`. You can reference these variables as you create your *Input Template*.
**Note**
Amazon CloudWatch Logs and SSM targets do not support the use of `Input` and `InputPath` in their input transformers.
### Input template
The *Input Template* is a template for the information you want to pass to your target. You can create a template that passes either a string or JSON to the target. Using the previous event and *Input Path*, the following *Input Template* examples will transform the event to the example output before routing it to a target.
| Description | Template | Output |
| --- | --- | --- |
| Simple string | "instance is in "
| "instance i-0123456789 is in RUNNING"
|
| **String with escaped quotes** | "instance \"\" is in "
| "instance \"i-0123456789\" is in RUNNING"
Note that this is the behavior in the EventBridge console. The AWS CLI escapes the slash characters and the result is `"instance "i-0123456789" is in RUNNING"`. |
| **Simple JSON** | {
"instance" : ,
"state":
} | {
"instance" : "i-0123456789",
"state": "RUNNING"
} |
| **JSON with strings and variables** | {
"instance" : ,
"state": "",
"instanceStatus": "instance \"\" is in "
} | {
"instance" : "i-0123456789",
"state": "RUNNING",
"instanceStatus": "instance \"i-0123456789\" is in RUNNING"
} |
| **JSON with a mix of variables and static information** | {
"instance" : ,
"state": [ 9, , true ],
"Transformed" : "Yes"
}
| {
"instance" : "i-0123456789",
"state": [
9,
"RUNNING",
true
],
"Transformed" : "Yes"
} |
| **Including reserved variables in JSON** | {
"instance" : ,
"state": ,
"ruleArn" : ,
"ruleName" : ,
"originalEvent" :
} | {
"instance" : "i-0123456789",
"state": "RUNNING",
"ruleArn" : "arn:aws:events:us-east-2:123456789012:rule/example",
"ruleName" : "example",
"originalEvent" : {
... // commented for brevity
}
} |
| **Including reserved variables in a string** | " triggered"
| "example triggered"
|
| **Amazon CloudWatch log group** | {
"timestamp" : ,
"message": "instance \"\" is in "
} | {
"timestamp" : 2015-11-11T21:29:54Z,
"message": "instance "i-0123456789" is in RUNNING
} |
## Transforming input by using the EventBridge API
For information about using the EventBridge API to transform input, see [Use Input Transformer to extract data from an event and input that data to the target](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutTargets.html#API_PutTargets_Example_2).
## Transforming input by using AWS CloudFormation
For information about using AWS CloudFormation to transform input, see [AWS::Events::Rule InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html).
## Common Issues with transforming input
These are some common issues when transforming input in EventBridge:
+ For Strings, quotes are required.
+ There is no validation when creating JSON path for your template.
+ If you specify a variable to match a JSON path that doesn't exist in the event, that variable isn't created and won't appear in the output.
+ JSON properties like `aws.events.event.json` can only be used as the value of a JSON field, not inline in other strings.
+ EventBridge doesn't escape values extracted by *Input Path*, when populating the *Input Template* for a target.
+ If a JSON path references a JSON object or array, but the variable is referenced in a string, EventBridge removes any internal quotes to ensure a valid string. For example, for a variable `` pointed at `$.detail`, "Detail is " would result in EventBridge removing quotes from the object.
Therefore, if you want to output a JSON object based on a single JSON path variable, you must place it as a key. In this example, `{"detail": }`.
+ Quotes are not required for variables that represent strings. They are permitted, but EventBridge automatically adds quotes to string variable values during transformation, to ensure the transformation output is valid JSON. EventBridge does not add quotes to variables that represent JSON objects or arrays. Do not add quotes for variables that represent JSON objects or arrays.
For example, the following input template includes variables that represent both strings and JSON objects:
```
{
"ruleArn" : ,
"ruleName" : ,
"originalEvent" :
}
```
Resulting in valid JSON with proper quotation:
```
{
"ruleArn" : "arn:aws:events:us-east-2:123456789012:rule/example",
"ruleName" : "example",
"originalEvent" : {
... // commented for brevity
}
}
```
+ For (non-JSON) text output as multi-line strings, wrap each separate line in your input template in double quotes.
