Amazon EventBridge targets - Amazon EventBridge

Amazon EventBridge targets

A target is a resource or endpoint that EventBridge sends an event to when the event matches the event pattern defined for a rule. The rule processes the event data and sends the pertinent information to the target. To deliver event data to a target, EventBridge needs permission to access the target resource. You can define up to five targets for each rule.

When you add targets to a rule and that rule runs soon after, any new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.

The following video covers the basics of targets:

Targets available in the EventBridge console

You can configure the following targets for events in the EventBridge console:

Target parameters

Some targets don't send the information in the event payload to the target, instead, they treat the event as a trigger for invoking a specific API. EventBridge uses the Target parameters to determine what happens with that target. These include the following:

  • API destinations (The data sent to an API destination must match the structure of the API. You must use the InputTransformer object to make sure the data is structured correctly. If you want to include the original event payload, reference it in the InputTransformer.)

  • API Gateway (The data sent to API Gateway must match the structure of the API. You must use the InputTransformer object to make sure the data is structured correctly. If you want to include the original event payload, reference it in the InputTransformer.)

  • Amazon EC2 Image Builder

  • RedshiftDataParameters (Amazon Redshift Data API clusters)

  • SageMakerPipelineParameters (Amazon SageMaker Model Building Pipelines)

Dynamic path parameters

Some target parameters support optional dynamic JSON path syntax. This syntax allows you to specify JSON paths instead of static values (for example $.detail.state). The entire value has to be a JSON path, not just part of it. For example, RedshiftParameters.Sql can be $.detail.state but it can't be "SELECT * FROM $.detail.state". These paths are replaced dynamically at runtime with data from the event payload itself at the specified path. Dynamic path parameters can't reference new or transformed values resulting from input transformation. The supported syntax for dynamic parameter JSON paths is the same as when transforming input. For more information, see Amazon EventBridge input transformation

Dynamic syntax can be used on all the string, non-enum fields of these parameters:

Permissions

To make API calls on the resources that you own, EventBridge needs appropriate permission. For AWS Lambda and Amazon SNS resources, EventBridge uses resource-based policies. For EC2 instances, Kinesis data streams, and Step Functions state machines, EventBridge uses IAM roles that you specify in the RoleARN parameter in PutTargets. You can invoke an API Gateway endpoint with configured IAM authorization, but the role is optional if you haven't configured authorization. For more information, see Amazon EventBridge and AWS Identity and Access Management.

If another account is in the same Region and has granted you permission, then you can send events to that account. For more information, see Sending and receiving Amazon EventBridge events between AWS accounts.

If your target is encrypted, you must include the following section in your KMS key policy.

{ "Sid": "Allow EventBridge to use the key", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }

EventBridge target specifics

AWS Batch job queues

Certain parameters to AWS Batch submitJob can be configured via BatchParameters.

Others can be specified in the event payload. If the event payload (passed through or via InputTransformers) contains the following keys, they are mapped to submitJob request parameters:

  • ContainerOverrides: containerOverrides

    Note

    This includes only command, environment, memory, and vcpus

  • DependsOn: dependsOn

    Note

    This includes only jobId

  • Parameters: parameters

CloudWatch Logs group

If you don’t use an InputTransformer with a CloudWatch Logs target, the event payload is used as the log message, and the source of the event as the timestamp. If you do use an InputTransformer, the template must be:

{"timestamp":<timestamp>,"message":<message>}

CodeBuild project

If you use InputTransformers to shape the input event to a Target to match the CodeBuild StartBuildRequest structure, the parameters will be mapped 1-to-1 and passed through to codeBuild.StartBuild.

Amazon ECS task

If you use InputTransformers to shape the input event to a Target to match the Amazon ECS RunTask TaskOverride structure, the parameters will be mapped 1-to-1 and passed through to ecs.RunTask.

Incident Manager Response Plan

If the matched event came from CloudWatch Alarms, the alarm state change details are populated into the trigger details of the StartIncidentRequest call to Incident Manager.