This chapter covers Amazon Kinesis, AWS's suite of services for real-time streaming data. For the CLF-C02 exam, understanding the differences between Kinesis Data Streams, Data Firehose, and Data Analytics is critical—this objective falls under Domain 3: Cloud Technology Services and carries roughly 5-8% of the exam weight. You will need to know which Kinesis service to use for given scenarios, how data retention works, and how Kinesis integrates with other AWS services like Lambda, S3, and Redshift. This chapter provides the depth needed to answer exam questions confidently.
Jump to a section
Imagine you run a massive logistics company with thousands of delivery trucks. Every second, each truck sends a status update: location, speed, fuel level, and whether a package was delivered. You need to monitor this data in real time to reroute trucks, predict delays, and alert customers. If you stored all updates in a single database and queried it every second, the database would crash under the load. Instead, you build a data river: all trucks stream their updates into a fast-moving channel. This channel is like Kinesis Data Streams—it temporarily holds the data in sequence (like a conveyor belt). Multiple processing stations (like Lambda functions or EC2 instances) can dip into the river to analyze the data independently. One station calculates average speed per region; another detects late deliveries. Each station maintains its own checkpoint, so if one fails, it can resume from where it left off without losing data. The river never stops, and data is retained for up to 365 days. For analytics, you can use Kinesis Data Analytics to run SQL queries on the moving river, or Kinesis Data Firehose to dump the river into an S3 lake for later analysis. This is fundamentally different from batch processing (like ETL jobs that run nightly) because the river is continuous—no waiting for a batch window.
What is Amazon Kinesis and the Problem It Solves
Amazon Kinesis is a family of managed services designed to collect, process, and analyze real-time streaming data at any scale. Real-time streaming data is data that is generated continuously by thousands of sources, such as website clickstreams, application logs, IoT sensor readings, financial transactions, and social media feeds. The challenge with streaming data is that it arrives in a continuous, high-velocity stream—traditional batch processing (e.g., running a nightly ETL job) introduces unacceptable latency. Kinesis solves this by providing a durable, scalable, and low-latency platform for ingesting and processing data in real time.
How It Works: The Mechanism
Kinesis operates on the concept of shards. A shard is a unit of throughput capacity in Kinesis Data Streams. Each shard supports up to 1 MB/s write throughput and 2 MB/s read throughput. Data records are added to the stream and assigned a sequence number within a shard. Consumers read records in order from the shard, maintaining their own checkpoint (a sequence number) so they can resume from where they left off. The stream retains data for a default of 24 hours, up to a maximum of 365 days (extra cost).
Kinesis Data Streams uses producers (e.g., an EC2 instance, an SDK, or a mobile app) to put records into the stream. Consumers (e.g., Lambda, EC2, Kinesis Data Analytics) read and process records. Multiple consumers can read the same stream independently, each with its own checkpoint. This is called the fan-out pattern.
Kinesis Data Firehose is a fully managed service that automatically loads streaming data into destinations like S3, Redshift, Elasticsearch, or Splunk. It can batch records based on a time window (e.g., 60 seconds) or size (e.g., 10 MB). It also supports data transformation using Lambda.
Kinesis Data Analytics allows you to run SQL queries on streaming data in real time. It uses a built-in SQL engine to analyze data from Kinesis Data Streams or Firehose. You can also use Apache Flink with Kinesis Data Analytics for Java/Scala applications.
Key Tiers, Configurations, and Pricing Models
Kinesis Data Streams: Pricing is per shard-hour, plus data retention beyond 24 hours. You can choose between on-demand capacity mode (automatically scales shards) or provisioned mode (you specify number of shards). On-demand is simpler but more expensive per GB ingested.
Kinesis Data Firehose: Pricing is per GB of data ingested, plus per-GB for data transformation and destination delivery. No shards to manage.
Kinesis Data Analytics: Pricing is per Kinesis Processing Unit (KPU) per hour. KPU is a unit of compute and memory.