For example, if you were matching [Amazon Inspector Finding](https://docs.aws.amazon.com/inspector/latest/user/eventbridge-integration.html#event-finding) events against the following event pattern:
```
{
"detail": {
"severity": ["HIGH"],
"status": ["ACTIVE"]
},
"detail-type": ["Inspector2 Finding"],
"source": ["inspector2"]
}
```
And using the following input path:
```
{
"account": "$.detail.awsAccountId",
"ami": "$.detail.resources[0].details.awsEc2Instance.imageId",
"arn": "$.detail.findingArn",
"description": "$.detail.description",
"instance": "$.detail.resources[0].id",
"platform": "$.detail.resources[0].details.awsEc2Instance.platform",
"region": "$.detail.resources[0].region",
"severity": "$.detail.severity",
"time": "$.time",
"title": "$.detail.title",
"type": "$.detail.type"
}
```
You could use the input template below to generate multi-line string output:
```
" severity finding "
"Description: <description>"
"ARN: \"<arn>\""
"Type: <type>"
"AWS Account: <account>"
"Region: <region>"
"EC2 Instance: <instance>"
"Platform: <platform>"
"AMI: <ami>"
```
# Configuring an input transformer when creating a rule in EventBridge
<a name="eb-transform-input-rule"></a>
As part of creating a rule, you can specify an input transformer for EventBridge to use to process matching events prior to sending those event to the specified target. You can configure input transformers for targets that are AWS services or API destinations.
**To create a target input transformer as part of a rule**
1. Follow the steps for creating a rule as detailed in [Creating rules using the Enhanced Builder](eb-create-rule-visual.md).
1. In **Step 3 - Select target(s)**, expand **Additional settings**.
1. For **Configure target input**, choose **Input transformer** in the dropdown.
Click **Configure input transformer**.
EventBridge displays the **Configure input transformer** dialog box.
1. In the **Sample event** section, choose a **Sample event type** against which you want to test your event pattern. You can choose an AWS event, a partner event, or enter your own custom event.
------
#### [ AWS events ]
Select from events emitted from supported AWS services.
1. Select **AWS events**.
1. Under **Sample events**, choose the desired AWS event. Events are organized by AWS service.
When you select an event, EventBridge populates the sample event.
For example, if you choose **S3 Object Created**, EventBridge displays a sample S3 Object Created event.
1. (Optional) You can also select **Copy** to copy the sample event to your device's clipboard.
------
#### [ Partner events ]
Select from events emitted from third-party services that support EventBridge, such as Salesforce.
1. Select **EventBridge partner events**.
1. Under **Sample events**, choose the desired partner event. Events are organized by partner.
When you select an event, EventBridge populates the sample event.
1. (Optional) You can also select **Copy** to copy the sample event to your device's clipboard.
------
#### [ Enter your own ]
Enter your own event in JSON text.
1. Select **Enter your own**.
1. EventBridge populates the sample event with a template of required event attributes.
1. Edit and add to the sample event as desired. The sample event must be valid JSON.
1. (Optional) You can also choose any of the following options:
+ **Copy** – Copy the sample event to your device's clipboard.
+ **Prettify** – Makes the JSON text easier to read by adding line breaks, tabs, and spaces.
------
1. (Optional) Expand the **Example input paths, Templates and Outputs** section to see examples of:
+ How JSON paths are used to define variables that represent event data
+ How those variables can be used in an input transformer template
+ The resulting output that EventBridge sends to the target
For more detailed examples of input transformations, see [Input transform examples](eb-transform-target-input.md#eb-transform-input-examples).
1. In the **Target input transformer** section, define any variables you want to use in the input template.
Variables use JSON path to reference values in the original event source. You can then reference those variables in the input template in order to include data from the original source event in the transformed event that EventBridge passes to the target. You can define up to 100 variables. The input transformer must be valid JSON.
For example, suppose you had chosen AWS event **S3 Object Created** as your sample event for this input transformer. You could then define the following variables for use in your template:
```
{
"requester": "$.detail.requester",
"key": "$.detail.object.key",
"bucket": "$.detail.bucket.name"
}
```
(Optional) You can also choose **Copy** to copy the input transformer to your device's clipboard.
1. In the **Template** section, compose the template you want to use to determine what EventBridge passes to the target.
You can use JSON, strings, static information, variables you've defined as well as reserved variables. For more detailed examples of input transformations, see [Input transform examples](eb-transform-target-input.md#eb-transform-input-examples).
For example, suppose you had defined the variables in the previous example. You could then compose the following template, which references those variables, as well as reserved variables, and static information.
```
{
"message": "<requester> has created the object \"<key>\" in the bucket \"<bucket>\"",
"RuleName": <aws.events.rule-name>,
"ruleArn" : <aws.events.rule-arn>,
"Transformed": "Yes"
}
```
(Optional) You can also choose **Copy** to copy the template to your device's clipboard.
1. To test your template, select **Generate output**.
EventBridge processes the sample event based on the input template, and displays the transformed output generated under **Output**. This is the information that EventBridge will pass to the target in place of the original source event.
The generated output for the example input template described above would be the following:
```
{
"message": "123456789012 has created the object "example-key" in the bucket "amzn-s3-demo-bucket"",
"RuleName": rule-name,
"ruleArn" : arn:aws:events:us-east-1:123456789012:rule/rule-name,
"Transformed": "Yes"
}
```
(Optional) You can also choose **Copy** to copy the generated output to your device's clipboard.
1. Select **Confirm**
1. Follow the rest of the steps for creating a rule as detailed in [Creating rules using the Enhanced Builder](eb-create-rule-visual.md).
# Testing a target input transformer using the EventBridge Sandbox
<a name="eb-sandbox-input-trans"></a>
You can use input transformers to customize the text from an [event](eb-events.md) before EventBridge passes the information to the [target](eb-targets.md) of a [rule](eb-rules.md).
Configuring an input transformer is typically part of the larger process of specifying a target while [creating a new rule](eb-create-rule-visual.md) or editing an existing one. Using the Sandbox in EventBridge, however, you can quickly configure an input transformer and use a sample event to confirm you are getting the desired output, without having to create or edit a rule.
For more information about input transformations, see [Amazon EventBridge input transformation](eb-transform-target-input.md).
**To test a target input transformer**
1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. Under **Developer resources**, choose **Sandbox**, and on the **Sandbox** page choose the **Target input transformer** tab.
1. In the **Sample event** section, choose a **Sample event type** against which you want to test your event pattern. You can choose an AWS event, a partner event, or enter your own custom event.
------
#### [ AWS events ]
Select from events emitted from supported AWS services.
1. Select **AWS events**.
1. Under **Sample events**, choose the desired AWS event. Events are organized by AWS service.
When you select an event, EventBridge populates the sample event.
For example, if you choose **S3 Object Created**, EventBridge displays a sample S3 Object Created event.
1. (Optional) You can also select **Copy** to copy the sample event to your device's clipboard.
------
#### [ Partner events ]
Select from events emitted from third-party services that support EventBridge, such as Salesforce.
1. Select **EventBridge partner events**.
1. Under **Sample events**, choose the desired partner event. Events are organized by partner.
When you select an event, EventBridge populates the sample event.
1. (Optional) You can also select **Copy** to copy the sample event to your device's clipboard.
------
#### [ Enter your own ]
Enter your own event in JSON text.
1. Select **Enter your own**.
1. EventBridge populates the sample event with a template of required event attributes.
1. Edit and add to the sample event as desired. The sample event must be valid JSON.
1. (Optional) You can also choose any of the following options:
+ **Copy** – Copy the sample event to your device's clipboard.
+ **Prettify** – Makes the JSON text easier to read by adding line breaks, tabs, and spaces.
------
1. (Optional) Expand the **Example input paths, Templates and Outputs** section to see examples of:
+ How JSON paths are used to define variables that represent event data
+ How those variables can be used in an input transformer template
+ The resulting output that EventBridge sends to the target
For more detailed examples of input transformations, see [Input transform examples](eb-transform-target-input.md#eb-transform-input-examples).
1. In the **Target input transformer** section, define any variables you want to use in the input template.
Variables use JSON path to reference values in the original event source. You can then reference those variables in the input template in order to include data from the original source event in the transformed event that EventBridge passes to the target. You can define up to 100 variables. The input transformer must be valid JSON.
For example, suppose you had chosen AWS event **S3 Object Created** as your sample event for this input transformer. You could then define the following variables for use in your template:
```
{
"requester": "$.detail.requester",
"key": "$.detail.object.key",
"bucket": "$.detail.bucket.name"
}
```
(Optional) You can also choose **Copy** to copy the input transformer to your device's clipboard.
1. In the **Template** section, compose the template you want to use to determine what EventBridge passes to the target.
You can use JSON, strings, static information, variables you've defined as well as reserved variables. For more detailed examples of input transformations, see [Input transform examples](eb-transform-target-input.md#eb-transform-input-examples).
For example, suppose you had defined the variables in the previous example. You could then compose the following template, which references those variables, as well as reserved variables, and static information.
```
{
"message": "<requester> has created the object \"<key>\" in the bucket \"<bucket>\"",
"RuleName": <aws.events.rule-name>,
"ruleArn" : <aws.events.rule-arn>,
"Transformed": "Yes"
}
```
(Optional) You can also choose **Copy** to copy the template to your device's clipboard.
1. To test your template, select **Generate output**.
EventBridge processes the sample event based on the input template, and displays the transformed output generated under **Output**. This is the information that EventBridge will pass to the target in place of the original source event.
The generated output for the example input template described above would be the following:
```
{
"message": "123456789012 has created the object "example-key" in the bucket "amzn-s3-demo-bucket"",
"RuleName": rule-name,
"ruleArn" : arn:aws:events:us-east-1:123456789012:rule/rule-name,
"Transformed": "Yes"
}
```
(Optional) You can also choose **Copy** to copy the generated output to your device's clipboard.
# Archiving and replaying events in Amazon EventBridge
<a name="eb-archive"></a>
In EventBridge, you can create an archive of events so that you can easily *replay*, or resend them to the event bus that originally received them, at a later time. For example, you might want to replay events to recover from errors, or to validate new functionality in your application.
## Archiving events
<a name="eb-archive-archive"></a>
When you create an archive, you can specify:
+ Which events to send to the archive.
You can specify an event pattern for EventBridge to use when filtering the events it sends to the archive.
+ How long to retain events in the archive.
You can specify the number of days to retain events in the archive. By default, EventBridge stores events in an archive indefinitely.
Each archive receives events from a single *source* event bus. You cannot change the source event bus once an archive is created. You can create multiple archives for a given event bus.
![\[Events are filtered by an event pattern and sent to an archive, from which they can be replayed.\]](http://docs.aws.amazon.com/eventbridge/latest/userguide/images/archive_eventbridge_conceptual.svg)
EventBridge charges apply to archives. Please refer to [Amazon EventBridge Pricing](https://aws.amazon.com/eventbridge/pricing/) for details.
### Encrypting archive events
<a name="eb-archive-encryption"></a>
By default, EventBridge encrypts event data in an archive using 256-bit Advanced Encryption Standard (AES-256) under an [AWS owned CMK](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#aws-owned-cmk), which helps secure your data from unauthorized access.
### Event delivery
<a name="eb-archive-timing"></a>
Keep in the following considerations in mind about how EventBridge delivers events to archives:
+ There may be a delay between an event being received on an event bus and the event arriving in the archive. We recommend you delay replaying archived events for 10 minutes to make sure all events are replayed.
+ The `EventCount` and `SizeBytes` values of the [https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_DescribeArchive.html](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_DescribeArchive.html) operation have a reconciliation period of 24 hours. Therefore, any recently-expired or newly-archived events may not be immediately reflected in these values.
### Preventing replayed events from being delivered to an archive
<a name="eb-archive-managed-rule"></a>
When you create an archive, EventBridge generates a [managed rule](eb-rules.md#eb-rules-managed) on the source event bus that prevents replayed events from being sent to the archive. The managed rule adds the following event pattern, which filters events based on whether it contains a `replay-name` field. (EventBridge adds this field to events when it replays them.)
```
{
"replay-name": [{
"exists": false
}]
}
```
## Replaying events from an archive
<a name="eb-archive-replay"></a>
After you create an archive, you can then replay events from the archive. For example, if you update an application with additional functionality, you can replay historical events to ensure that the events are reprocessed to keep the application consistent. You can also use an archive to replay events for new functionality.
When you replay events from an archive, you specify:
+ The time frame from which to select events to replay.
+ Optionally, specific rules on the event bus to which EventBridge should replay the selected events.
Archive events can only be replayed to the source event bus.
You can have a maximum of ten active concurrent replays per account per AWS Region.
Replaying events does not remove them from the archive. You can replay events in multiple replays. EventBridge only removes events when they exceed the archive retention period, or you delete the archive itself.
EventBridge deletes replays after 90 days.
You can cancel replays while their status is `Starting` or `Running`. For more information, see [Canceling event replays](eb-replay-cancel.md).
### Identifying events that have been replayed
<a name="eb-archive-replay-event-transform"></a>
When EventBridge sends an event from an archive to the source event bus during a replay, it adds a metadata field to the event, `replay-name`, which contains the name of the replay. You can use this field to identify replayed events when they are delivered to a target.
EventBridge also uses this field to make sure that replayed events aren't sent to archives.
### Considerations when replaying events from an archive
<a name="eb-archive-replay-considerations"></a>
Keep the following considerations in mind when replaying events from an archive:
+ There may be a delay between an event being received on an event bus and the event arriving in the archive. We recommend you delay replaying archived events for 10 minutes to make sure all events are replayed.
+ Events aren't necessarily replayed in the same order that they were added to the archive. A replay processes events to replay based on the time in the event, and replays them on one minute intervals. If you specify an event start time and an event end time that covers a 20 minute time range, the events are replayed from the first minute of that 20 minute range first. Then the events from the second minute are replayed.
+ You can use the `DescribeReplay` operation of the EventBridge API to determine the progress of a replay. `EventLastReplayedTime` returns the time stamp of the last event replayed.
+ Events are replayed based on, but separate from, the `PutEvents` transactions per second limit for the AWS account. You can request an increase to the limit for PutEvents. For more information, see [ Amazon EventBridge Quotas](https://docs.aws.amazon.com/eventbridge/latest/userguide/cloudwatch-limits-eventbridge.html).
The following video demonstrates the use of archive and replay:
# Creating event archives in Amazon EventBridge
<a name="eb-archive-event"></a>
When you create an archive in EventBridge, you can determine which events are sent to the archive by specifying an [event pattern](eb-event-patterns.md). EventBridge sends events that match the event pattern to the archive. You also set the retention period to store events in the archive before they are discarded.
You can also create archives as part of [creating an event bus](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-event-bus.html). These archives have an indefinite retention policy and no event filter, although this can be [updated](https://docs.aws.amazon.com/eventbridge/latest/userguide/event-bus-update-archive.html) once the archive is created.
**Topics**
+ [Define the archive](#eb-create-archive-define)
+ [Build the event pattern (optional)](#eb-create-archive-event-pattern)
## Define the archive
<a name="eb-create-archive-define"></a>
First, enter a name and description for archive, and specify the event bus from which it receives events. Optionally, you can also set how long to retain events in the archive.
**To define the archive**
1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. Navigate to the source event bus, or create the archive directly:
+ In the navigation pane, choose **Event buses**.
On the events bus details page, choose the **Archives** tab.
+ In the navigation pane, choose **Archives**.
1. Choose **Create archive**.
1. Under **Archive detail**, enter a name and optionally, a description for the archive.
The name must be unique to your account in the selected Region. You can't change the name after you create the archive.
1. For **Source**, select the event bus you want to send events to the archive
If you navigated from an existing event bus details page, the name of that event bus appears by default.
You cannot change the source event bus once you have created the archive.
1. For **Retention period**, specify how long to retain the events in the archive:
+ Choose **Indefinite** to retain the events in the archive and not ever delete them.
+ For a set retention period, enter the number of days after which EventBridge should delete the events from the archive.
1. For **Encryption**, choose the KMS key for EventBridge to use when encrypting the events stored in the archive.
**Important**
If you have specify that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.
+ Choose **Use AWS owned key** for EventBridge to encrypt the data using an AWS owned key.
This AWS owned key is a KMS key that EventBridge owns and manages for use in multiple AWS accounts. In general, unless you are required to audit or control the encryption key that protects your resources, an AWS owned key is a good choice.
This is the default.
+ Choose **Use customer managed key** for EventBridge to encrypt the data using the customer managed key that you specify or create.
Customer managed key are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys.
1. Specify an existing customer managed key, or choose **Create a new KMS key />**.
EventBridge displays the key status and any key aliases that have been associated with the specified customer managed key.
1. Choose **Next**.
## Build the event pattern (optional)
<a name="eb-create-archive-event-pattern"></a>
Next, as an optional step, you can build an event pattern to filter which events EventBridge sends to the archive. To do this, specify the event source, choose the basis for the event pattern, and define the attributes and values to match on. You can also generate the event pattern in JSON and test it against a sample event.
For more information on event patterns, see [](eb-event-patterns.md).
**To build the event pattern**
1. For **Event source**, choose **AWS events or EventBridge partner events**.
1. (Optional) In the **Sample events** section, choose a **Sample event type** against which you want to test your event pattern.
The following sample event types are available:
+ **AWS events **– Select from events emitted from supported AWS services.
+ **EventBridge partner events** – Select from events emitted from third-party services that support EventBridge, such as Salesforce.
+ **Enter my own** – Enter your own event in JSON text.
