Connections for HTTP endpoint targets - Amazon EventBridge
Authorization methodsCreating connectionsEditing connectionsDe-authorizing connections
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Connections for HTTP endpoint targets

A connection defines the authorization method and credentials for EventBridge to use in connecting to a given HTTP endpoint. When you configure the authorization settings and create a connection, it creates a secret in Amazon Secrets Manager to securely store the authorization information. You can also add additional parameters to include in the connection as appropriate for your HTTP endpoint target.

Use connections with:

  • API destinations

    When you create an API destination, you specify a connection to use for it. You can choose an existing connection from your account, or create a connection when you create an API destination.

Authorization methods for connections

EventBridge connections support the following authorization methods:

  • Basic

  • API Key

    For Basic and API Key authorization, EventBridge populates the required authorization headers for you.

  • OAuth

    For OAuth authorization, EventBridge also exchanges your client ID and secret for an access token and then manages it securely.

    OAUTH tokens are refreshed when a 401 or 407 response is returned.

When you create a connection, you can also include the header, body, and query parameters that are required for authorization with an endpoint. You can use the same connection for more than one HTTP endpoint if the authorization for the endpoint is the same.

When you create a connection and add authorization parameters, EventBridge creates a secret in Amazon Secrets Manager. The cost of both storing and accessing the Secrets Manager secret is included with the charge for using an API destination. To learn more about best practices for using secrets with API destinations, see AWS::Events::ApiDestination in the CloudFormation User Guide.

Note

To successfully create or update a connection, you must use an account that has permission to use Secrets Manager. The required permission is included in the AmazonEventBridgeFullAccess policy. The same permission is granted to the service-linked role that's created in your account for the connection.

Creating connections for HTTP endpoint targets

To create a connection for use with HTTP endpoints using the EventBridge console

  1. Log in to Amazon using an account that has permissions to manage EventBridge and open the EventBridge console.

  2. In the left navigation pane, choose API destinations.

  3. Scroll down to the API destinations table, and then choose the Connections tab.

  4. Choose Create connection.

  5. On the Create connection page, enter a Connection name for the connection.

  6. Enter a Description for the connection.

  7. For Authorization type, select the type of authorization to use to authorize connections to the HTTP endpoint specified for the API destination that uses this connection. Do one of the following:

    • Choose Basic (Username/Password), and then enter the Username and Password to use to authorize with the HTTP endpoint.

    • Choose OAuth Client Credentials, and then enter the Authorization endpoint, HTTP method, Client ID, and Client secret to use to authorize with the endpoint.

      Under OAuth Http Parameters, add any additional parameters to include for authorization with the authorization endpoint. Select a Parameter from the drop-down list, then enter a Key and Value. To include an additional parameter, choose Add parameter.

      Under Invocation Http Parameters, add any additional parameters to include in the authorization request. To add a parameter, select a Parameter from the drop-down list, then enter a Key and Value. To include an additional parameter, choose Add parameter.

    • Choose API key, and then enter the API key name and associated Value to use for API Key authorization.

      Under Invocation Http Parameters, add any additional parameters to include in the authorization request. To add a parameter, select a Parameter from the drop-down list, then enter a Key and Value. To include an additional parameter, choose Add parameter.

  8. Choose Create.

Editing connections using the EventBridge console

You can edit existing connections.

To edit a connection using the EventBridge console

  1. Log in to Amazon using an account that has permissions to manage EventBridge and open the EventBridge console.

  2. In the left navigation pane, choose API destinations.

  3. Scroll down to the API destinations table, and then choose the Connections tab.

  4. In the Connections table, choose the connection to edit.

  5. On the Connection details page, choose Edit.

  6. Update the values for the connection, and then choose Update.

De-authorizing connections using the EventBridge console

When you de-authorize a connection, it removes all authorization parameters. Removing authorization parameters removes the secret from the connection, so you can reuse it without having to create a new connection.

Note

You must update any HTTP endpoints that use the de-authorized connection to use a different connection to successfully send requests to the HTTP endpoint.

To de-authorize a connection

  1. Log in to Amazon using an account that has permissions to manage EventBridge and open the EventBridge console.

  2. In the left navigation pane, choose API destinations.

  3. Scroll down to the API destinations table, and then choose the Connections tab.

  4. In the Connections table, choose the connection.

  5. On the Connection details page, choose De-authorize.

  6. In the Deauthorize connection? dialog box, enter the name of the connection, and then choose De-authorize.

The status of the connection changes to De-authorizing until the process is complete. Then the status changes to De-authorized. Now you can edit the connection to add new authorization parameters.