Comparison to On-Premises or Competing Approaches
On-premises streaming solutions often require managing Kafka clusters, ZooKeeper, and infrastructure. Kinesis removes the operational burden of scaling, replication, and failover. Compared to Apache Kafka, Kinesis offers simpler integration with AWS services (Lambda, S3, Redshift) but has lower throughput per shard (1 MB/s write vs. Kafka's higher throughput). Kinesis is also limited to 5 transactions per second per shard for writes (each transaction can contain up to 1 MB). Kafka has lower per-partition throughput but can scale to thousands of partitions.
When to Use Kinesis vs Alternatives
Use Kinesis Data Streams when you need real-time processing with multiple consumers, custom processing logic, or long data retention (up to 365 days). Use Kinesis Data Firehose when you want to load streaming data into a data lake or warehouse with minimal code—it's a 'set and forget' service. Use Kinesis Data Analytics for real-time SQL-based analytics on streams.
Alternatives include Amazon SQS for decoupling microservices (not for real-time analytics), Amazon MQ for migrating existing message brokers, and Amazon MSK (Managed Streaming for Kafka) if you need Kafka compatibility or higher throughput than Kinesis.
Common Exam Scenarios
A company wants to capture website clickstream data and analyze it in real time to update dashboards. Best choice: Kinesis Data Streams + Kinesis Data Analytics.
A company needs to ingest IoT sensor data and store it in S3 for later analysis. Best choice: Kinesis Data Firehose (directly to S3).
A company needs to process real-time order data and trigger a Lambda function for each order. Best choice: Kinesis Data Streams with Lambda as consumer.
Important Limits and Defaults
Default retention period for Kinesis Data Streams: 24 hours (configurable up to 365 days).
Maximum record size: 1 MB.
Each shard supports up to 5 read transactions per second, with a total read rate of 2 MB/s per shard.
Enhanced fan-out consumers can have a dedicated 2 MB/s read throughput per consumer (extra cost).
Kinesis Data Firehose buffer size: 1-128 MB, buffer interval: 60-900 seconds.
Code Example: Putting a Record into a Stream
import boto3
kinesis_client = boto3.client('kinesis')
response = kinesis_client.put_record(
StreamName='my-stream',
PartitionKey='partition-key-1',
Data=b'{"user": "john", "action": "login"}'
)
print(response['SequenceNumber'])CloudFormation Example
Resources:
MyStream:
Type: AWS::Kinesis::Stream
Properties:
Name: my-stream
ShardCount: 2
RetentionPeriodHours: 168Conclusion
Kinesis is AWS's answer to real-time data streaming. Understanding its components and use cases is essential for the CLF-C02 exam. Remember: Kinesis Data Streams is for custom real-time processing, Kinesis Data Firehose is for loading data into storage/analytics, and Kinesis Data Analytics is for real-time SQL queries.
Create a Kinesis Data Stream
First, you create a Kinesis Data Stream. In the AWS Console, navigate to Kinesis and choose 'Create data stream'. You must specify a stream name and the number of shards. Each shard provides 1 MB/s write capacity and 2 MB/s read capacity. For example, if you expect 5 MB/s of incoming data, you need at least 5 shards. You can also choose 'On-demand' capacity mode, which automatically scales shards based on throughput. Behind the scenes, AWS provisions the shards across multiple Availability Zones for durability. The stream is now ready to accept data.
Configure Producers to Send Data
Next, you configure your data sources (producers) to send records to the stream. Producers can be EC2 instances, Lambda functions, mobile apps, or any application using the AWS SDK. Each record consists of a partition key and a data blob (up to 1 MB). The partition key determines which shard the record goes to. For example, if you use 'user_id' as partition key, all records for the same user go to the same shard, preserving order. AWS SDK automatically handles retries and errors. You can also use Kinesis Producer Library (KPL) for higher throughput and batching.
Set Up Consumers to Process Records
Now you need consumers to read and process the data. Common consumers include Lambda functions, EC2 instances, or Kinesis Data Analytics. For a Lambda consumer, you create a Lambda function and add the Kinesis stream as a trigger. AWS Lambda polls the shards and invokes your function with batches of records. Each consumer maintains its own checkpoint (sequence number) in DynamoDB (if using KCL) or in the stream itself. This allows multiple consumers to read the same stream independently. For enhanced fan-out, you can register consumers to get dedicated 2 MB/s read throughput per shard.
Process Data with Kinesis Data Analytics
If you need real-time analytics, you can use Kinesis Data Analytics. Create an analytics application, choose the source stream (Kinesis Data Streams or Firehose), and write SQL queries on the streaming data. For example, you can compute a moving average of sensor readings every minute. The application runs continuously and outputs results to a destination stream (e.g., another Kinesis stream or Firehose). You can also use Apache Flink for more complex stream processing. Behind the scenes, Kinesis Data Analytics provisions KPUs (Kinesis Processing Units) to execute your queries with low latency.
Load Data into S3 with Kinesis Data Firehose
If your goal is to store streaming data for later analysis, use Kinesis Data Firehose. Create a delivery stream, specify the source (direct put or a Kinesis Data Stream), and choose the destination (e.g., S3). Firehose buffers incoming data based on a size (e.g., 10 MB) or time interval (e.g., 60 seconds), then writes the buffered data to S3 in Parquet or ORC format (optional). You can also enable data transformation with Lambda. Firehose automatically scales to handle throughput spikes. For example, you can send IoT sensor data to a Firehose delivery stream that writes to an S3 bucket partitioned by date.
Scenario 1: Real-Time Clickstream Analytics for an E-Commerce Website
A large e-commerce platform wants to track user behavior in real time to update product recommendations and detect fraud. They use Kinesis Data Streams to ingest clickstream events (page views, clicks, purchases) from their web servers. Each event is a JSON record with a partition key of session_id. Multiple consumers run simultaneously: one Lambda function updates a real-time dashboard in Amazon QuickSight, another Lambda function feeds a machine learning model for recommendations, and a third sends alerts for suspicious activity (e.g., multiple failed logins). The stream is configured with 10 shards to handle peak traffic of 8 MB/s. Data is retained for 7 days to allow replay for debugging. Cost: approximately $0.015 per shard-hour ($0.15/hour for 10 shards) plus Lambda invocation costs. A common mistake is underestimating the number of shards needed—if the stream is under-provisioned, producers will throttle and data ingestion will fail.
Scenario 2: IoT Sensor Data Ingestion for a Smart Building
A smart building company deploys thousands of sensors (temperature, humidity, occupancy) in office buildings. They need to collect data every 5 seconds and store it in Amazon S3 for historical analysis, while also triggering alerts if temperature exceeds a threshold. They use Kinesis Data Firehose to ingest sensor data directly from IoT devices (using AWS IoT Core) and deliver it to an S3 bucket partitioned by building and date. A Lambda function transforms the data (e.g., converts Celsius to Fahrenheit) before Firehose writes to S3. For real-time alerts, they also stream data to Kinesis Data Analytics, which runs a SQL query to detect anomalies and sends alerts via SNS. Firehose is set with a buffer size of 5 MB and a buffer interval of 60 seconds to ensure near-real-time delivery. Cost: $0.029 per GB ingested into Firehose, plus S3 storage costs. Misconfiguration: if the buffer interval is too long, alerts may be delayed; if too short, many small files are created in S3, increasing costs.
Scenario 3: Financial Transaction Monitoring for a Bank
A bank processes millions of credit card transactions daily and needs to detect fraud in real time. They use Kinesis Data Streams with enhanced fan-out consumers. Each transaction is a record with a partition key of card_id. Multiple fraud detection models (running on EC2 instances using KCL) consume the stream independently. They also use Kinesis Data Analytics to compute aggregate metrics like average transaction amount per card per hour. The stream is configured with 50 shards (provisioned mode) to handle peak loads of 40 MB/s. Data retention is set to 365 days for compliance. Cost: higher due to long retention and enhanced fan-out. A common pitfall: not using enhanced fan-out when multiple consumers need low latency—without it, each consumer shares the 2 MB/s read throughput per shard, causing throttling.
