermediate location. Firehose first delivers data to Amazon S3 and then uses COPY syntax to load data into an Amazon Redshift table. This is specified in the RedshiftDestinationConfiguration.S3Configuration parameter.

  • The compression formats SNAPPY or ZIP cannot be specified in RedshiftDestinationConfiguration.S3Configuration because the Amazon Redshift COPY operation that reads from the S3 bucket doesn't support these compression formats.

  • We strongly recommend that you use the user name and password you provide exclusively with Firehose, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.

Firehose assumes the IAM role that is configured as part of the destination. The role should allow the Firehose principal to assume the role, and the role should have permissions that allow the service to deliver the data. For more information, see Grant Firehose Access to an Amazon S3 Destination in the Amazon Firehose Developer Guide.

Request Syntax

{ "AmazonOpenSearchServerlessDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CollectionEndpoint": "string", "IndexName": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "VpcConfiguration": { "RoleARN": "string", "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ] } }, "AmazonopensearchserviceDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ClusterEndpoint": "string", "DocumentIdOptions": { "DefaultDocumentIdFormat": "string" }, "DomainARN": "string", "IndexName": "string", "IndexRotationPeriod": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "TypeName": "string", "VpcConfiguration": { "RoleARN": "string", "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ] } }, "DeliveryStreamEncryptionConfigurationInput": { "KeyARN": "string", "KeyType": "string" }, "DeliveryStreamName": "string", "DeliveryStreamType": "string", "ElasticsearchDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ClusterEndpoint": "string", "DocumentIdOptions": { "DefaultDocumentIdFormat": "string" }, "DomainARN": "string", "IndexName": "string", "IndexRotationPeriod": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "TypeName": "string", "VpcConfiguration": { "RoleARN": "string", "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ] } }, "ExtendedS3DestinationConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "CustomTimeZone": "string", "DataFormatConversionConfiguration": { "Enabled": boolean, "InputFormatConfiguration": { "Deserializer": { "HiveJsonSerDe": { "TimestampFormats": [ "string" ] }, "OpenXJsonSerDe": { "CaseInsensitive": boolean, "ColumnToJsonKeyMappings": { "string" : "string" }, "ConvertDotsInJsonKeysToUnderscores": boolean } } }, "OutputFormatConfiguration": { "Serializer": { "OrcSerDe": { "BlockSizeBytes": number, "BloomFilterColumns": [ "string" ], "BloomFilterFalsePositiveProbability": number, "Compression": "string", "DictionaryKeyThreshold": number, "EnablePadding": boolean, "FormatVersion": "string", "PaddingTolerance": number, "RowIndexStride": number, "StripeSizeBytes": number }, "ParquetSerDe": { "BlockSizeBytes": number, "Compression": "string", "EnableDictionaryCompression": boolean, "MaxPaddingBytes": number, "PageSizeBytes": number, "WriterVersion": "string" } } }, "SchemaConfiguration": { "CatalogId": "string", "DatabaseName": "string", "Region": "string", "RoleARN": "string", "TableName": "string", "VersionId": "string" } }, "DynamicPartitioningConfiguration": { "Enabled": boolean, "RetryOptions": { "DurationInSeconds": number } }, "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "FileExtension": "string", "Prefix": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RoleARN": "string", "S3BackupConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "S3BackupMode": "string" }, "HttpEndpointDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "EndpointConfiguration": { "AccessKey": "string", "Name": "string", "Url": "string" }, "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RequestConfiguration": { "CommonAttributes": [ { "AttributeName": "string", "AttributeValue": "string" } ], "ContentEncoding": "string" }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" } }, "IcebergDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CatalogConfiguration": { "CatalogARN": "string" }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "DestinationTableConfigurationList": [ { "DestinationDatabaseName": "string", "DestinationTableName": "string", "S3ErrorOutputPrefix": "string", "UniqueKeys": [ "string" ] } ], "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" } }, "KinesisStreamSourceConfiguration": { "KinesisStreamARN": "string", "RoleARN": "string" }, "MSKSourceConfiguration": { "AuthenticationConfiguration": { "Connectivity": "string", "RoleARN": "string" }, "MSKClusterARN": "string", "ReadFromTimestamp": number, "TopicName": "string" }, "RedshiftDestinationConfiguration": { "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ClusterJDBCURL": "string", "CopyCommand": { "CopyOptions": "string", "DataTableColumns": "string", "DataTableName": "string" }, "Password": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" }, "Username": "string" }, "S3DestinationConfiguration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SnowflakeDestinationConfiguration": { "AccountUrl": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "ContentColumnName": "string", "Database": "string", "DataLoadingOption": "string", "KeyPassphrase": "string", "MetaDataColumnName": "string", "PrivateKey": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "RoleARN": "string", "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "Schema": "string", "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" }, "SnowflakeRoleConfiguration": { "Enabled": boolean, "SnowflakeRole": "string" }, "SnowflakeVpcConfiguration": { "PrivateLinkVpceId": "string" }, "Table": "string", "User": "string" }, "SplunkDestinationConfiguration": { "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "HECAcknowledgmentTimeoutInSeconds": number, "HECEndpoint": "string", "HECEndpointType": "string", "HECToken": "string", "ProcessingConfiguration": { "Enabled": boolean, "Processors": [ { "Parameters": [ { "ParameterName": "string", "ParameterValue": "string" } ], "Type": "string" } ] }, "RetryOptions": { "DurationInSeconds": number }, "S3BackupMode": "string", "S3Configuration": { "BucketARN": "string", "BufferingHints": { "IntervalInSeconds": number, "SizeInMBs": number }, "CloudWatchLoggingOptions": { "Enabled": boolean, "LogGroupName": "string", "LogStreamName": "string" }, "CompressionFormat": "string", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": "string" }, "NoEncryptionConfig": "string" }, "ErrorOutputPrefix": "string", "Prefix": "string", "RoleARN": "string" }, "SecretsManagerConfiguration": { "Enabled": boolean, "RoleARN": "string", "SecretARN": "string" } }, "Tags": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

