Amazon EventBridge targets - Amazon EventBridge

Amazon EventBridge targets

A target is a resource or endpoint that EventBridge sends an event to when the event matches the event pattern defined for a rule. The rule processes the event data and sends the pertinent information to the target. To deliver event data to a target, EventBridge needs permission to access the target resource. You can define up to five targets for each rule.

When you add targets to a rule and that rule runs soon after, any new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.

The following video covers the basics of targets:

Targets available in the EventBridge console

You can configure the following targets for events in the EventBridge console:

Target parameters

When you configure targets, there are additional parameters you can specify for certain AWS services. These include the following:

  • BatchParameters (AWS Batch jobs)

  • EcsParameters (Amazon ECS tasks)

  • HttpParameters (Amazon API Gateway and 3rd party ApiDestination endpoints)

  • KinesisParameters (Amazon Kinesis streams)

  • RedshiftDataParameters (Amazon Redshift Data API clusters)

  • RunCommandParameters (Amazon EC2 Instance commands)

  • SageMakerPipelineParameters (Amazon SageMaker Model Building Pipelines)

  • SqsParameters (Amazon SQS queues)

Some target parameters support optional dynamic JSON path syntax. This syntax allows you to specify JSON paths instead of static values (for example $.detail.state). These paths are replaced dynamically at runtime with data from the event payload itself at the specified path. The supported syntax for dynamic parameter JSON paths is the same as when transforming input. For more information, see Transforming Amazon EventBridge target input

Dynamic syntax can be used on all the non-enum fields of these parameters:

  • EcsParameters

  • HttpParameters (except HeaderParameters)

  • RedshiftDataParameters

  • SageMakerPipelineParameters

Permissions

To make API calls on the resources that you own, EventBridge needs appropriate permission. For AWS Lambda and Amazon SNS resources, EventBridge uses resource-based policies. For EC2 instances, Kinesis data streams, and Step Functions state machines, EventBridge uses IAM roles that you specify in the RoleARN parameter in PutTargets. You can invoke an API Gateway REST endpoint with configured IAM authorization, but the role is optional if you haven't configured authorization. For more information, see Amazon EventBridge and AWS Identity and Access Management.

If another account is in the same Region and has granted you permission, then you can send events to that account. For more information, see Sending and receiving Amazon EventBridge events between AWS accounts.

If your target is encrypted, you must include the following section in your KMS key policy.

{ "Sid": "Allow EventBridge to use the key", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }