Posted On: Jun 10, 2024

Amazon Data Firehose (Firehose) now supports integration with Amazon Secrets Manager (Secrets Manager) to configure secrets such as database credentials or keys to connect to streaming destinations such as Amazon Redshift, Snowflake, Splunk, and HTTP endpoints.

Amazon Data Firehose needs to access a secret such as database credentials or keys to connect to a streaming destination. With this launch, Amazon Data Firehose can retrieve a secret from Secrets Manager instead of using a plain text secret in configuration to connect to the destination. By using Secrets Manager integration, you can ensure that secrets are not visible in plain text during Firehose stream creation workflow either in Management Console or API parameters. This feature provides a more secure practice to store and maintain a secret in Firehose and allows you to leverage automatic secret rotation capability provided by Secrets Manager.

Amazon Firehose supports using Amazon Secrets Manager for keys to connect to the following destinations: Amazon Redshift, custom HTTP endpoint, Snowflake, Splunk, Coralogix, Datadog, Dynatrace, Elastic, Honeycomb, LogicMonitor,, MongoDB Cloud, and New Relic. This feature is available at no additional cost. To learn more about the feature and get started, visit Kinesis Data Firehose console and the developer guide.