Skip to content

chore(kinesisfirehose): add validation for customTimeZone in S3BucketProps. #36089

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

chore(kinesisfirehose): add validation for customTimeZone in S3BucketProps. #36089

wants to merge 3 commits into from
+63 −12

Conversation

@aki-kii
Copy link
Contributor

@aki-kii aki-kii commented Nov 17, 2025

Issue # (if applicable)

Closes #

Reason for this change

When delivering from Data Firehose to S3, there is a feature that allows you to specify the time zone for the S3 prefix.
The following conditions apply to time zone specification:

Rule 1: Regular Expression Pattern
Looking at the CLI's create-delivery-stream command, you can see regular expressions.
^$|[a-zA-Z/_]+
https://docs.aws.amazon.com/cli/latest/reference/firehose/create-delivery-stream.html

Rule 2: Time Zone Format
If you try to create it by specifying a 3-letter time zone such as EST, it will fail with the following message:

AWS Kinesis Firehose delivery stream, the supported IANA time zone formats are non-3-letter identifiers

Rule 3: Supported Time Zones
There is a list of supported time zones, and anything else cannot be used.
https://docs.aws.amazon.com/firehose/latest/dev/s3-object-name.html

We will add these validations to detect errors before deploying resources.

Description of changes

  1. Validation of regular expression pattern
    ^$|[a-zA-Z/_]+

  2. Validation that it is not 3 characters

  3. Blacklist of patterns considered extensions of 3 characters

e.g.

const denyList = [
    cdk.TimeZone.ETC_UTC,
    cdk.TimeZone.ETC_GMT,
    cdk.TimeZone.FACTORY,
]

I would like to discuss the implementation policy for these.
If only items 1 and 2 are used, patterns considered extensions of 3 characters, such as "Etc/UTC", cannot be prevented. In fact, I also experienced a deployment failure when specifying "Etc/UTC" for CustomTimeZone.

It seems that adding item 3 could solve this, but deciding which patterns to exclude involves subjectivity.
The time zones I am currently considering including in the pattern are as follows:

  • "Etc/UTC"
  • "Etc/GMT"
  • "Factory"

Alternatively, there is another method where a list of time zones available in Data Firehose is registered as an enum-like class, and a whitelist is operated.
https://docs.aws.amazon.com/firehose/latest/dev/s3-object-name.html
This method requires making changes to the CDK every time the page is updated.

What do you think is the best approach?

Describe any new or updated permissions being added

Description of how you validated changes

Add both unit test.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team November 17, 2025 23:46
@github-actions github-actions bot added repeat-contributor [Pilot] contributed between 3-5 PRs to the CDK p2 labels Nov 17, 2025
@pahud pahud mentioned this pull request Nov 18, 2025
Open
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Nov 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. repeat-contributor [Pilot] contributed between 3-5 PRs to the CDK

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aki-kii @aws-cdk-automation