The following is an example of a PutEvents request and response.
Sample Request
POST / HTTP/1.1
Host: events.<region>.<domain>
x-amz-Date: <Date>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>,
SignedHeaders=content-type;date;host;user-agent;x-amz-date;x-amz-target;x-amzn-requestid, Signature=<Signature>
"Source":"com.mycompany.myapp",
"Detail":"{ \"key1\": \"value1\", \"key2\": \"value2\" }", "Resources":[
"resource1", "resource2"
],
"DetailType":"myDetailType"
}, {
"Source":"com.mycompany.myapp",
"Detail":"{ \"key1\": \"value3\", \"key2\": \"value4\" }",
See Also
"Resources":[
"resource1", "resource2"
],
"DetailType":"myDetailType"
} ]}
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: <RequestId>
Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes>
Date: <Date>
{ "FailedEntryCount": 0, "Entries": [
{
"EventId": "11710aed-b79e-4468-a20b-bb3c0c3b4860"
}, {
"EventId": "d804d26a-88db-4b66-9eaf-9a11c708ae82"
} ] }
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
PutPartnerEvents
PutPartnerEvents
This is used by SaaS partners to write events to a customer's partner event bus. AWS customers do not use this operation.
Request Syntax
{
"Entries": [ {
"Detail": "string", "DetailType": "string", "Resources": [ "string" ], "Source": "string",
"Time": number }
]}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 247).
The request accepts the following data in JSON format.
Entries (p. 117)
The list of events to write to the event bus.
Type: Array of PutPartnerEventsRequestEntry (p. 218) objects
Array Members: Minimum number of 1 item. Maximum number of 20 items.
Required: Yes
Response Syntax
{
"Entries": [ {
"ErrorCode": "string", "ErrorMessage": "string", "EventId": "string"
} ],
"FailedEntryCount": number }
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
Entries (p. 117)
The list of events from this operation that were successfully written to the partner event bus.
Type: Array of PutPartnerEventsResultEntry (p. 220) objects FailedEntryCount (p. 117)
The number of events from this operation that could not be written to the partner event bus.
Type: Integer
Errors
For information about the errors that are common to all actions, see Common Errors (p. 249).
InternalException
This exception occurs due to unexpected causes.
HTTP Status Code: 500 OperationDisabledException
The operation you are attempting is not available in this region.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
PutPermission
PutPermission
Running PutPermission permits the specified AWS account or AWS organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple AWS accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run PutPermission once specifying Principal as "*" and specifying the AWS organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
The permission policy on the event bus cannot exceed 10 KB in size.
Request Syntax
{
"Action": "string", "Condition": { "Key": "string", "Type": "string", "Value": "string"
},
"EventBusName": "string", "Policy": "string", "Principal": "string", "StatementId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 247).
The request accepts the following data in JSON format.
Action (p. 119)
The action that you are enabling the other account to perform.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: events:[a-zA-Z]+
Required: No Condition (p. 119)
This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. For more information about AWS Organizations, see What Is AWS Organizations in the AWS Organizations User Guide.
Request Parameters
If you specify Condition with an AWS organization ID, and specify "*" as the value for Principal, you grant permission to all the accounts in the named organization.
The Condition is a JSON string which must contain Type, Key, and Value fields.
Type: Condition (p. 181) object Required: No
EventBusName (p. 119)
The name of the event bus associated with the rule. If you omit this, the default event bus is used.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\.\-_A-Za-z0-9]+
Required: No Policy (p. 119)
A JSON string that describes the permission policy statement. You can include a Policy parameter in the request instead of using the StatementId, Action, Principal, or Condition parameters.
Type: String Required: No Principal (p. 119)
The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify
"*" to permit any account to put events to your default event bus.
If you specify "*" without specifying Condition, avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an account field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 12.
Pattern: (\d{12}|\*) Required: No
StatementId (p. 119)
An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this StatementId when you run RemovePermission.
NoteEach StatementId must be unique.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [a-zA-Z0-9-_]+
Required: No
Response Elements
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 249).
ConcurrentModificationException
There is concurrent modification on a rule, target, archive, or replay.
HTTP Status Code: 400 InternalException
This exception occurs due to unexpected causes.
HTTP Status Code: 500 OperationDisabledException
The operation you are attempting is not available in this region.
HTTP Status Code: 400 PolicyLengthExceededException
The event bus policy is too long. For more information, see the limits.
HTTP Status Code: 400 ResourceNotFoundException
An entity that you specified does not exist.
HTTP Status Code: 400
Examples
The following example enables the current account to receive events from account 111122223333.
Example
This example illustrates one usage of PutPermission.
