aws-kinesisstreams-kinesisfirehose-s3
| Reference Documentation: | https://docs.aws.amazon.com/solutions/latest/constructs/ |
| Language | Package |
|---|---|
|
|
|
|
|
|
|
|
|
Overview
This AWS Solutions Construct implements an Amazon Kinesis Data Stream (KDS) connected to Amazon Kinesis Data Firehose (KDF) delivery stream connected to an Amazon S3 bucket.
Here is a minimal deployable pattern definition:
Pattern Construct Props
| Name | Type | Description |
|---|---|---|
|
bucketProps? |
Optional user provided props to override the default props for the S3 Bucket. |
|
|
createCloudWatchAlarms? |
|
Optional whether to create recommended CloudWatch alarms. |
|
existingBucketObj? |
Optional existing instance of S3 Bucket object. If this is provided, then also providing bucketProps is an error. |
|
|
existingLoggingBucketObj? |
Optional existing instance of logging S3 Bucket object for the S3 Bucket created by the pattern. |
|
|
existingStreamObj? |
Optional existing instance of Kinesis Stream, providing both this and
|
|
|
kinesisFirehoseProps? |
Optional user provided props to override the default props for Kinesis Firehose Delivery Stream. |
|
|
kinesisStreamProps? |
Optional user-provided props to override the default props for the Kinesis stream. |
|
|
logGroupProps? |
Optional user provided props to override the default props for for the CloudWatchLogs LogGroup. |
|
|
loggingBucketProps? |
Optional user provided props to override the default props for the S3 Logging Bucket. |
|
|
logS3AccessLogs? |
boolean |
Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true |
Pattern Properties
| Name | Type | Description |
|---|---|---|
|
cloudwatchAlarms? |
Returns a list of cloudwatch.Alarm created by the construct |
|
|
kinesisFirehose |
Returns an instance of kinesisfirehose.CfnDeliveryStream created by the construct |
|
|
kinesisFirehoseLogGroup |
Returns an instance of the logs.LogGroup created by the construct for Kinesis Data Firehose delivery stream |
|
|
kinesisFirehoseRole |
Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream |
|
|
kinesisStream |
Returns an instance of the Kinesis stream created by the pattern |
|
|
kinesisStreamRole |
Returns an instance of the iam.Role created by the construct for Kinesis stream |
|
|
s3Bucket? |
Returns an instance of s3.Bucket created by the construct |
|
|
s3LoggingBucket? |
Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket |
|
|
s3BucketInterface |
Returns an instance of s3.IBucket created by the construct |
Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
Amazon Kinesis Stream
-
Configure least privilege access IAM role for Kinesis Stream
-
Enable server-side encryption for Kinesis Stream using AWS Managed KMS Key
-
Deploy best practices CloudWatch Alarms for the Kinesis Stream
Amazon Kinesis Firehose
-
Enable CloudWatch logging for Kinesis Firehose
-
Configure least privilege access IAM role for Amazon Kinesis Firehose
Amazon S3 Bucket
-
Configure Access logging for S3 Bucket
-
Enable server-side encryption for S3 Bucket using AWS managed KMS Key
-
Enforce encryption of data in transit
-
Turn on the versioning for S3 Bucket
-
Don’t allow public access for S3 Bucket
-
Retain the S3 Bucket when deleting the CloudFormation stack
-
Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Architecture
Github
Go to the Github repo