You can also use an AWS or partner event as the starting point for creating your own custom event.
1. Select **AWS events** or **EventBridge partner events**.
1. Use the **Sample events** dropdown to select the event you want to use as a starting point for your custom event.
EventBridge displays the sample event.
1. Select **Copy**.
1. Select **Enter my own** for **Event type.**
1. Delete the sample event structure in the JSON editing pane, and paste the AWS or partner event in its place.
1. Edit the event JSON to create your own sample event.
1. Choose a **Creation method**. You can create an event pattern from an EventBridge schema or template, or you can create a custom event pattern.
------
#### [ Existing schema ]
To use an existing EventBridge schema to create the event pattern, do the following:
1. In the **Creation method** section, for **Method**, select **Use schema**.
1. In the **Event pattern** section, for **Schema type**, select **Select schema from Schema registry**.
1. For **Schema registry**, choose the dropdown box and enter the name of a schema registry, such as `aws.events`. You can also select an option from the dropdown list that appears.
1. For **Schema**, choose the dropdown box and enter the name of the schema to use. For example, `aws.s3@ObjectDeleted`. You can also select an option from the dropdown list that appears.
1. In the **Models** section, choose the **Edit** button next to any attribute to open its properties. Set the **Relationship** and **Value** fields as needed, then choose **Set** to save the attribute.
**Note**
For information about an attribute's definition, choose the **Info** icon next to the attribute's name. For a reference on how to set attribute properties in your event, open the **Note** section of the attribute properties dialog box.
To delete an attribute's properties, choose the **Edit** button for that attribute, then choose **Clear**.
1. Choose **Generate event pattern in JSON** to generate and validate your event pattern as JSON text.
1. (Optional) To test the sample event against your test pattern, choose **Test pattern**.
EventBridge displays a message box stating whether your sample event matches the event pattern.
You can also choose any of the following options:
+ **Copy** – Copy the event pattern to your device's clipboard.
+ **Prettify** – Makes the JSON text easier to read by adding line breaks, tabs, and spaces.
------
#### [ Custom schema ]
To write a custom schema and convert it to an event pattern, do the following:
1. In the **Creation method** section, for **Method**, choose **Use schema**.
1. In the **Event pattern** section, for **Schema type**, choose **Enter schema**.
1. Enter your schema into the text box. You must format the schema as valid JSON text.
1. In the **Models** section, choose the **Edit** button next to any attribute to open its properties. Set the **Relationship** and **Value** fields as needed, then choose **Set** to save the attribute.
**Note**
For information about an attribute's definition, choose the **Info** icon next to the attribute's name. For a reference on how to set attribute properties in your event, open the **Note** section of the attribute properties dialog box.
To delete an attribute's properties, choose the **Edit** button for that attribute, then choose **Clear**.
1. Choose **Generate event pattern in JSON** to generate and validate your event pattern as JSON text.
1. (Optional) To test the sample event against your test pattern, choose **Test pattern**.
EventBridge displays a message box stating whether your sample event matches the event pattern.
You can also choose any of the following options:
+ **Copy** – Copy the event pattern to your device's clipboard.
+ **Prettify** – Makes the JSON text easier to read by adding line breaks, tabs, and spaces.
------
#### [ Event pattern ]
To write a custom event pattern in JSON format, do the following:
1. In the **Creation method** section, for **Method**, choose **Custom pattern (JSON editor)**.
1. For **Event pattern**, enter your custom event pattern in JSON-formatted text.
1. (Optional) To test the sample event against your test pattern, choose **Test pattern**.
EventBridge displays a message box stating whether your sample event matches the event pattern.
You can also choose any of the following options:
+ **Copy** – Copy the event pattern to your device's clipboard.
+ **Prettify** – Makes the JSON text easier to read by adding line breaks, tabs, and spaces.
+ **Event pattern form** – Opens the event pattern in Pattern Builder. If the pattern can't be rendered in Pattern Builder as-is, EventBridge warns you before it opens Pattern Builder.
------
1. Choose **Create archive**.
To confirm that events are successfully sent to the archive, you can use the [https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_DescribeArchive.html](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_DescribeArchive.html) operation of the EventBridge API to see if the `EventCount` reflects the number of events in the archive. If it is 0, there are no events in the archive.
# Updating archives on Amazon EventBridge event buses
<a name="event-bus-update-archive"></a>
You can update the following:
+ Archive description
+ The event pattern used to filter which events are sent to the archive.