What CLF-C02 Tests on This Objective
The CLF-C02 exam expects you to understand the differences between Kinesis Data Streams, Kinesis Data Firehose, and Kinesis Data Analytics. You must know which service to use for given scenarios. The exam does not test deep configuration details (e.g., shard limits) but expects you to know the primary use cases and high-level features. Domain 3 (Cloud Technology Services) includes this objective, and questions may appear as multiple-choice or multiple-select.
Common Wrong Answers and Why Candidates Choose Them
Choosing SQS instead of Kinesis: Many candidates pick SQS because it's a queue. However, SQS is for decoupling applications, not for real-time analytics or streaming. SQS does not support multiple consumers reading the same message independently (unless using FIFO with message groups). Kinesis is designed for streaming data with multiple consumers.
Choosing Kinesis Data Firehose for real-time processing: Firehose is for loading data into storage, not for real-time processing. Candidates see 'real-time' in the name but forget that Firehose buffers data before delivery. For true real-time processing, use Data Streams.
Confusing retention periods: Candidates often think Kinesis Data Streams retains data indefinitely. Default is 24 hours, max 365 days. Firehose does not retain data—it delivers immediately.
Thinking Kinesis Data Analytics requires a schema: Unlike traditional databases, Kinesis Data Analytics can handle semi-structured data (JSON) without a predefined schema. Candidates might assume you need to define a schema upfront.
Specific Terms That Appear on the Exam
Shard: The base throughput unit of Kinesis Data Streams.
Partition key: Used to group records into shards.
Sequence number: Unique identifier within a shard.
Enhanced fan-out: Feature for dedicated read throughput per consumer.
Kinesis Data Firehose: Fully managed service for loading streaming data into S3, Redshift, Elasticsearch, or Splunk.
Kinesis Data Analytics: Real-time SQL analytics on streaming data.
Tricky Distinctions
Kinesis Data Streams vs. Kinesis Data Firehose: Streams require you to write consumers; Firehose is serverless and delivers to destinations automatically.
Kinesis Data Streams vs. Amazon MSK: MSK is managed Kafka; choose Kinesis for simpler integration with AWS services, choose MSK for higher throughput or Kafka ecosystem compatibility.
Kinesis Data Analytics vs. Amazon Athena: Athena queries data at rest in S3 (batch), while Kinesis Data Analytics queries data in motion (real-time).
Decision Rule for Exam Questions
If the question mentions real-time processing with multiple consumers or custom code, choose Kinesis Data Streams. If the question mentions loading streaming data into S3, Redshift, or Elasticsearch with minimal code, choose Kinesis Data Firehose. If the question mentions running SQL on streaming data for real-time analytics, choose Kinesis Data Analytics. If the question mentions decoupling microservices or message queuing, choose Amazon SQS or Amazon SNS.
Kinesis Data Streams is for custom real-time processing with multiple consumers; each shard provides 1 MB/s write and 2 MB/s read throughput.
Kinesis Data Firehose is a fully managed service to load streaming data into S3, Redshift, Elasticsearch, or Splunk; it buffers data before delivery.
Kinesis Data Analytics allows you to run SQL queries on streaming data in real time; it can also use Apache Flink for advanced processing.
Default retention for Kinesis Data Streams is 24 hours; maximum is 365 days (extra cost).
Enhanced fan-out in Kinesis Data Streams provides dedicated 2 MB/s read throughput per consumer per shard.
Kinesis Data Firehose can transform data using Lambda functions before delivery.
Partition key determines which shard a record goes to; records with the same partition key are processed in order.
For exam scenarios: real-time processing → Data Streams; loading to S3 → Firehose; real-time SQL → Data Analytics.
These come up on the exam all the time. Here's how to tell them apart.
Kinesis Data Streams
Requires you to write consumer code (Lambda, EC2, etc.)
