Skip to content

feat(kinesisfirehose): support HTTP endpoint destination #35969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat(kinesisfirehose): support HTTP endpoint destination #35969

wants to merge 4 commits into from
+66,889 −10

Conversation

@Tietew
Copy link
Contributor

@Tietew Tietew commented Nov 6, 2025
edited
Loading

Issue # (if applicable)

Closes #15502.
Closes #33585.

Reason for this change

Amazon Data Firehose delivery stream can deliver records to a custom HTTP endpoint destination.
Some destinations, e.g. Colalogix, Datadog, New Relic, etc., are based on HTTP endpoint destination.

See also:

Description of changes

Added the HttpEndpoint destination class.

Usage:

const httpDestination = new firehose.HttpEndpoint({
  // Endpoint configuration
  url: 'https://example.com/',
  name: 'MyEndpointName', // The endpoint name - optional
  // Authentication - optional
  accessKey: 'my-access-key', // Access key
  secretsManager: { secret }, // Secret from AWS Secrets Manager
  // Request configuration - optional
  parameters: {
    'eployment-context': 'pre-prod-gamma',
  },
  contentEncoding: firehose.ContentEncoding.GZIP,
  retryDuration: Duration.minutes(60),
  bufferingInterval: Duration.seconds(300),
  bufferingSize: Size.mebibytes(5),
  // Data Processor - optional
  processors: [lambdaProcessor], // In management console, only one lambda processor is allowed
  // Logging configuration - optional
  loggingConfig: new firehose.LoggingEnabled(),
  // S3 backup configuration - optional
  s3Backup: {
    mode: firehose.BackupMode.FAILED, // default - backup failed records
    mode: firehose.BackupMode.ALL, // backup all records
    bucket: backupBucket, // S3 backup bucket is automatically created by default
  },
});

Describe any new or updated permissions being added

The HTTP endpoint destination will grant following accesses to the destination role:

  • Read access to the secret if present using secret.grantRead()
  • Read/Write access to the backup bucket using bucket.grantReadWrite()
  • Write access to the log group using logGroup.grantWrite()

Description of how you validated changes

Added unit tests and an Integ test.
The integ test also asserts the http endpoint is invoked correctly.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team November 6, 2025 08:35
@github-actions github-actions bot added effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 distinguished-contributor [Pilot] contributed 50+ PRs to the CDK labels Nov 6, 2025
Tietew
Tietew commented Nov 6, 2025
View reviewed changes
packages/@aws-cdk-testing/framework-integ/test/aws-kinesisfirehose/test/integ.http-endpoint.ts
removalPolicy: cdk.RemovalPolicy.DESTROY,
});
const backupLogGroup = new logs.LogGroup(stack, 'BackupLogGroup');
const backupKey = new kms.Key(stack, 'BackupKey');
Copy link
Contributor Author

@Tietew Tietew Nov 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Guardian detects the key policy of this KMS key.

{
  "Action": "kms:*",
  "Effect": "Allow",
  "Principal": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root",
  "Resource": "*"
}

@aws-cdk-automation aws-cdk-automation added pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. labels Nov 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

distinguished-contributor [Pilot] contributed 50+ PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes.

Projects

None yet

Milestone

No milestone

2 participants

@Tietew @aws-cdk-automation