+ The retention period for events.
+ The AWS KMS key used for event encryption.
For more information, see [Encrypting archives](encryption-archives.md).
You cannot change the name or source event bus for an archive once it has been created.
**Note**
Schema discovery is not supported for event buses encrypted using a customer managed key. To enable schema discovery on an event bus, choose to use an AWS owned key. For more information, see [KMS key options](eb-encryption-at-rest-key-options.md).
**To update an archive (console)**
1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. Navigate to the archive directly, or from the source event bus:
+ In the navigation pane, choose **Event buses**.
On the events bus details page, choose the **Archives** tab.
+ In the navigation pane, choose **Archives**.
1. Select the archive, and then select **Edit**.
1. Update the archive.
**To update an archive for an event bus (AWS CLI)**
+ Use [update-archive](https://docs.aws.amazon.com/cli/latest/reference/events/update-archive.html).
# Deleting event archives in Amazon EventBridge
<a name="eb-archive-delete"></a>
When you delete an archive, EventBridge deletes the following resources:
+ The archive and any events it contains.
+ The event pattern, if any, specified for the archive.
+ The managed rule EventBridge generated for the archive.
**To delete an archive from an event bus (console)**
1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. Navigate to the archive directly, or from the source event bus:
+ In the navigation pane, choose **Event buses**.
On the events bus details page, choose the **Archives** tab.
+ In the navigation pane, choose **Archives**.
1. Choose the event bus that contains the archive you want to delete.
1. On the event bus details page, select the **Archives** tab.
1. Select the archive, and then select **Delete**.
**To delete an archive (AWS CLI)**
+ Use [delete-archive](https://docs.aws.amazon.com/cli/latest/reference/events/delete-archive.html).
# Creating replays of archived events in Amazon EventBridge
<a name="eb-replay-archived-event"></a>
When you start a new replay, you specify a time period for the event you want EventBridge to resend to the source event bus. You can also specify for EventBridge to send the events to specific rules.
**To start an event replay (console)**
1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. Navigate to the replays directly, or from the archive you want to replay:
+ In the navigation pane, choose **Archives**.
On the **Archives** page, choose the archive and then choose**Replay**.
+ In the navigation pane, choose **Replays**.
Choose **Start new replay**.
1. Enter a **Name** for the replay and, optionally, a **Description**.
1. For **Source**, select the archive to replay events from.
1. For destination, you can replay events only to the same event bus that emitted the events.
1. For **Specify rules**, do one of the following:
+ Choose **All rules** to replay events to all rules.
+ Choose **Specify rules**, and then select the rule or rules to replay the events to.
1. Under **Replay time frame**, specify the **Date**, **Time**, and **Time zone** for the **Start time** and the **End time**.
Only events that occurred between the **Start time** and **End time** are replayed.
1. Choose **Start replay**.
**To start a replay (AWS CLI)**
+ Use [start-replay](https://docs.aws.amazon.com/cli/latest/reference/events/start-replay.html).
# Canceling replays of archived events in Amazon EventBridge
<a name="eb-replay-cancel"></a>
If you start a replay and then want to stop it, you can cancel it while its status is `Starting` or `Running`.
**To cancel a replay (console)**
1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. In the left navigation pane, choose **Replays**.
1. Choose the replay to cancel.
1. Choose **Cancel**.
**To cancel a replay (AWS CLI)**
+ Use [cancel-replay](https://docs.aws.amazon.com/cli/latest/reference/events/cancel-replay.html).
# Making applications Regional-fault tolerant with global endpoints in EventBridge
<a name="eb-global-endpoints"></a>
You can improve your application's availability with Amazon EventBridge global endpoints. Global endpoints help make your application regional-fault tolerant at no additional cost. To start, you assign an Amazon Route 53 health check to the endpoint. When failover is initiated, the health check reports an “unhealthy” state. Within minutes of failover initiation, all custom [events](eb-events.md) are routed to an [event bus](eb-event-bus.md) in the secondary Region and are processed by that event bus. Once the health check reports a “healthy” state, events are processed by the event bus in the primary Region.
When you use global endpoints, you can enable [event replication](#eb-ge-event-replication). Event replication sends all custom events to the event buses in the primary and secondary Regions using managed rules.
**Note**
If you're using custom buses, you'll need a custom bus in each Region with the same name and in the same account for failover to work properly.
