aws-iot-kinesisfirehose-s3 - AWS Solutions Constructs


All classes are under active development and subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Language Package

This AWS Solutions Construct implements an AWS IoT MQTT topic rule to send data to an Amazon Kinesis Data Firehose delivery stream connected to an Amazon S3 bucket.

Here is a minimal deployable pattern definition in TypeScript:

import { IotToKinesisFirehoseToS3Props, IotToKinesisFirehoseToS3 } from '@aws-solutions-constructs/aws-iot-kinesisfirehose-s3'; const props: IotToKinesisFirehoseToS3Props = { iotTopicRuleProps: { topicRulePayload: { ruleDisabled: false, description: "Persistent storage of connected vehicle telematics data", sql: "SELECT * FROM 'connectedcar/telemetry/#'", actions: [] } } }; new IotToKinesisFirehoseToS3(this, 'test-iot-firehose-s3', props);


new IotToKinesisFirehoseToS3(scope: Construct, id: string, props: IotToKinesisFirehoseToS3Props);


Pattern Construct Props

Name Type Description
iotTopicRuleProps iot.CfnTopicRuleProps User provided CfnTopicRuleProps to override the defaults
kinesisFirehoseProps? kinesisfirehose.CfnDeliveryStreamProps Optional user provided props to override the default props for Kinesis Firehose Delivery Stream
existingBucketObj? s3.Bucket An optional, existing bucket to be used instead of the default bucket. If an existing bucket is provided, the bucketProps property will be ignored.
bucketProps? s3.BucketProps Optional user-provided properties to override the default properties for the bucket. Ignored if an existingBucketObj is provided.
logGroupProps? logs.LogGroupProps Optional user-provided props to override the default props for the CloudWatch Logs log group.

Pattern Properties

Name Type Description
iotActionsRole iam.Role Returns an instance of the IAM role created by the pattern for the IoT rule.
iotTopicRule iot.CfnTopicRule Returns an instance of the IoT topic rule created by the pattern.
kinesisFirehose kinesisfirehose.CfnDeliveryStream Returns an instance of the Kinesis Firehose delivery stream created by the pattern.
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the log group created by the pattern that Kinesis Firehose access logs are sent to.
kinesisFirehoseRole iam.Role Returns an instance of the IAM role created by the pattern for the Kinesis Firehose delivery stream.
s3Bucket? s3.Bucket Returns an instance of the S3 bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of the logging bucket created by the pattern for the S3 bucket.

Default settings

Out-of-the-box implementation of this pattern without any overrides will set the following defaults:

Amazon IoT Rule

  • Configure least privilege access IAM role for Amazon IoT

Amazon Kinesis Firehose

  • Enable CloudWatch logging for Kinesis Firehose

  • Configure least privilege access IAM role for Amazon Kinesis Firehose

Amazon S3 Bucket

  • Configure Access logging for S3 Bucket

  • Enable server-side encryption for S3 Bucket using AWS managed KMS Key

  • Turn on the versioning for S3 Bucket

  • Don't allow public access for S3 Bucket

  • Retain the S3 Bucket when deleting the CloudFormation stack

  • Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days



To view the code for this pattern, create/view issues and pull requests, and more: