Amazon EventBridge permissions reference - Amazon EventBridge
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon EventBridge permissions reference

To specify an action in an EventBridge policy, use the events: prefix followed by the API operation name, as shown in the following example.

"Action": "events:PutRule"

To specify multiple actions in a single statement, separate them with commas as follows.

"Action": ["events:action1", "events:action2"]

To specify multiple actions, you can also use wildcards. For example, you can specify all actions that begin with the word "Put" as follows.

"Action": "events:Put*"

To specify all EventBridge API actions, use the * wildcard as follows.

"Action": "events:*"

The following table lists the EventBridge API operations and corresponding actions that you can specify in an IAM policy.

EventBridge API operation Required permissions Description

DeleteRule

events:DeleteRule

Required to delete a rule.

DescribeEventBus

events:DescribeEventBus

Required to list accounts that are allowed to write events to the current account's event bus.

DescribeRule

events:DescribeRule

Required to list the details about a rule.

DisableRule

events:DisableRule

Required to disable a rule.

EnableRule

events:EnableRule

Required to enable a rule.

ListRuleNamesByTarget

events:ListRuleNamesByTarget

Required to list rules associated with a target.

ListRules

events:ListRules

Required to list all rules in your account.

ListTagsForResource

events:ListTagsForResource

Required to list all tags associated with an EventBridge resource. Currently, only rules can be tagged.

ListTargetsByRule

events:ListTargetsByRule

Required to list all targets associated with a rule.

PutEvents

events:PutEvents

Required to add custom events that can be matched to rules.

PutPermission

events:PutPermission

Required to give another account permission to write events to this account’s default event bus.

PutRule

events:PutRule

Required to create or update a rule.

PutTargets

events:PutTargets

Required to add targets to a rule.

RemovePermission

events:RemovePermission

Required to revoke another account’s permissions for writing events to this account’s default event bus.

RemoveTargets

events:RemoveTargets

Required to remove a target from a rule.

TestEventPattern

events:TestEventPattern

Required to test an event pattern against a given event.