Amazon EventBridge permissions reference
To specify an action in an EventBridge policy, use the events:
prefix followed by
the API operation name, as shown in the following example.
"Action": "events:PutRule"
To specify multiple actions in a single statement, separate them with commas as follows.
"Action": ["events:action1", "events:action2"]
To specify multiple actions, you can also use wildcards. For example, you can specify all
actions that begin with the word "Put"
as follows.
"Action": "events:Put*"
To specify all EventBridge API actions, use the *
wildcard as follows.
"Action": "events:*"
The following table lists the EventBridge API operations and corresponding actions that you can specify in an IAM policy.
EventBridge API operation | Required permissions | Description |
---|---|---|
|
Required to delete a rule. |
|
|
Required to list accounts that are allowed to write events to the current account's event bus. |
|
|
Required to list the details about a rule. |
|
|
Required to disable a rule. |
|
|
Required to enable a rule. |
|
|
Required to list rules associated with a target. |
|
|
Required to list all rules in your account. |
|
|
Required to list all tags associated with an EventBridge resource. Currently, only rules can be tagged. |
|
|
Required to list all targets associated with a rule. |
|
|
Required to add custom events that can be matched to rules. |
|
|
Required to give another account permission to write events to this account’s default event bus. |
|
|
Required to create or update a rule. |
|
|
Required to add targets to a rule. |
|
|
Required to revoke another account’s permissions for writing events to this account’s default event bus. |
|
|
Required to remove a target from a rule. |
|
|
Required to test an event pattern against a given event. |