aws-kinesisstreams-kinesisfirehose-s3 - AWS Solutions Constructs
OverviewPattern Construct PropsPattern PropertiesDefault settingsArchitectureGitHub

aws-kinesisstreams-kinesisfirehose-s3

Language Package
Python Logo Python aws_solutions_constructs.aws_kinesisstreams_kinesisfirehose_s3
Typescript Logo Typescript @aws-solutions-constructs/aws-kinesis-streams-kinesis-firehose-s3
Java Logo Java software.amazon.awsconstructs.services.kinesisstreamskinesisfirehoses3

Overview

This AWS Solutions Construct implements an Amazon Kinesis Data Stream (KDS) connected to Amazon Kinesis Data Firehose (KDF) delivery stream connected to an Amazon S3 bucket.

Here is a minimal deployable pattern definition:

Typescript

import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { KinesisStreamsToKinesisFirehoseToS3 } from '@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3';

new KinesisStreamsToKinesisFirehoseToS3(this, 'test-stream-firehose-s3', {});
Python

from aws_solutions_constructs.aws_kinesis_streams_kinesis_firehose_s3 import KinesisStreamsToKinesisFirehoseToS3
from aws_cdk import Stack
from constructs import Construct

KinesisStreamsToKinesisFirehoseToS3(self, 'test_stream_firehose_s3')
Java

import software.constructs.Construct;

import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awsconstructs.services.kinesisstreamskinesisfirehoses3.*;

new KinesisStreamsToKinesisFirehoseToS3(this, "test_stream_firehose_s3", new KinesisStreamsToKinesisFirehoseToS3Props.Builder()
        .build());

Pattern Construct Props

Name Type Description
bucketProps? s3.BucketProps Optional user provided props to override the default props for the S3 Bucket.
createCloudWatchAlarms? boolean Optional whether to create recommended CloudWatch alarms.
existingBucketObj? s3.IBucket Optional existing instance of S3 Bucket object. If this is provided, then also providing bucketProps is an error.
existingLoggingBucketObj? s3.IBucket Optional existing instance of logging S3 Bucket object for the S3 Bucket created by the pattern.
existingStreamObj? kinesis.Stream Optional existing instance of Kinesis Stream, providing both this and kinesisStreamProps will cause an error.
kinesisFirehoseProps? kinesisfirehose.CfnDeliveryStreamProps|any Optional user provided props to override the default props for Kinesis Firehose Delivery Stream.
kinesisStreamProps? kinesis.StreamProps Optional user-provided props to override the default props for the Kinesis stream.
logGroupProps? logs.LogGroupProps Optional user provided props to override the default props for for the CloudWatchLogs LogGroup.
loggingBucketProps? s3.BucketProps Optional user provided props to override the default props for the S3 Logging Bucket.
logS3AccessLogs? boolean Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true

Pattern Properties

Name Type Description
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of cloudwatch.Alarm created by the construct
kinesisFirehose kinesisfirehose.CfnDeliveryStream Returns an instance of kinesisfirehose.CfnDeliveryStream created by the construct
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the logs.LogGroup created by the construct for Kinesis Data Firehose delivery stream
kinesisFirehoseRole iam.Role Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream
kinesisStream kinesis.Stream Returns an instance of the Kinesis stream created by the pattern
kinesisStreamRole iam.Role Returns an instance of the iam.Role created by the construct for Kinesis stream
s3Bucket? s3.Bucket Returns an instance of s3.Bucket created by the construct
s3LoggingBucket? s3.Bucket Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket
s3BucketInterface s3.IBucket Returns an instance of s3.IBucket created by the construct

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon Kinesis Stream

  • Configure least privilege access IAM role for Kinesis Stream

  • Enable server-side encryption for Kinesis Stream using AWS Managed KMS Key

  • Deploy best practices CloudWatch Alarms for the Kinesis Stream

Amazon Kinesis Firehose

  • Enable CloudWatch logging for Kinesis Firehose

  • Configure least privilege access IAM role for Amazon Kinesis Firehose

Amazon S3 Bucket

  • Configure Access logging for S3 Bucket

  • Enable server-side encryption for S3 Bucket using AWS managed KMS Key

  • Enforce encryption of data in transit

  • Turn on the versioning for S3 Bucket

  • Don’t allow public access for S3 Bucket

  • Retain the S3 Bucket when deleting the CloudFormation stack

  • Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days

Architecture

GitHub

To view the code for this pattern, create/view issues and pull requests, and more:
@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3