AWS Kinesis Data Stream

Send Sym logs to Kinesis Data Stream, and from there, anywhere else!


With the Kinesis Data Stream Log Destination, you can send the full stream of Reporting events from Sym to be processed by a Data Stream.

Simply create a Log Destination of type kinesis_data_stream, and add it to your Environment.



  1. An file generated by symflow init
    a. If you have not run symflow init, please follow the instructions in Installing Sym
  2. A runtime_connector module defined in
    a. If you do not have a, please follow the instructions in AWS Runtime Setup

Configure the Kinesis Data Stream Log Destination

The aws/kinesis-data-stream-connector module creates a Kinesis Data Stream and the outputs are used to configure an AWS IAM Policy that grants the Runtime Connector Role permissions to publish to the Data Stream.

The Data Stream can be further configured with inputs to the module. See the Terraform Registry documentation for the Kinesis Data Stream Connector for more details.

Create a file with the following contents:

# A module that provisions a single Kinesis Data Stream
module "kinesis_data_stream_connector" {
  source  = "symopsio/kinesis-data-stream-connector/aws"
  version = ">= 1.0.0"

  environment = local.environment_name

  # .. Other optional inputs. See Terraform registry docs.

# Give the Runtime Connector Role permission to publish to the Kinesis Data Stream
module "kinesis_data_stream_access" {
  source  = "symopsio/kinesis-data-stream-addon/aws"
  version = ">= 1.1.0"

  environment   = local.environment_name
  stream_arns   = [module.kinesis_data_stream_connector.data_stream_arn]
  iam_role_name =

# A sym_log_destination that tells the Sym Runtime where to send audit logs.
resource "sym_log_destination" "data_stream" {
  type = "kinesis_data_stream"
  # The Runtime Connector sym_integration has Kinesis Firehose permissions defined by the kinesis_firehose_access module
  integration_id =
  settings = {
    stream_name = module.kinesis_data_stream_connector.data_stream_name

Add the Log Destination to your Environment

Each sym_environment accepts a list of Log Destinations to send reporting logs to. Add the ID of the Log Destination you just defined to the log_destination_ids list.

# ... other resources omitted

resource "sym_environment" "this" {
  # ... other attributes omitted
  # Add your log destinations here
  log_destination_ids = []

  # ... other attributes omitted