Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

aws-eventbridge-sns

PDF
RSS
Focus mode
aws-eventbridge-sns - AWS Solutions Constructs
OverviewPattern Construct PropsPattern PropertiesDefault settingsArchitectureGitHub
Two labels: "CFN-RESOURCES" in gray and "STABLE" in green.
Language Package
Python Logo Python aws_solutions_constructs.aws_eventbridge_sns
Typescript Logo Typescript @aws-solutions-constructs/aws-eventbridge-sns
Java Logo Java software.amazon.awsconstructs.services.eventbridgesns

Overview

This AWS Solutions Construct implements an AWS Events rule and an AWS SNS Topic.

Here is a minimal deployable pattern definition:

Typescript

import { Construct } from 'constructs';
import { Stack, StackProps, Duration } from 'aws-cdk-lib';
import * as events from 'aws-cdk-lib/aws-events';
import * as iam from 'aws-cdk-lib/aws-iam';
import { EventbridgeToSnsProps, EventbridgeToSns } from "@aws-solutions-constructs/aws-eventbridge-sns";

const constructProps: EventbridgeToSnsProps = {
  eventRuleProps: {
    schedule: events.Schedule.rate(Duration.minutes(5))
  }
};

const constructStack = new EventbridgeToSns(this, 'test-construct', constructProps);

// Grant yourself permissions to use the Customer Managed KMS Key
const policyStatement = new iam.PolicyStatement({
  actions: ["kms:Encrypt", "kms:Decrypt"],
  effect: iam.Effect.ALLOW,
  principals: [new iam.AccountRootPrincipal()],
  resources: ["*"]
});

constructStack.encryptionKey?.addToResourcePolicy(policyStatement);
Python

from aws_solutions_constructs.aws_eventbridge_sns import EventbridgeToSns, EventbridgeToSnsProps
from aws_cdk import (
    aws_events as events,
    aws_iam as iam,
    Duration,
    Stack
)
from constructs import Construct

construct_stack = EventbridgeToSns(self, 'test-construct',
                                    event_rule_props=events.RuleProps(
                                        schedule=events.Schedule.rate(
                                            Duration.minutes(5))
                                    ))

# Grant yourself permissions to use the Customer Managed KMS Key
policy_statement = iam.PolicyStatement(
    actions=["kms:Encrypt", "kms:Decrypt"],
    effect=iam.Effect.ALLOW,
    principals=[iam.AccountRootPrincipal()],
    resources=["*"]
)

construct_stack.encryption_key.add_to_resource_policy(policy_statement)
Java

import software.constructs.Construct;
import java.util.List;

import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.Duration;
import software.amazon.awscdk.services.events.*;
import software.amazon.awscdk.services.iam.*;
import software.amazon.awsconstructs.services.eventbridgesns.*;

final EventbridgeToSns constructStack = new EventbridgeToSns(this, "test-construct",
        new EventbridgeToSnsProps.Builder()
                .eventRuleProps(new RuleProps.Builder()
                        .schedule(Schedule.rate(Duration.minutes(5)))
                        .build())
                .build());

// Grant yourself permissions to use the Customer Managed KMS Key
final PolicyStatement policyStatement = PolicyStatement.Builder.create()
        .actions(List.of("kms:Encrypt", "kms:Decrypt"))
        .effect(Effect.ALLOW)
        .principals(List.of(new AccountRootPrincipal()))
        .resources(List.of("*"))
        .build();

constructStack.getEncryptionKey().addToResourcePolicy(policyStatement);
anchoranchoranchor

import { Construct } from 'constructs';
import { Stack, StackProps, Duration } from 'aws-cdk-lib';
import * as events from 'aws-cdk-lib/aws-events';
import * as iam from 'aws-cdk-lib/aws-iam';
import { EventbridgeToSnsProps, EventbridgeToSns } from "@aws-solutions-constructs/aws-eventbridge-sns";

const constructProps: EventbridgeToSnsProps = {
  eventRuleProps: {
    schedule: events.Schedule.rate(Duration.minutes(5))
  }
};

const constructStack = new EventbridgeToSns(this, 'test-construct', constructProps);

// Grant yourself permissions to use the Customer Managed KMS Key
const policyStatement = new iam.PolicyStatement({
  actions: ["kms:Encrypt", "kms:Decrypt"],
  effect: iam.Effect.ALLOW,
  principals: [new iam.AccountRootPrincipal()],
  resources: ["*"]
});

constructStack.encryptionKey?.addToResourcePolicy(policyStatement);

Pattern Construct Props

Name Type Description
eventRuleProps events.RuleProps User provided eventRuleProps to override the defaults.
existingTopicObj? sns.Topic Existing instance of SNS Topic object, providing both this and topicProps will cause an error.
topicProps? sns.TopicProps User provided props to override the default props for the SNS Topic.
existingEventBusInterface? events.IEventBus Optional user-provided custom EventBus for construct to use. Providing both this and eventBusProps results an error.
eventBusProps? events.EventBusProps Optional user-provided properties to override the default properties when creating a custom EventBus. Setting this value to {} will create a custom EventBus using all default properties. If neither this nor existingEventBusInterface is provided the construct will use the default EventBus. Providing both this and existingEventBusInterface results an error.
enableEncryptionWithCustomerManagedKey? boolean If no key is provided, this flag determines whether the SNS Topic is encrypted with a new CMK or an AWS managed key. This flag is ignored if any of the following are defined: topicProps.masterKey, encryptionKey or encryptionKeyProps.
encryptionKey? kms.Key An optional, imported encryption key to encrypt the SNS Topic with.
encryptionKeyProps? kms.KeyProps Optional user provided properties to override the default properties for the KMS encryption key used to encrypt the SNS Topic with.

Pattern Properties

Name Type Description
eventBus? events.IEventBus Returns the instance of events.IEventBus used by the construct
eventsRule events.Rule Returns an instance of events.Rule created by the construct
snsTopic sns.Topic Returns an instance of sns.Topic created by the construct
encryptionKey? kms.Key Returns an instance of kms Key used for the SNS Topic.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon EventBridge Rule

  • Grant least privilege permissions to EventBridge Rule to publish to the SNS Topic.

Amazon SNS Topic

  • Configure least privilege access permissions for SNS Topic.

  • Enable server-side encryption forSNS Topic using Customer managed KMS Key.

  • Enforce encryption of data in transit.

Architecture

Diagram showing Amazon EventBridge Rule connecting to Amazon Simple Notification Service and Role.

GitHub

To view the code for this pattern, create/view issues and pull requests, and more:
Circular icon with a graduation cap symbol representing education or learning.
@aws-solutions-constructs/aws-eventbridge-sns

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.