AWSGlossary

Kinesis Data Firehose: What It Is and When to Use It

Definition

Amazon Kinesis Data Firehose is a fully managed service that provides a simple and reliable way to capture, transform, and load streaming data into data lakes, data stores, and analytics services. It's an Extract, Transform, and Load (ETL) service for streaming data, designed to abstract away the complexities of data ingestion, allowing developers to focus on analysis rather than infrastructure management.

How It Works

Kinesis Data Firehose operates as a straightforward, configurable pipeline. You create a "delivery stream" and configure a source, an optional transformation step, and a destination. Firehose then automatically manages the data flow, scaling to handle gigabytes per second of data.

  1. Data Sources: Data can be sent to a Firehose delivery stream from a variety of sources. These include another Amazon Kinesis Data Stream, directly via the Firehose API (Direct PUT) using the AWS SDK or Kinesis Agent, or from other AWS services like Amazon CloudWatch Logs, AWS IoT Core, and Amazon SNS.

  2. Buffering: Firehose buffers incoming streaming data to a specified size or for a specified time period before delivering it to the destination. The buffer size can be set from 1 to 128 MiB, and the buffer interval can range from 60 to 900 seconds. Delivery is triggered by whichever threshold is met first. This batching mechanism is key to efficiently loading data into analytical systems.

  3. Data Transformation & Conversion (Optional): Before delivery, Firehose can process the data in-flight.

    • Lambda Transformation: You can configure a Lambda function to perform custom transformations, such as filtering records, enriching data with metadata, or converting data from one format to another. The Lambda function is invoked with a batch of records and must return the transformed records.
    • Format Conversion: Firehose has built-in capabilities to convert the format of incoming JSON data into columnar formats like Apache Parquet and Apache ORC, which are optimized for cost-effective and high-performance analytics.

  4. Data Delivery: Once buffered and transformed, the data is delivered to the configured destination. Firehose handles synchronous replication of data across three Availability Zones (AZs) to ensure high availability and durability during transport.

  5. Destinations: Firehose supports a wide range of destinations, including:

    • Data Lakes & Warehouses: Amazon S3, Amazon Redshift, and Apache Iceberg Tables.
    • Analytics Services: Amazon OpenSearch Service (formerly Elasticsearch Service).
    • Third-Party Tools: Splunk, Datadog, Snowflake, and other partner services.
    • HTTP Endpoints: Custom HTTP endpoints for flexible integration.

  6. Error Handling & Backups: If data transformation fails or delivery to the destination is unsuccessful, Firehose can retry the delivery for a specified period (up to 7,200 seconds for Redshift and OpenSearch). You can also configure a backup to an Amazon S3 bucket for all source records or just those that failed processing, ensuring no data is lost.

Key Features and Limits

  • Fully Managed & Auto-Scaling: No servers to manage; Firehose automatically scales throughput to match the volume of incoming data.
  • Data Transformation: Supports in-flight data transformation using AWS Lambda for custom logic.
  • Data Format Conversion: Built-in conversion of JSON to Apache Parquet or Apache ORC, which can significantly improve query performance and reduce costs.
  • Dynamic Partitioning: Can continuously partition streaming data in Amazon S3 based on keys within the data (e.g., customer_id, event_timestamp). This organizes data into logical S3 prefixes, optimizing query performance and cost for tools like Amazon Athena.
  • Compression: Supports GZIP, ZIP, and SNAPPY compression formats to reduce storage space at the destination.
  • Near Real-Time Delivery: Data is delivered with a latency determined by the buffer settings, with a minimum of 60 seconds.
  • Service Quotas (as of 2026):
    • Max Record Size: 1,000 KiB (before Base64 encoding).
    • PutRecordBatch API: Up to 500 records or 4 MiB per call.
    • Direct PUT Throughput (e.g., US East): Up to 500,000 records/sec, 2,000 requests/sec, and 5 MiB/sec. Quotas can be increased upon request.
    • Buffer Hints: Size from 1-128 MiB; interval from 60-900 seconds.
    • Dynamic Partitioning: Default limit of 500 active partitions per delivery stream.

Common Use Cases

  • Log and Event Data Analytics: Ingesting and delivering application logs, clickstreams, and system events to Amazon S3 for long-term storage and analysis with Amazon Athena, or to Amazon OpenSearch Service for real-time monitoring and dashboarding.
  • IoT Data Ingestion: Capturing high-volume, high-velocity data from IoT devices and sensors and reliably loading it into a data lake on S3. The data can be partitioned by device ID or timestamp for efficient querying.
  • Data Lake Hydration: Acting as the primary ingestion layer for an Amazon S3-based data lake. Firehose simplifies the process of streaming data from various sources, converting it to optimal formats like Parquet, and partitioning it for efficient analysis.
  • Security and Threat Monitoring: Streaming network traffic logs or AWS service logs (like AWS WAF logs) to security information and event management (SIEM) tools like Splunk to monitor for threats in near real-time.

Pricing Model

Amazon Kinesis Data Firehose has a pay-as-you-go pricing model with no upfront costs or minimum fees. You are billed based on the volume of data ingested, measured in gigabytes. Records are billed in 5KB increments.

Additional charges apply for optional features:

  • Data Format Conversion: A per-GB fee for converting data to Parquet or ORC formats.
  • Dynamic Partitioning: A per-GB fee for data delivered and a fee per 1,000 S3 objects created.
  • VPC Delivery: An hourly fee per Availability Zone and a per-GB processing fee for delivering data to destinations within a Virtual Private Cloud (VPC).
  • Data Transfer: Standard AWS data transfer charges apply for data moved out of the AWS region.

