aws-kinesisfirehose-s3 - AWS Solutions Constructs


All classes are under active development and subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Language Package

This AWS Solutions Constructs pattern implements an Amazon Kinesis Data Firehose delivery stream connected to an Amazon S3 bucket.

Here is a minimal deployable pattern definition:

const { KinesisFirehoseToS3 } = require('@aws-solutions-constructs/aws-kinesisfirehose-s3'); new KinesisFirehoseToS3(stack, 'test-firehose-s3', {});


new KinesisFirehoseToS3(scope: Construct, id: string, props: KinesisFirehoseToS3Props);


Pattern Construct Props

Name Type Description
kinesisFirehoseProps? kinesisfirehose.CfnDeliveryStreamProps Optional user provided props to override the default props for Kinesis Firehose Delivery Stream
existingBucketObj? s3.Bucket An optional, existing bucket to be used instead of the default bucket. If an existing bucket is provided, the bucketProps property will be ignored.
bucketProps? s3.BucketProps Optional user-provided properties to override the default properties for the bucket. Ignored if an existingBucketObj is provided.

Pattern Properties

Name Type Description
kinesisFirehose kinesisfirehose.CfnDeliveryStream Returns an instance of the Kinesis Firehose delivery stream created by the pattern.
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the log group created by the pattern that Kinesis Firehose access logs are sent to.
kinesisFirehoseRole iam.Role Returns an instance of the IAM role created by the pattern for the Kinesis Firehose delivery stream.
s3Bucket s3.Bucket Returns an instance of the S3 bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of the logging bucket created by the pattern for the S3 bucket.

Default settings

Out-of-the-box implementation of this pattern without any overrides will set the following defaults:

Amazon Kinesis Firehose

  • Enable CloudWatch logging for Kinesis Firehose

  • Configure least privilege access IAM role for Amazon Kinesis Firehose

Amazon S3 Bucket

  • Configure Access logging for S3 Bucket

  • Enable server-side encryption for S3 Bucket using AWS managed KMS Key

  • Turn on the versioning for S3 Bucket

  • Don't allow public access for S3 Bucket

  • Retain the S3 Bucket when deleting the CloudFormation stack

  • Enforce encryption of data in transit