EventBridge
Note: This documentation is also available in a rendered format here.
Deploys Amazon EventBridge custom event buses with automatic event archiving, configurable retention periods, and resource-based policies for cross-principal event publishing. Use this module when you need a custom event bus for decoupling data pipeline components, routing S3 notifications, or enabling event-driven communication between services.
Deployed Resources
This module deploys and integrates the following resources:
- EventBridge Custom Event Buses: Custom event buses with optional principal-based access policies. Event archive is automatically created for each bus with configurable retention period.
Related Modules
- Lambda Functions — Deploy Lambda functions that can be triggered by EventBridge rules on custom event buses
- Step Functions — Step Functions can be triggered by EventBridge rules for event-driven orchestration
- Data Lake — Data lake buckets can publish S3 EventBridge notifications to custom event buses
Security/Compliance Details
This module is designed in alignment with MDAA security/compliance principles and CDK nag rulesets. Additional review is recommended prior to production deployment, ensuring organization-specific compliance requirements are met.
- Least Privilege:
- Each event bus can be configured with a resource policy granting PutEvent access to specific IAM ARNs or AWS service principals
- Only explicitly listed principals can publish events
Configuration
MDAA Config
Add the following snippet to your mdaa.yaml under the modules: section of a domain/env in order to use this module:
eventbridge: # Module Name can be customized
module_path: '@aws-mdaa/eventbridge' # Must match module NPM package name
module_configs:
- ./eventbridge.yaml # Filename/path can be customized
Module Config Samples and Variants
Copy the contents of the relevant sample config below into the ./eventbridge.yaml file referenced in the MDAA config snippet above.
Minimal Configuration
Deploys a single custom event bus with no optional properties. Start here for a basic custom event bus that other modules can publish events to.
# Contents available via above link
# EventBridge module — minimal configuration.
# Deploys a single custom event bus with no optional properties.
# This is the simplest valid deployment of the EventBridge module.
# Map of event bus names to EventBridge event bus configurations.
eventBuses:
minimal-event-bus: {}
Comprehensive Configuration
Includes multiple event buses with all optional fields and both principal types (IAM ARN and AWS service). Start here when evaluating all available options for event bus policies, archive retention, and cross-principal access.
sample-config-comprehensive.yaml
# Contents available via above link
# EventBridge module — advanced (comprehensive) configuration.
# Exercises EVERY non-excluded schema property at full depth.
# Includes multiple event buses demonstrating all optional fields,
# both principal types, and a bus with no principals.
# Map of event bus names to EventBridge event bus configurations.
eventBuses:
# Bus with all optional properties populated
full-featured-bus:
# (Optional) Number of days to retain events in the automatically created archive. Enables event replay for debugging and recovery.
archiveRetention: 365
# (Optional) Principals authorized to publish events to this bus via resource policy. Each entry must specify exactly one of arn or service.
principals:
# Principal using ARN-based cross-account access (mutually exclusive with service)
- arn: arn:{{partition}}:iam::{{account}}:root
# Principal using AWS service principal (mutually exclusive with arn)
- service: events.amazonaws.com
# Bus with archive only, no principals
archive-only-bus:
# (Optional) Number of days to retain events in the automatically created archive. Enables event replay for debugging and recovery.
archiveRetention: 30
# Bus with principals only, no archive
principals-only-bus:
# (Optional) Principals authorized to publish events to this bus via resource policy. Each entry must specify exactly one of arn or service.
principals:
- service: logs.amazonaws.com
# Minimal bus — no optional properties
minimal-bus: {}