The request accepts the following data in JSON format.

AmazonOpenSearchServerlessDestinationConfiguration

The destination in the Serverless offering for Amazon OpenSearch Service. You can specify only one destination.

Type: AmazonOpenSearchServerlessDestinationConfiguration object

Required: No

AmazonopensearchserviceDestinationConfiguration

The destination in Amazon OpenSearch Service. You can specify only one destination.

Type: AmazonopensearchserviceDestinationConfiguration object

Required: No

DeliveryStreamEncryptionConfigurationInput

Used to specify the type and Amazon Resource Name (ARN) of the KMS key needed for Server-Side Encryption (SSE).

Type: DeliveryStreamEncryptionConfigurationInput object

Required: No

DeliveryStreamName

The name of the Firehose stream. This name must be unique per AWS account in the same AWS Region. If the Firehose streams are in different accounts or different Regions, you can have multiple Firehose streams with the same name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [a-zA-Z0-9_.-]+

Required: Yes

DeliveryStreamType

The Firehose stream type. This parameter can be one of the following values:

  • DirectPut: Provider applications access the Firehose stream directly.

  • KinesisStreamAsSource: The Firehose stream uses a Kinesis data stream as a source.

Type: String

Valid Values: DirectPut | KinesisStreamAsSource | MSKAsSource

Required: No

ElasticsearchDestinationConfiguration

The destination in Amazon OpenSearch Service. You can specify only one destination.

Type: ElasticsearchDestinationConfiguration object

Required: No

ExtendedS3DestinationConfiguration

The destination in Amazon S3. You can specify only one destination.

Type: ExtendedS3DestinationConfiguration object

Required: No

HttpEndpointDestinationConfiguration

Enables configuring Kinesis Firehose to deliver data to any HTTP endpoint destination. You can specify only one destination.

