Using Amazon EventBridge with Interface VPC endpoints

If you use Amazon Virtual Private Cloud (Amazon VPC) to host your AWS resources, you can establish a private connection between your VPC and EventBridge. Your resources on your VPC can use this connection to communicate with EventBridge.

With a VPC, you have control over your network settings, such as the IP address range, subnets, route tables, and network gateways. To connect your VPC to EventBridge, you define an interface VPC endpoint for EventBridge. The endpoint provides reliable, scalable connectivity to EventBridge without requiring an internet gateway, network address translation (NAT) instance, or VPN connection. For more information, see What is Amazon VPC in the Amazon VPC User Guide.

Interface VPC endpoints are powered by AWS PrivateLink, which enables private communication between AWS services using an elastic network interface with private IP addresses. For more information, see AWS PrivateLink and VPC endpoints.

When you use a private interface VPC endpoint, custom events your VPC sends to EventBridge use that endpoint. EventBridge then sends those events to other AWS services based on the rules and targets that you've configured. Once events are sent to another service you can receive them through either the public endpoint or a VPC endpoint for that service. For example, if you create a rule to send events to an Amazon SQS queue, you can configure an interface VPC endpoint for Amazon SQS to receive messages from that queue in your VPC without using the public endpoint.

Creating a VPC endpoint for EventBridge

To use EventBridge with your VPC, create an interface VPC endpoint for EventBridge and choose the appropriate EventBridge service name. For more information, see Creating an Interface Endpoint in the Amazon VPC User Guide.

• Event buses

  Service name: com.amazonaws.region.events

• Pipes

  Service name: com.amazonaws.region.pipes

  EventBridge Pipes supports endpoints for all pipe API operations.

  Pipes FIPS endpoints also support VPC endpoints.

  Service name: com.amazonaws.region.pipes-fips

  Fips endpoints are supported in the following Regions:

  • US West (N. California)

  • US West (Oregon)

  • US East (N. Virginia)

  • US East (Ohio)

  • Canada (Central)

  You can also use a VPC endpoint to fulfill networking requirements for Pipes Apache Kafka and Amazon MQ sources.

  Service name: com.amazonaws.region.pipes-data

  For more information, refer to the following:

  • Apache Kafka network configuration

  • Amazon MSK network configuration

  • Amazon MQ network configuration

  Note

  VPC endpoints to pipes-data do not support VPC Endpoint resource policies.

  VPC endpoints to pipes and pipes-fips do support VPC Endpoint resource policies that allow you to:

  • Deny access to specific Pipe APIs.

  • Limit access on some APIs to specific Pipes by ARN using the IAM Resource condition key.

• Schemas

  Service name: com.amazonaws.region.schema

  EventBridge supports endpoints for all schema API operations.

Availability

EventBridge currently supports VPC endpoints in the following Regions:

• US East (Ohio)

• US East (N. Virginia)

• US West (N. California)

• US West (Oregon)

• Africa (Cape Town)

• Asia Pacific (Mumbai)

• Asia Pacific (Hyderabad)

• Asia Pacific (Hong Kong)

• Asia Pacific (Singapore)

• Asia Pacific (Sydney)

• Asia Pacific (Jakarta)

• Asia Pacific (Melbourne)

• Asia Pacific (Malaysia)

• Asia Pacific (Tokyo)

• Asia Pacific (Seoul)

• Asia Pacific (Osaka)

• Canada (Central)

• Canada West (Calgary)

• China (Beijing)

• China (Ningxia)

• Europe (Frankfurt)

• Europe (Zurich)

• Europe (Ireland)

• Europe (London)

• Europe (Milan)

• Europe (Spain)

• Europe (Paris)

• Europe (Stockholm)

• Middle East (UAE)

• Middle East (Bahrain)

• South America (São Paulo)

• Israel (Tel Aviv)

• AWS GovCloud (US-West)

• AWS GovCloud (US-East)