Events from Amazon services - Amazon EventBridge
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Events from Amazon services

Many Amazon services generate events that EventBridge receives. When an Amazon service in your account emits an event, it goes to your account’s default event bus.

Event delivery from Amazon services

Each Amazon service that generates events sends them to EventBridge as either best effort or durable delivery attempts.

  • Best effort delivery means that the service attempts to send all events to EventBridge, but in some rare cases an event might not be delivered.

  • Durable delivery means the service will successfully attempt to deliver events to EventBridge at least once.

    EventBridge will accept all valid events under normal conditions. In cases where events cannot be delivered because of an EventBridge service disruption, they will be retried again later by the Amazon service for up to 24 hours.

Once an event is delivered to EventBridge, EventBridge matches it against rules and then follows the retry policy and any dead-letter queue specified for the event target(s).

For a list of Amazon services that generate events, see Amazon services that generate events.

Accessing Amazon service events via Amazon CloudTrail

Amazon CloudTrail is a service that automatically records events such as Amazon API calls. You can create EventBridge rules that use the information from CloudTrail. For more information about CloudTrail, see What is Amazon CloudTrail?.

All events that are delivered by CloudTrail have Amazon API Call via CloudTrail as the value for detail-type.

To record events with a detail-type value of Amazon API Call via CloudTrail, a CloudTrail trail with logging enabled is required.

When using CloudTrail with Amazon S3, you need to configure CloudTrail to log data events. For more information, see Enabling CloudTrail event logging for S3 buckets and objects .

Some occurrences in Amazon services can be reported to EventBridge both by the service itself and by CloudTrail. For example, an Amazon EC2 API call that starts or stops an instance generates EventBridge events as well as events through CloudTrail.

CloudTrail supports both API callers and resource owners to receive events in their Amazon S3 buckets by creating trails, and delivers events to API callers through EventBridge. Resource owners in addition to API callers can monitor cross-account API calls through EventBridge. CloudTrail’s integration with EventBridge provides a convenient way to set automated rules-based workflows in response to events.

You can't use Amazon Put*Events API call events that are larger than 256 KB in size as event patterns because the maximum size of any Put*Events requests is 256 KB. For more information about the API calls that you can use, see CloudTrail supported services and integrations.

Receiving read-only management events from Amazon services

You can set up rules on your default or custom event bus to receive read-only management events from Amazon services via CloudTrail. Management events provide visibility into management operations that are performed on resources in your Amazon account. These are also known as control plane operations. For more information, see Logging management events in the CloudTrail User Guide.

For each rule on the default or custom event buses, you can set the rule state to control the types of events to receive:

  • Disable the rule so that EventBridge does not match events against the rule.

  • Enable the rule so that EventBridge matches events against the rule, except for read-only Amazon management events delivered through CloudTrail.

  • Enable the rule so that EventBridge matches all events against the rule, including read-only management events delivered through CloudTrail.

Partner event buses do not receive Amazon events.

Some things to consider when deciding whether to receive read-only management events:

  • Certain read-only management events, such as Amazon Key Management Service GetKeyPolicy and DescribeKey, or IAM GetPolicy and GetRole events, occur at a much higher volume than typical change events.

  • You may already be receiving read-only management events, if those events don't start with Describe, Get, or List. For example, events from the following Amazon STS APIs are change events, even thought they start with the verb Get:

    • GetFederationToken

    • GetSessionToken

    For a list of read-only management events that do not adhere to the Describe, Get, or List naming convention, by Amazon services, see Management events generated by Amazon services.

To create a rule that receives read-only management events using the Amazon CLI
  • Use the put-rule command to create or update the rule, using parameters to:

    • Specify that the rule belongs on the default event bus, or a specific custom event bus


    aws events put-rule --name "ruleForManagementEvents" --event-bus-name "default" --state "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS"


Enabling a rule for CloudWatch management events is supported through the Amazon CLI and Amazon CloudFormation templates only.

The following example illustrates how to match against specific events. Best practice is to define a dedicated rule for matching specific events, for clarity and ease of editing.

In this case, the dedicated rule matches the AssumeRole management event from Amazon Security Token Service.

{ "source" : [ "aws.sts" ], "detail-type": ["AWS API Call via CloudTrail"], "detail" : { "eventName" : ["AssumeRole"] } }