Connections for API targets in Amazon EventBridge
To enable event buses and pipes to target custom resources, such as HTTPS APIs, you create connections. A connection defines the authorization method and credentials for EventBridge to use in connecting to a given resource. If you are connecting to a private API, such as a private API in an Amazon Virtual Private Cloud (Amazon VPC), you can also use the connection to define secure point-to-point network connectivity.
You can create connections to target:
-
Public APIs, such as third-party SaaS applications.
-
Private APIs, such as custom resources that reside in an Amazon VPC or on-premise.
EventBridge creates connections to private HTTPS endpoints by utilizing resource configurations created in Amazon VPC Lattice. A resource configuration is a logical object that identifies a resource, and specifies who can access it and how.
Use connections with:
-
API destinations in EventBridge
When you create an API destination, you specify a connection to use for it. You can choose an existing connection from your account, or create a connection when you create an API destination.
For more information, see API destinations.
-
HTTP Endpoint tasks in Amazon Step Functions
An HTTP Endpoint task is a type of Task workflow state that lets you call HTTPS APIs in your workflows. These APIs can be public, such as Salesforce and Stripe, or private APIs that reside in an Amazon VPC or on-premise. The task uses a connection to specify the authorization type and credentials to use for authorizing the API. For private APIs, the connection also defines the network path to the API.
For more information, see Call HTTPS APIs in Step Functions workflows in the Step Functions User Guide.
When you configure the authorization settings and create a connection, it creates a secret in Amazon Secrets Manager to securely store the authorization information. You can also add additional parameters to include in the connection as appropriate for your HTTPS endpoint target.
EventBridge connections support the following authentication methods: basic, OAuth, and API Key. For more information, see Connection authorization methods.
Connections are reusable. You can use the same connection to the same API for multiple EventBridge API destinations or Step Functions tasks, as long as the authentication method is the same. If API destinations or tasks require different authentication, then you must create separate connections.