Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Fullstack TypeScript

Write your app's data model, auth, storage, and functions in TypeScript; Amplify will do the rest.

Built with the AWS CDK

Use any cloud resource your app needs. Never worry about scale.

Back to Gen 1 DocsLearn more about Gen 2
Build a BackendFrontend LibrariesUI LibrariesDevelop with AIHostingReference

Choose your framework/language

Gen1 DocsLegacy
Edit on GitHub

Page updated Apr 22, 2026

Looking for how to use this in your app?See Frontend Libraries →

Amazon Data Firehose

Use the AWS Cloud Development Kit (AWS CDK) to create an Amazon Data Firehose delivery stream and grant your app the permissions it needs. For more on adding custom AWS resources to your Amplify backend, see Custom resources.

Set up a Firehose delivery stream

amplify/backend.ts
import { defineBackend } from "@aws-amplify/backend";
import { auth } from "./auth/resource";
import { data } from "./data/resource";
import { storage } from "./storage/resource";
import { CfnDeliveryStream } from "aws-cdk-lib/aws-kinesisfirehose";
import { Stack } from "aws-cdk-lib/core";
import {
  Policy,
  PolicyStatement,
  Role,
  ServicePrincipal,
} from "aws-cdk-lib/aws-iam";


const backend = defineBackend({
  auth,
  data,
  storage,
});


const firehoseStack = backend.createStack("firehose-stack");


// Access the S3 bucket resource
const s3Bucket = backend.storage.resources.bucket;


// Create a new IAM role for the Firehose
const firehoseRole = new Role(firehoseStack, "FirehoseRole", {
  assumedBy: new ServicePrincipal("firehose.amazonaws.com"),
});


// Grant the Firehose role read/write permissions to the S3 bucket
s3Bucket.grantReadWrite(firehoseRole);


// Create a Firehose delivery stream
const myFirehose = new CfnDeliveryStream(firehoseStack, "MyFirehose", {
  deliveryStreamType: "DirectPut",
  s3DestinationConfiguration: {
    bucketArn: s3Bucket.bucketArn,
    roleArn: firehoseRole.roleArn,
  },
  deliveryStreamName: "myFirehose",
});


// Grant PutRecordBatch permission to authenticated users
const firehosePolicy = new Policy(firehoseStack, "FirehosePolicy", {
  statements: [
    new PolicyStatement({
      actions: ["firehose:PutRecordBatch"],
      resources: [myFirehose.attrArn],
    }),
  ],
});


backend.auth.resources.authenticatedUserIamRole.attachInlinePolicy(firehosePolicy);

If you are not using the CDK, ensure your authenticated IAM role has the firehose:PutRecordBatch permission on your target delivery stream:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": "firehose:PutRecordBatch",
    "Resource": "arn:aws:firehose:<region>:<account-id>:deliverystream/<stream-name>"
  }]
}

For more information, see the Amazon Data Firehose Developer Documentation.

Ensure your S3 destination bucket is properly secured. See Security best practices for Amazon S3 for guidance on encryption, access control, and logging.

Next steps

Use the Firehose client to stream data from your app.

PREVIOUS
Kinesis Data Streams
NEXT
Use existing AWS resources
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2026, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.