# AWS Flow Logs (Firehose HTTP) NetObserv Flow supports the collection of AWS VPC Flow Logs directly from Amazon Firehose via an HTTP endpoint. {% hint style="warning" %} NOTICE If an S3 bucket is involved, you need to use [AWS Flow Logs (S3)](/flowcoll/configuration/inputs/input_aws_s3.md) instead. Even if Firehose is involved, if Firehose is exporting to S3 bucket, those settings are required. These settings are only for when Firehose is exporting flow logs over HTTP directly. {% endhint %} To integrate with Firehose, it is necessary to create a Firehose stream with an HTTP Endpoint destination. The HTTP endpoint URL must point to a NetObserv server configured with TLS. The endpoint path must be `/api/v1/aws/firehose/flow-logs` to ensure it targets the correct API endpoint. Although this is a public endpoint, it is recommended to set an access key for authentication. If an access key is configured, it must be set as an environment variable with the exact value. ## EF\_AWS\_VPC\_FLOW\_LOG\_FIREHOSE\_HTTP\_ENABLE This setting is used to enable or disable an HTTP endpoint which can receive data from Amazon Firehose. * Valid Values * `true`, `false` * Default * `false` ## EF\_AWS\_VPC\_FLOW\_LOG\_FIREHOSE\_HTTP\_PORT This setting is used to declare the port that the HTTP endpoint will listen on for incoming data from Amazon Firehose. * Default * `443` ## EF\_AWS\_VPC\_FLOW\_LOG\_FIREHOSE\_HTTP\_ACCESS\_KEY This setting is used to declare the access key used by the configured Firehose stream if one is set. If this does not match the correct value, the API endpoint will error. * Default * `""` ## EF\_AWS\_VPC\_FLOW\_LOG\_FIREHOSE\_HTTP\_LOG\_FORMAT This setting is used when the input is receiving data from Amazon Firehose. It specifies the format of the logs. Each key must be wrapped in a format that looks like `${key}` and must be a valid key according to AWS log formats. * Default * `${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.elastiflow.com/flowcoll/configuration/inputs/input_aws_firehose.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.