Amazon EventBridge Construct Library
Amazon EventBridge delivers a near real-time stream of system events that describe changes in AWS resources. For example, an AWS CodePipeline emits the State Change event when the pipeline changes its state.
Events: An event indicates a change in your AWS environment. AWS resources can generate events when their state changes. For example, Amazon EC2 generates an event when the state of an EC2 instance changes from pending to running, and Amazon EC2 Auto Scaling generates events when it launches or terminates instances. AWS CloudTrail publishes events when you make API calls. You can generate custom application-level events and publish them to EventBridge. You can also set up scheduled events that are generated on a periodic basis. For a list of services that generate events, and sample events from each service, see EventBridge Event Examples From Each Supported Service.
Targets: A target processes events. Targets can include Amazon EC2 instances, AWS Lambda functions, Kinesis streams, Amazon ECS tasks, Step Functions state machines, Amazon SNS topics, Amazon SQS queues, Amazon CloudWatch LogGroups, and built-in targets. A target receives events in JSON format.
Rules: A rule matches incoming events and routes them to targets for processing. A single rule can route to multiple targets, all of which are processed in parallel. Rules are not processed in a particular order. This enables different parts of an organization to look for and process the events that are of interest to them. A rule can customize the JSON sent to the target, by passing only certain parts or by overwriting it with a constant.
EventBuses: An event bus can receive events from your own custom applications or it can receive events from applications and services created by AWS SaaS partners. See Creating an Event Bus.
Rule
The Rule
construct defines an EventBridge rule which monitors an
event based on an event
pattern
and invoke event targets when the pattern is matched against a triggered
event. Event targets are objects that implement the IRuleTarget
interface.
Normally, you will use one of the source.onXxx(name[, target[, options]]) -> Rule
methods on the event source to define an event rule associated with
the specific activity. You can targets either via props, or add targets using
rule.addTarget
.
For example, to define an rule that triggers a CodeBuild project build when a commit is pushed to the “master” branch of a CodeCommit repository:
# repo: codecommit.Repository
# project: codebuild.Project
on_commit_rule = repo.on_commit("OnCommit",
target=targets.CodeBuildProject(project),
branches=["master"]
)
You can add additional targets, with optional input
transformer
using eventRule.addTarget(target[, input])
. For example, we can add a SNS
topic target which formats a human-readable message for the commit.
For example, this adds an SNS topic as a target:
# on_commit_rule: events.Rule
# topic: sns.Topic
on_commit_rule.add_target(targets.SnsTopic(topic,
message=events.RuleTargetInput.from_text(f"A commit was pushed to the repository {codecommit.ReferenceEvent.repositoryName} on branch {codecommit.ReferenceEvent.referenceName}")
))
Or using an Object:
# on_commit_rule: events.Rule
# topic: sns.Topic
on_commit_rule.add_target(targets.SnsTopic(topic,
message=events.RuleTargetInput.from_object({
"DataType": f"custom_{events.EventField.fromPath('$.detail-type')}"
})
))
To define a pattern, use the matcher API, which provides a number of factory methods to declare different logical predicates. For example, to match all S3 events for objects larger than 1024 bytes, stored using one of the storage classes Glacier, Glacier IR or Deep Archive and coming from any region other than the AWS GovCloud ones:
rule = events.Rule(self, "rule",
event_pattern=events.EventPattern(
detail={
"object": {
# Matchers may appear at any level
"size": events.Match.greater_than(1024)
},
# 'OR' condition
"source-storage-class": events.Match.any_of(
events.Match.prefix("GLACIER"),
events.Match.exact_string("DEEP_ARCHIVE"))
},
detail_type=events.Match.equals_ignore_case("object created"),
# If you prefer, you can use a low level array of strings, as directly consumed by EventBridge
source=["aws.s3"],
region=events.Match.anything_but_prefix("us-gov")
)
)
Scheduling
You can configure a Rule to run on a schedule (cron or rate). Rate must be specified in minutes, hours or days.
