0

In an Amazon Connect instance, I set up Data Streaming such that Contact Trace Records and Agent Events are published to the same Kinesis Stream.

Then I created a delivery mechanism of said events by creating an Amazon Kinesis Firehose that sourced its data from said Kinesis Stream. The delivery destination is an HTTP endpoint that uses https over port 443. Said endpoint is configured with a self-signed SSL certificate.

So far so good.

Now when events land on the Kinesis Stream, the Kinesis Firehose attempts to POST said events to the HTTP endpoint, but the following error triggers; from CloudWatch:

{
    "deliveryStreamARN": "arn:aws:firehose:...",
    "destination": "...",
    "deliveryStreamVersionId": 1,
    "message": "Unable to complete an SSL Handshake with the endpoint due to invalid certification path. Contact the owner of the endpoint to resolve this issue.",
    "errorCode": "HttpEndpoint.SSLHandshakeCertificatePathFailure"
}

where the ellipsis here (...) is a placeholder for actual resources used.

QUESTION: how can the Amazon Kinesis Firehose be configured to support POST requests to an HTTP endpoint configured with a self-signed SSL certificate?

Kode Charlie
  • 1,297
  • 16
  • 32
  • I guess that means the answer to my question is: "No, Firehose can't deal with that." – Kode Charlie Aug 22 '23 at 18:05
  • I'm relatively new to Kinesis, but my $0.02 here is that out-of-the-box, it should just work. BTW, this isn't the only disappointment with Firehose. As cited in an earlier question, only port 443 (for HTTP endpoints) is supported; that also is a bit unexpected. With so much of AWS highly configurable, it comes as a surprise that Kinesis Firehose seems to take an opposite tact: "let's force users to do it our way". – Kode Charlie Aug 22 '23 at 18:09
  • Amazon Kinesis Firehose doesn't have native support for trusting custom certificates or self-signed certificates. The typical SSL handshake validation ensures the endpoint's certificate is signed by a well-known Certificate Authority (CA). – Piyush Patil Aug 22 '23 at 18:19

0 Answers0