Always consult the official AWS Pricing page for the most current details.

Pros and Cons

Pros:

  • Simplicity: Extremely easy to set up and configure a streaming data pipeline without writing any consumer code.
  • Fully Managed: AWS handles all the underlying infrastructure, administration, maintenance, and scaling.
  • Direct Integrations: Seamlessly integrates with numerous AWS services and third-party tools as both sources and destinations.
  • Built-in Resiliency: Provides automatic retries, optional S3 backups, and synchronous data replication across three AZs for high durability.
  • Cost-Effective for Simple ETL: Built-in features like compression, format conversion, and dynamic partitioning can reduce overall analytics costs.

Cons:

  • Near Real-Time, Not Real-Time: The minimum 60-second buffering interval means it's not suitable for use cases requiring sub-second processing latency.
  • Limited Transformation Logic: While Lambda integration is powerful, it's designed for lightweight transformations. Complex ETL jobs with joins or windowing are better suited for services like AWS Glue.
  • Single Destination per Stream: A single delivery stream can only deliver data to one destination. To send data to multiple destinations (e.g., S3 and Splunk), you must create multiple delivery streams.

Comparison with Alternatives

Kinesis Data Firehose vs. Kinesis Data Streams

This is the most common point of confusion. The two services are often used together but serve different purposes.

  • Purpose: Firehose is a delivery service (ETL) that loads data into a destination. Data Streams is a streaming data store for custom, real-time processing by multiple applications.
  • Data Consumers: Firehose has pre-configured consumers (S3, Redshift, etc.). You don't manage them. With Data Streams, you build your own consumer applications (using Lambda, KCL, etc.) to read and process the data.
  • Data Retention: Firehose does not store data itself beyond its internal buffer and a 24-hour retry window. Data Streams stores data for 24 hours by default, extendable up to 365 days, allowing multiple consumers to read and replay the same data.
  • Latency: Firehose is near real-time (minimum 60-second latency). Data Streams can achieve much lower latency (as low as ~70ms).
  • Management: Firehose is fully managed and auto-scales. Data Streams requires you to manage capacity by provisioning and scaling shards (though an on-demand mode simplifies this).

Common Pattern: Use Kinesis Data Streams to ingest data for real-time applications (like anomaly detection) and also as a source for a Kinesis Data Firehose delivery stream to reliably load the same raw data into Amazon S3 for archival and batch analytics.

Exam Relevance

Kinesis Data Firehose is a key topic on several AWS certification exams, particularly those focused on architecture and data.

  • AWS Certified Solutions Architect - Associate (SAA-C03): Expect questions that test your understanding of its role in data ingestion pipelines, its key features (buffering, transformation), and when to use it versus Kinesis Data Streams.
  • AWS Certified Developer - Associate (DVA-C02): Focus on how to send data to Firehose (Direct PUT) and how to configure Lambda transformations.
  • AWS Certified Data Analytics - Specialty (DAS-C01): Requires a deep understanding of Firehose's integration with other analytics services, dynamic partitioning for S3, format conversion, and performance optimization.

For exams, you must know that Firehose is the easiest way to load streaming data into destinations like S3, Redshift, and OpenSearch, and that it is a near real-time service.

Frequently Asked Questions

Q: What is the main difference between Kinesis Data Firehose and Kinesis Data Streams?

A: Kinesis Data Streams is for ingesting and temporarily storing streaming data for custom, real-time processing by multiple applications you build. Kinesis Data Firehose is a fully managed service for delivering that streaming data to a specific destination, with optional in-flight transformations. Think of Data Streams as the flexible, real-time stream and Firehose as the automated delivery truck.

Q: Can I use Kinesis Data Firehose for real-time, sub-second processing?

A: No. Kinesis Data Firehose is a near real-time service because it buffers data. The minimum buffer interval is 60 seconds, meaning data will have at least that much latency before being delivered. For sub-second, real-time processing needs, you should use Kinesis Data Streams with a custom consumer application (e.g., AWS Lambda).

Q: How can I transform data in-flight with Kinesis Data Firehose?

A: Kinesis Data Firehose has two primary transformation methods. You can enable its built-in data format conversion feature to change incoming JSON records to Apache Parquet or Apache ORC. For more complex logic like filtering, enriching, or custom conversions, you can configure the delivery stream to invoke an AWS Lambda function, which processes records in batches before they are delivered to the destination.

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official AWS documentation before making production decisions.

Published: 6/5/2026 / Updated: 6/5/2026

This article is for informational purposes only. AWS services, pricing, and features change frequently — always verify details against the official AWS documentation before making production decisions.

More in Analytics

Amazon CloudSearch: How It Works & When to Use It

Amazon CloudSearch is a fully managed search service. Learn about its features, use cases, and why AWS recommends OpenSearch Service for new customers.

Kinesis vs SQS: How It Works & When to Use It

Amazon Kinesis Data Streams and SQS are AWS managed services for messages. Kinesis is for real-time streaming analytics, SQS for message queuing. Learn when to choose it.

OpenSearch vs Elasticsearch: How It Works & When to Use It

OpenSearch and Elasticsearch are open-source search engines for real-time data. Compare features, use cases, and licensing to choose the right one.

AWS Data Pipeline: How It Works & When to Use It

AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services. Learn about its use cases and migration options.

Glue vs EMR: How It Works & When to Use It

AWS Glue is serverless data integration; EMR is a managed big data framework. Understand their differences and choose the right service for your analytics needs.

View all Analytics terms →