Articles

Stream EventBridge Events to Kinesis Firehose for Archiving (2026)

April 16, 2026 4 min read

AWS EventBridge is a serverless event bus service that makes it easy to connect applications together using data from your own applications, integrated SaaS applications, and AWS services. Kinesis Data Firehose is a fully managed service for delivering real-time streaming data to destinations such as Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk.

Here’s how to set up EventBridge to stream events to Kinesis Firehose for archiving:

Setting up EventBridge to Stream Events to Kinesis Firehose

  1. Create a Kinesis Data Firehose Delivery Stream:

    • Navigate to the Kinesis Data Firehose console.
    • Click "Create delivery stream."
    • Choose a source: For this use case, select "Direct PUT or other sources."
    • Choose a destination: Select "Amazon S3."
    • Delivery stream name: Provide a unique name (e.g., eventbridge-archive-stream).
    • S3 destination:
      • S3 bucket: Create a new S3 bucket or select an existing one for archiving. Ensure the bucket is in the same region as your EventBridge event bus.
      • S3 prefix (optional): You can specify a prefix to organize your archived data (e.g., eventbridge-logs/).
      • S3 buffer conditions: Configure buffer size (e.g., 64 MB) and buffer interval (e.g., 300 seconds) to control when data is delivered to S3.
    • Enable data transformation (optional): For this archiving use case, you typically don’t need transformation.
    • Enable dynamic partitioning (optional): This can be useful for organizing data based on event metadata. For example, you could partition by year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/.
    • Access key configuration: You’ll need to create an IAM role that grants Firehose permissions to write to your S3 bucket. The console can help you create this role automatically.
    • Click "Create delivery stream."

  2. Create an EventBridge Rule:

    • Navigate to the EventBridge console.

    • Click "Create rule."

    • Name: Provide a descriptive name (e.g., archive-all-events).

    • Event bus: Select the event bus you want to monitor (usually the default bus).

    • Rule type: Choose "Rule with an event pattern."

    • Event pattern:

      • Event source: Select "AWS services."
      • AWS service: Select the AWS service that generates the events you want to archive (e.g., EC2, S3, CloudWatch Logs).
      • Event type: Select the specific event type (e.g., EC2 Instance State-change Notification).
      • Alternatively, you can use a custom pattern to match specific event details. For archiving all events, you can use a broad pattern like:
        {
  "source": [{ "prefix": "" }]
}
        Or, to be more specific and capture events from all AWS services, you can use:
        {
  "source": [
    "aws.ec2",
    "aws.s3",
    "aws.rds",
    "aws.lambda",
    "aws.cloudwatch",
    "aws.events",
    "aws.api-gateway",
    "aws.iam",
    "aws.sts",
    "aws.cloudtrail",
    "aws.config",
    "aws.firehose"
  ]
}
        Important: For truly archiving everything, you might consider a broader pattern or using AWS CloudTrail to log API calls and then sending those logs to EventBridge for further processing if needed. However, for direct archiving of service events, the above examples are a good start.

    • Event pattern preview: Review the generated event pattern.

    • Event buses: Ensure the correct event bus is selected.

  3. Configure Target:

    • Target types: Select "AWS service."
    • Select a target: Choose "Kinesis Data Firehose delivery stream."
    • Delivery stream: Select the Kinesis Data Firehose delivery stream you created earlier (e.g., eventbridge-archive-stream).
    • Additional settings:
      • Partition key (optional): You can specify a partition key if your Firehose stream is configured for it.
      • Error logging: It’s highly recommended to enable error logging to an S3 bucket or CloudWatch Logs to troubleshoot any issues with events not reaching Firehose.
      • Retry policy: Configure retry attempts and backoff.
      • Buffer hints, compression, and encryption: These settings are typically managed at the Firehose stream level, but you can override them here if needed. For archiving, it’s often best to let Firehose handle these.
    • Permissions: EventBridge needs permission to send events to your Kinesis Data Firehose stream. The console will prompt you to create an IAM role for this. Ensure this role has firehose:PutRecordBatch permissions for the target Firehose stream.

  4. Create the Rule:

    • Click "Create rule."

Once the rule is created and events matching the pattern are emitted by AWS services, EventBridge will send them to your Kinesis Data Firehose delivery stream, which will then batch and deliver them to your designated S3 bucket.

Verifying the Setup

  • Trigger an event: Perform an action that generates an event matching your EventBridge rule (e.g., stop an EC2 instance, create an S3 object).
  • Check S3 bucket: After a short delay (depending on your Firehose buffer settings), check your S3 bucket. You should see files appearing in the location you specified, containing the archived event data.
  • Check Firehose metrics: In the Kinesis Data Firehose console, you can monitor metrics for your delivery stream, such as IncomingRecords, IncomingBytes, and DeliveryToS3.Success.
  • Check EventBridge metrics: In the EventBridge console, you can view metrics for your rule, such as TriggeredRules and Invocations, to confirm it’s being triggered.

This setup provides a robust, cost-effective way to archive your AWS service events for compliance, auditing, or analysis.

Want structured learning?

Take the full Eventbridge course →