Amazon EventBridge permissions reference

To specify an action in an EventBridge policy, use the events: prefix followed by the API operation name, as shown in the following example.


"Action": "events:PutRule"

To specify multiple actions in a single statement, separate them with commas as follows.


"Action": ["events:action1", "events:action2"]

To specify multiple actions, you can also use wildcards. For example, you can specify all actions that begin with the word "Put" as follows.


"Action": "events:Put*"

To specify all EventBridge API actions, use the * wildcard as follows.


"Action": "events:*"

The following table lists the EventBridge API operations and corresponding actions that you can specify in an IAM policy.

EventBridge API operation	Required permissions	Description
DeleteRule	`events:DeleteRule`	Required to delete a rule.
DescribeEventBus	`events:DescribeEventBus`	Required to list accounts that are allowed to write events to the current account's event bus.
DescribeRule	`events:DescribeRule`	Required to list the details about a rule.
DisableRule	`events:DisableRule`	Required to disable a rule.
EnableRule	`events:EnableRule`	Required to enable a rule.
ListRuleNamesByTarget	`events:ListRuleNamesByTarget`	Required to list rules associated with a target.
ListRules	`events:ListRules`	Required to list all rules in your account.
ListTagsForResource	`events:ListTagsForResource`	Required to list all tags associated with an EventBridge resource. Currently, only rules can be tagged.
ListTargetsByRule	`events:ListTargetsByRule`	Required to list all targets associated with a rule.
PutEvents	`events:PutEvents`	Required to add custom events that can be matched to rules.
PutPermission	`events:PutPermission`	Required to give another account permission to write events to this account’s default event bus.
PutRule	`events:PutRule`	Required to create or update a rule.
PutTargets	`events:PutTargets`	Required to add targets to a rule.
RemovePermission	`events:RemovePermission`	Required to revoke another account’s permissions for writing events to this account’s default event bus.
RemoveTargets	`events:RemoveTargets`	Required to remove a target from a rule.
TestEventPattern	`events:TestEventPattern`	Required to test an event pattern against a given event.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Resource-based policies for EventBridge schemas

IAM policy conditions