Type: HttpEndpointDestinationConfiguration object

Required: No

IcebergDestinationConfiguration

Configure Apache Iceberg Tables destination.

Type: IcebergDestinationConfiguration object

Required: No

KinesisStreamSourceConfiguration

When a Kinesis data stream is used as the source for the Firehose stream, a KinesisStreamSourceConfiguration containing the Kinesis data stream Amazon Resource Name (ARN) and the role ARN for the source stream.

Type: KinesisStreamSourceConfiguration object

Required: No

MSKSourceConfiguration

The configuration for the Amazon MSK cluster to be used as the source for a delivery stream.

Type: MSKSourceConfiguration object

Required: No

RedshiftDestinationConfiguration

The destination in Amazon Redshift. You can specify only one destination.

Type: RedshiftDestinationConfiguration object

Required: No

S3DestinationConfiguration

[Deprecated] The destination in Amazon S3. You can specify only one destination.

Type: S3DestinationConfiguration object

Required: No

SnowflakeDestinationConfiguration

Configure Snowflake destination

Type: SnowflakeDestinationConfiguration object

Required: No

SplunkDestinationConfiguration

The destination in Splunk. You can specify only one destination.

Type: SplunkDestinationConfiguration object

Required: No

Tags

A set of tags to assign to the Firehose stream. A tag is a key-value pair that you can define and assign to AWS resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the Firehose stream. For more information about tags, see Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide.

You can specify up to 50 tags when creating a Firehose stream.

If you specify tags in the CreateDeliveryStream action, Amazon Data Firehose performs an additional authorization on the firehose:TagDeliveryStream action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose Firehose streams with IAM resource tags will fail with an AccessDeniedException such as following.

AccessDeniedException

User: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.

For an example IAM policy, see Tag example.

Type: Array of Tag objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

Response Syntax

{ "DeliveryStreamARN": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

DeliveryStreamARN

The ARN of the Firehose stream.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: arn:.*

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidArgumentException

The specified input parameter has a value that is not valid.

HTTP Status Code: 400

InvalidKMSResourceException

Firehose throws this exception when an attempt to put records or to start or stop Firehose stream encryption fails. This happens when the KMS service throws one of the following exception types: AccessDeniedException, InvalidStateException, DisabledException, or NotFoundException.

HTTP Status Code: 400

LimitExceededException

You have already reached the limit for a requested resource.

HTTP Status Code: 400

ResourceInUseException

The resource is already in use and not available for this operation.

HTTP Status Code: 400

Examples

Example

The following JSON example creates a Firehose stream named exampleStreamName with an Amazon S3 destination. To use this example, first replace the placeholders for the RoleARN and BucketARN keys with valid strings. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.

Sample Request

POST / HTTP/1.1 Host: firehose.<region>.<domain> Content-Length: <PayloadSizeBytes> User-Agent: <UserAgentString> Content-Type: application/x-amz-json-1.1 Authorization: <AuthParams> Connection: Keep-Alive X-Amz-Date: <Date> X-Amz-Target: Firehose_20150804.CreateDeliveryStream { "DeliveryStreamName": "exampleStreamName", "S3DestinationConfiguration": { "RoleARN": "insert-role-ARN", "BucketARN": "insert-bucket-ARN", "BufferingHints": { "SizeInMBs": 3, "IntervalInSeconds": 60 }, "CompressionFormat": "ZIP" } }

Sample Response

HTTP/1.1 200 OK x-amzn-RequestId: <RequestId> Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes> Date: <Date> { "DeliveryStreamARN": "arn:aws:firehose:us-east-1:814985986679:deliverystream/exampleStreamName" }

Example IAM policy to create a Firehose stream and apply tags

The following example demonstrates a policy that allows users to create a Firehose stream and apply tags.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "firehose:CreateDeliveryStream", "Resource": "*", } }, { "Effect": "Allow", "Action": "firehose:TagDeliveryStream", "Resource": "*", } } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: