Amazon EventBridge

Amazon EventBridge is a serverless event bus service that allows applications to communicate via events, enabling event-driven architectures in AWS.

1️⃣ What is EventBridge?

  • EventBridge receives events from:
    • AWS services (e.g., S3, EC2, Lambda)
    • SaaS applications (e.g., Zendesk, Shopify)
    • Custom applications
  • Events are delivered in near real-time to targets such as:
    • AWS Lambda
    • Step Functions
    • SQS/SNS
    • API Gateway
    • Other AWS services

It is a central hub for building loosely coupled, event-driven applications.

2️⃣ Key Features

  • Event buses: Default, Partner, and Custom event buses to isolate event processing.
  • Event rules: Define how events are filtered and routed to targets.
  • Schema registry: Automatically discovers event structure and saves as JSON schemas.
  • Replay events: Can archive and replay past events to debug or reprocess data.
  • Reliable delivery: At least once delivery with regional availability.
  • Serverless & scalable: No infrastructure management.

3️⃣ Example Use Case

  • An S3 bucket uploads a file → Sends an event to EventBridge.
  • EventBridge rule filters only .csv files.
  • Event is sent to Lambda, which processes and stores data in DynamoDB.
  • Event-driven automation with no manual polling or scheduling.

4️⃣ EventBridge vs SNS

Feature EventBridge SNS (Simple Notification Service)
Event filtering Advanced, JSON-based rules Basic topic-based
Event replay/archive ✅ Supported ❌ Not supported
Multiple buses ✅ Supported ❌ Single topic per channel
Targets 20+ AWS services Mostly SQS, Lambda, HTTP endpoints
Schema registry ✅ Yes ❌ No

5️⃣ Sample Event (JSON)

{
  "version": "0",
  "id": "abcd-1234",
  "detail-type": "AWS API Call via CloudTrail",
  "source": "aws.ec2",
  "account": "1234567890",
  "time": "2025-07-29T10:45:00Z",
  "region": "us-east-1",
  "resources": ["arn:aws:ec2:instance/i-12345"],
  "detail": {
    "eventName": "StartInstances",
    "instance-id": "i-12345"
  }
}

In Short:

Amazon EventBridge allows you to capture, filter, and route events between AWS services, SaaS apps, and your custom applications, enabling real-time, event-driven automation without complex code or polling mechanisms.

Amazon EventBridge Cheatsheet

Amazon EventBridge is a serverless event bus that routes events from AWS services, custom apps, and SaaS platforms to targets based on rules and event patterns.

1️⃣ EventBridge Rules

Rules define how events are matched and what target(s) should receive them.

  • Components of a Rule:
    • Event Pattern: Filters events based on attributes (source, detail-type, custom fields).
    • Schedule: Can also trigger rules at fixed times or intervals (CRON expressions).
    • Target: Destination for matched events.
    • Example Rule:

    • Trigger Lambda when an EC2 instance state changes to “stopped”.

{
  "source": ["aws.ec2"],
  "detail-type": ["EC2 Instance State-change Notification"],
  "detail": { "state": ["stopped"] }
}

2️⃣ EventBridge Targets

Targets are the endpoints or services that process events after rules match them.

Common Targets:

  • AWS Lambda → Run serverless functions
  • Amazon SNS → Push notifications to subscribers
  • Amazon SQS → Queue messages for processing
  • Step Functions → Start workflows
  • API Gateway / HTTP endpoints → Call external APIs
  • Kinesis Streams / Firehose → Stream data
  • ECS tasks / Batch jobs → Container or batch processing

✔ A single rule can route an event to multiple targets simultaneously.

3️⃣ Event Patterns

Event patterns filter events by matching JSON key-value pairs in incoming events.

Basic Pattern

{
  "source": ["aws.s3"],
  "detail-type": ["AWS API Call via CloudTrail"]
}

  • Matches any event from S3 API calls.

Advanced Pattern

{
  "source": ["aws.ec2"],
  "detail-type": ["EC2 Instance State-change Notification"],
  "detail": {
    "state": ["running", "stopped"]
  }
}

  • Matches events where an EC2 instance transitions to running or stopped.

Wildcard Matching

{
  "detail": {
    "userIdentity": {
      "type": ["*"]
    }
  }
}

4️⃣ Event Flow Example

  1. Event Source: S3 bucket uploads a .csv file.
  2. Rule: Pattern matches .csv file uploads.
  3. Target: Lambda function processes the file and writes data to DynamoDB.

✅ Key Notes

  • Multiple Rules: A single event can trigger multiple rules.
  • Multiple Targets: A rule can route events to several targets.
  • Dead Letter Queue (DLQ): Capture failed event deliveries for debugging.
  • Event Replay: Archive and replay events for troubleshooting.


Amazon EventBridge – Rules & Patterns Quick Reference

Scenario / Event Source Event Pattern (JSON) Target Example
1. EC2 Instance Stopped json { "source": ["aws.ec2"], "detail-type": ["EC2 Instance State-change Notification"], "detail": { "state": ["stopped"] } } Lambda → Notify Admin
2. New File Upload in S3 json { "source": ["aws.s3"], "detail-type": ["Object Created"], "detail": { "object": { "key": [{ "prefix": "uploads/"}] } } } Lambda → Process file
3. RDS Backup Completion Event json { "source": ["aws.rds"], "detail-type": ["RDS DB Snapshot Event"] } SNS → Send success notification
4. ECS Task Failure json { "source": ["aws.ecs"], "detail-type": ["ECS Task State Change"], "detail": { "lastStatus": ["STOPPED"], "desiredStatus": ["RUNNING"] } } SQS → Queue for debugging task
5. DynamoDB Table Stream Insert json { "source": ["aws.dynamodb"], "detail-type": ["AWS API Call via CloudTrail"], "detail": { "eventName": ["PutItem"] } } Lambda → Data transformation
6. Scheduled Rule (Every 5 Minutes) Cron Expression → "cron(0/5 * * * ? *)" Lambda → Run periodic job
7. API Gateway Error Event json { "source": ["aws.apigateway"], "detail": { "status": ["500"] } } SNS → Alert DevOps
8. AWS Console Login from Specific Region json { "source": ["aws.signin"], "detail": { "eventName": ["ConsoleLogin"], "awsRegion": ["us-east-1"] } } Lambda → Trigger security alarm
9. Auto Scaling Group Launch Event json { "source": ["aws.autoscaling"], "detail-type": ["EC2 Instance Launch Successful"] } SQS → Record scaling activity
10. Kinesis Data Stream Event json { "source": ["aws.kinesis"], "detail-type": ["AWS API Call via CloudTrail"], "detail": { "eventName": ["PutRecords"] } } Firehose → Data Analytics

Common Event Pattern Matching Operators

  • Exact match: "state": ["running"]
  • Multiple values: "state": ["running", "stopped"]
  • Prefix matching: "key": [{ "prefix": "images/" }]
  • Wildcard: "type": ["*"]
  • Anything-but: "status": [{ "anything-but": ["200"] }]
  • Numeric conditions: "value": [{ "numeric": [">", 100] }]
  • Existence check: "field": [{ "exists": true }]

Best Practices

  • Use specific filters to avoid unnecessary event processing.
  • Prefer multiple smaller rules over one large catch-all rule.
  • Implement DLQ (Dead Letter Queue) for failed targets.
  • Use archive and replay for debugging missed events.


Back to blog

Leave a comment