Provides sub-second processing latency
Data retention up to 365 days
Multiple consumers can read the same stream independently
Priced per shard-hour
Kinesis Data Firehose
Fully managed, no consumer code needed
Near-real-time (buffered delivery, typically 60 seconds)
No data retention; delivers data immediately to destinations
Single destination per delivery stream
Priced per GB ingested
Mistake
Kinesis Data Streams can store data indefinitely for free.
Correct
Default retention is 24 hours. You can increase retention up to 365 days, but this incurs additional costs per shard per hour.
Mistake
Kinesis Data Firehose can process data in real time with sub-second latency.
Correct
Firehose buffers data before delivery (default 60 seconds or 10 MB). It is near-real-time, not true real-time. For sub-second latency, use Kinesis Data Streams with Lambda.
Mistake
Kinesis Data Streams and Amazon SQS are interchangeable for streaming analytics.
Correct
SQS is a message queue for decoupling applications; it does not support multiple consumers reading the same message independently (unless using FIFO with message groups). Kinesis is designed for streaming data with multiple consumers and replay capability.
Mistake
You must use a schema when creating a Kinesis Data Analytics application.
Correct
Kinesis Data Analytics can infer schema from JSON or CSV data. You can also manually define a schema, but it's not required.
Mistake
Kinesis Data Streams automatically scales shards based on load without any configuration.
Correct
Automatic scaling is only available in 'on-demand' capacity mode. In provisioned mode, you must manually add or remove shards (or use auto-scaling via API).
Kinesis Data Streams is for real-time streaming where you write custom consumers (e.g., Lambda, EC2) to process data. It provides sub-second latency and data retention up to 365 days. Kinesis Data Firehose is a fully managed service that automatically loads streaming data into destinations like S3, Redshift, or Elasticsearch with near-real-time latency (buffered). Firehose does not require you to write consumer code, but it does not support multiple independent consumers or long retention. Exam tip: If the question mentions 'real-time processing with custom code', choose Data Streams. If it mentions 'loading into S3 with minimal code', choose Firehose.
Kinesis Data Streams preserves the order of records within a shard. Records with the same partition key are always sent to the same shard, so they are processed in the order they were received. However, across different shards, there is no global ordering. This is similar to Kafka partitions. Exam tip: If a question requires strict ordering for all records, you need to use a single shard (which limits throughput) or use a partition key that groups related records. For example, for a user's clickstream, use user ID as partition key to ensure all clicks from a user are in order.
No, a single Kinesis Data Firehose delivery stream can only deliver to one destination type (e.g., one S3 bucket, one Redshift cluster, etc.). If you need to deliver to multiple destinations, you must create multiple delivery streams, or use Kinesis Data Streams with multiple consumers. Exam tip: This is a common trick question. Candidates often assume Firehose can fan-out to multiple destinations, but it cannot.
The maximum record size is 1 MB. This includes both the data blob and the partition key. If your records exceed 1 MB, you must split them into smaller chunks. Exam tip: This limit is often tested. Compare with SQS (256 KB) and S3 (5 TB).
Kinesis Data Streams synchronously replicates data across three Availability Zones in the same AWS Region. Once a record is written, it is considered durable. This is similar to how S3 stores data. Exam tip: Durability is a key differentiator from on-premises Kafka, which requires manual replication configuration.
The partition key is used to determine which shard a record is sent to. It is hashed to produce a shard ID. Records with the same partition key go to the same shard, ensuring order for that key. A good partition key distributes data evenly across shards to avoid hot shards. Exam tip: If a question describes uneven data distribution, the issue is likely a poor partition key design.
Yes, Kinesis Data Analytics can consume data from both Kinesis Data Streams and Kinesis Data Firehose. However, note that Firehose is typically used as a destination, not a source for analytics. It is more common to use Data Streams as the source for Data Analytics because of lower latency. Exam tip: Know that Data Analytics can use both as sources, but the exam may focus on Data Streams as the source.
You've just covered Amazon Kinesis — Real-Time Streaming — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?