The following example runs a task every day at 4am:
from aws_cdk.aws_events import Rule, Schedule
from aws_cdk.aws_events_targets import EcsTask
from aws_cdk.aws_ecs import Cluster, TaskDefinition
from aws_cdk.aws_iam import Role
# cluster: Cluster
# task_definition: TaskDefinition
# role: Role
ecs_task_target = EcsTask(cluster=cluster, task_definition=task_definition, role=role)
Rule(self, "ScheduleRule",
schedule=Schedule.cron(minute="0", hour="4"),
targets=[ecs_task_target]
)
If you want to specify Fargate platform version, set platformVersion
in EcsTask’s props like the following example:
# cluster: ecs.Cluster
# task_definition: ecs.TaskDefinition
# role: iam.Role
platform_version = ecs.FargatePlatformVersion.VERSION1_4
ecs_task_target = targets.EcsTask(cluster=cluster, task_definition=task_definition, role=role, platform_version=platform_version)
Event Targets
The aws-cdk-lib/aws-events-targets
module includes classes that implement the IRuleTarget
interface for various AWS services.
See the README of the aws-cdk-lib/aws-events-targets
module for more information on supported targets.
Cross-account and cross-region targets
It’s possible to have the source of the event and a target in separate AWS accounts and regions:
from aws_cdk import Environment, Environment
from aws_cdk import App, Stack
import aws_cdk.aws_codebuild as codebuild
import aws_cdk.aws_codecommit as codecommit
import aws_cdk.aws_events_targets as targets
app = App()
account1 = "11111111111"
account2 = "22222222222"
stack1 = Stack(app, "Stack1", env=Environment(account=account1, region="us-west-1"))
repo = codecommit.Repository(stack1, "Repository",
repository_name="myrepository"
)
stack2 = Stack(app, "Stack2", env=Environment(account=account2, region="us-east-1"))
project = codebuild.Project(stack2, "Project")
repo.on_commit("OnCommit",
target=targets.CodeBuildProject(project)
)
In this situation, the CDK will wire the 2 accounts together:
It will generate a rule in the source stack with the event bus of the target account as the target
It will generate a rule in the target stack, with the provided target
It will generate a separate stack that gives the source account permissions to publish events to the event bus of the target account in the given region, and make sure its deployed before the source stack
For more information, see the AWS documentation on cross-account events.
Archiving
It is possible to archive all or some events sent to an event bus. It is then possible to replay these events.
bus = events.EventBus(self, "bus",
event_bus_name="MyCustomEventBus",
description="MyCustomEventBus"
)
bus.archive("MyArchive",
archive_name="MyCustomEventBusArchive",
description="MyCustomerEventBus Archive",
event_pattern=events.EventPattern(
account=[Stack.of(self).account]
),
retention=Duration.days(365)
)
Granting PutEvents to an existing EventBus
To import an existing EventBus into your CDK application, use EventBus.fromEventBusArn
, EventBus.fromEventBusAttributes
or EventBus.fromEventBusName
factory method.
Then, you can use the grantPutEventsTo
method to grant event:PutEvents
to the eventBus.
# lambda_function: lambda.Function
event_bus = events.EventBus.from_event_bus_arn(self, "ImportedEventBus", "arn:aws:events:us-east-1:111111111:event-bus/my-event-bus")
# now you can just call methods on the eventbus
event_bus.grant_put_events_to(lambda_function)
Use a customer managed key
To use a customer managed key for events on the event bus, use the kmsKey
attribute.
import aws_cdk.aws_kms as kms
# kms_key: kms.IKey
events.EventBus(self, "Bus",
kms_key=kms_key
)
Note: Archives and schema discovery are not supported for event buses encrypted using a customer managed key. To enable archives or schema discovery on an event bus, choose to use an AWS owned key. For more information, see KMS key options for event bus encryption.