Sample Request
POST / HTTP/1.1
Host: events.<region>.<domain>
x-amz-Date: <Date>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>,
SignedHeaders=content-type;date;host;user-agent;x-amz-date;x-amz-target;x-amzn-requestid, Signature=<Signature>
User-Agent: <UserAgentString>
Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes>
Connection: Keep-Alive
X-Amz-Target: AWSEvents.PutPermission {
See Also
"Action":"events:PutEvents"
"Principal":"111122223333"
"StatementId":"MyStatement"
}
Example
The following example grants permissions to all accounts in the organization with an ID of o-1234567890
Sample Request
POST / HTTP/1.1
Host: events.<region>.<domain>
x-amz-Date: <Date>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>,
SignedHeaders=content-type;date;host;user-agent;x-amz-date;x-amz-target;x-amzn-requestid, Signature=<Signature>
User-Agent: <UserAgentString>
Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes>
Connection: Keep-Alive
X-Amz-Target: AWSEvents.PutPermission {
"Action":"events:PutEvents"
"Principal":"*"
"Condition": '{"Type" : "StringEquals", "Key": "aws:PrincipalOrgID", "Value":
"o-1234567890"}'
"StatementId":"MyStatement"
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
PutRule
PutRule
Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by AWS services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command.
If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in AWS treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly.
For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
Request Syntax
{ "Description": "string", "EventBusName": "string", "EventPattern": "string", "Name": "string",
"RoleArn": "string",
"ScheduleExpression": "string", "State": "string",
"Tags": [ {
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 247).
The request accepts the following data in JSON format.
Description (p. 123)
A description of the rule.
Type: String
Length Constraints: Maximum length of 512.
Required: No EventBusName (p. 123)
The name or ARN of the event bus to associate with this rule. If you omit this, the default event bus is used.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1600.
Pattern: (arn:aws[\w-]*:events:[a-z]{2}-[a-z]+-[\w-]+:[0-9]{12}:event-bus\/)?
[/\.\-_A-Za-z0-9]+
Required: No EventPattern (p. 123)
The event pattern. For more information, see EventBridge event patterns in the Amazon EventBridge User Guide.
Type: String Required: No Name (p. 123)
The name of the rule that you are creating or updating.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [\.\-_A-Za-z0-9]+
Required: Yes RoleArn (p. 123)
The Amazon Resource Name (ARN) of the IAM role associated with the rule.
If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions in the Target structure, instead of here in this parameter.
Response Syntax
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1600.
Required: No
ScheduleExpression (p. 123)
The scheduling expression. For example, "cron(0 20 * * ? *)" or "rate(5 minutes)".
Type: String
Length Constraints: Maximum length of 256.
Required: No State (p. 123)
Indicates whether the rule is enabled or disabled.
Type: String
Valid Values: ENABLED | DISABLED Required: No
Tags (p. 123)
The list of key-value pairs to associate with the rule.
Type: Array of Tag (p. 236) objects Required: No
Response Syntax
{ "RuleArn": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
RuleArn (p. 125)
The Amazon Resource Name (ARN) of the rule.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1600.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 249).
Examples
ConcurrentModificationException
There is concurrent modification on a rule, target, archive, or replay.
HTTP Status Code: 400 InternalException
This exception occurs due to unexpected causes.
HTTP Status Code: 500 InvalidEventPatternException
The event pattern is not valid.
HTTP Status Code: 400 LimitExceededException
The request failed because it attempted to create resource beyond the allowed service quota.
HTTP Status Code: 400 ManagedRuleException
This rule was created by an AWS service on behalf of your account. It is managed by that service.
If you see this error in response to DeleteRule or RemoveTargets, you can use the Force
parameter in those calls to delete the rule or remove targets from the rule. You cannot modify these managed rules by using DisableRule, EnableRule, PutTargets, PutRule, TagResource, or UntagResource.
HTTP Status Code: 400 ResourceNotFoundException
An entity that you specified does not exist.
HTTP Status Code: 400
Examples
Creates a rule named "test" that matches events from Amazon EC2. The rule is also given two tags.
The following is an example of a PutRule request and response.
Sample Request
POST / HTTP/1.1
Host: events.<region>.<domain>
x-amz-Date: <Date>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>,
SignedHeaders=content-type;date;host;user-agent;x-amz-date;x-amz-target;x-amzn-requestid, Signature=<Signature>
See Also
"EventPattern": "{ \"source\": [\"aws.ec2\"] }", "Tags": [
{
"Key": "Stack", "Value": "Prod"
}, {
"Key": "CostCenter", "Value": "12345"
} ] }
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: <RequestId>
Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes>
Date: <Date>
{
"RuleArn": "arn:aws:events:us-east-1:123456789012:rule/test"
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
PutTargets
PutTargets
Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
NoteEach rule can have up to five (5) targets associated with it at one time.
You can configure the following as targets for Events:
• API destination
• API Gateway
• Batch job queue
• CloudWatch group
• CodeBuild project
• CodePipeline
• EC2 CreateSnapshot API call
• EC2 Image Builder
• EC2 RebootInstances API call
• EC2 StopInstances API call
• EC2 TerminateInstances API call
• ECS task
• Event bus in a different account or Region
• Event bus in the same account and Region
• Firehose delivery stream
• Glue workflow
• Incident Manager response plan
• Inspector assessment template
• Kinesis stream
• Step Functions state machine
• Systems Manager Automation
• Systems Manager OpsItem
• Systems Manager Run Command
Creating rules with in targets is supported only in the AWS Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the
RunCommandParameters field.
Request Syntax
To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For AWS Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, AWS Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another AWS account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account.
To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing.
Note
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different AWS account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target.
When a rule is triggered due to a matched event:
• If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
• If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
• If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is
• If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is