Using dead-letter queues to capture encrypted event errors

If you configure customer managed key encryption on an event bus, we recommend that you specify a dead-letter queue (DLQ) for that event bus. EventBridge sends custom and partner events to this DLQ if it encounters a non-retriable error while processing the event on the event bus. A non-retriable error is one where user action is required to resolve the underlying issue, such as the specified customer managed key being disabled or missing.

If a non-retriable encryption or decryption error occurs while EventBridge is processing the event on the event bus, the event is sent to the DLQ for the event bus, if one is specified.
If a non-retriable encryption or decryption error occurs while EventBridge is attempting to send the event to a target, the event is sent to the DLQ for the target, if one is specified.

A non-retriable error during event bus processing, sent to the event bus DLQ.

For more information, including considerations when using DLQs, and instructions on setting permissions, see Using dead-letter queues to process undelivered events.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Maintaining key access

Decrypting events in DLQs