## Recovery Time & Recovery Point Objectives
<a name="eb-ge-rpo-rto"></a>
The Recovery Time Objective (RTO) is the time that it takes for the secondary Region to start receiving events after a failure. For RTO, the time includes time period for triggering CloudWatch alarms and updating statuses for Route 53 health checks. The Recovery Point Objective (RPO) is the measure of the data that will be left unprocessed during a failure. For RPO, the time includes events that are not replicated to the secondary Region and are stuck in the primary Region until the service or Region recovers. With global endpoints, if you follow our prescriptive guidance for alarm configuration, you can expect the RTO and RPO to be 360 seconds with a maximum of 420 seconds.
## Event replication
<a name="eb-ge-event-replication"></a>
Events are processed in the secondary Region asynchronously. This means that events are not guaranteed to be processed at the same time in both Regions. When failover is triggered, the events are processed by the secondary Region and will be processed by the primary Region when it’s available. Enabling event replication will increase your monthly costs. For more information, see [Amazon EventBridge pricing](https://aws.amazon.com/eventbridge/pricing)
We recommend enabling event replication when setting up global endpoints for the following reasons:
+ Event replication helps you verify that your global endpoints are configured correctly. This helps to ensure that you’ll be covered in the event of failover.
+ Event replication is required to automatically recover from a failover event. If you don’t have event replication enabled, you’ll have to manually reset the Route 53 health check to “healthy” before events will go back to the primary Region.
### Replicated event payload
<a name="eb-ge-event-replication-ep"></a>
The following is an example of a replicated event payload:
**Note**
For `region`, the Region that the event was replicated from is listed.
```
{
"version": "0",
"id": "a908baa3-65e5-ab77-367e-527c0e71bbc2",
"detail-type": "Test",
"source": "test.service.com",
"account": "0123456789",
"time": "1900-01-01T00:00:00Z",
"region": "us-east-1",
"resources": [
"arn:aws:events:us-east-1:0123456789:endpoint/MyEndpoint"
],
"detail": {
"a": "b"
}
}
```
## Working with global endpoints by using an AWS SDK
<a name="eb-ge-sdk-update"></a>
**Note**
Support for C\$1\$1 is coming soon.
When using an AWS SDK to work with global endpoints, keep the following in mind:
+ You'll need to have the AWS Common Runtime (CRT) library installed for your specific SDK. If you don't have the CRT installed, you'll get an exception message indicating what needs to be installed. For more information, see the following:
+ [AWS Common Runtime (CRT) libraries](https://docs.aws.amazon.com/sdkref/latest/guide/common-runtime.html)
+ [awslabs/aws-crt-java](https://github.com/awslabs/aws-crt-java)
+ [awslabs/aws-crt-nodejs](https://github.com/awslabs/aws-crt-nodejs)
+ [awslabs/aws-crt-python](https://github.com/awslabs/aws-crt-python)
+ Once you have created a global endpoint, you'll need to add the `endpointId` and `EventBusName` to any `PutEvents` calls that you use.
+ Global endpoints support Signature Version 4A. This version of SigV4 allows requests to be signed for multiple AWS Regions. This is useful in API operations that might result in data access from one of several Regions. When using the AWS SDK, you supply your credentials and the requests to global endpoints will use Signature Version 4A without additional configuration. For more information about SigV4A, see [Signing AWS API requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html ) in the *AWS General Reference*.
If you request temporary credentials from the global AWS STS endpoint (sts.amazonaws.com), AWS STS vends credentials which, by default, do not support SigV4A. See [Managing AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the *AWS Identity and Access Management User Guide* for further information.
## Available Regions
<a name="eb-ge-avail-regions"></a>
The following Regions support global endpoints:
+ US East (N. Virginia)
+ US East (Ohio)
+ US West (N. California)
+ US West (Oregon)
+ Canada (Central)
+ Europe (Frankfurt)
+ Europe (Ireland)
+ Europe (London)
+ Europe (Milan)
+ Europe (Paris)
+ Europe (Stockholm)
+ Asia Pacific (Mumbai)
+ Asia Pacific (Osaka)
+ Asia Pacific (Seoul)
+ Asia Pacific (Singapore)
+ Asia Pacific (Sydney)
+ Asia Pacific (Tokyo)
+ South America (São Paulo)
# Creating a global endpoint in Amazon EventBridge
<a name="eb-ge-create-endpoint"></a>
Complete the following steps to set up a global endpoint:
1. Make sure that you have matching event buses and rules in both the primary and secondary Region.
1. Create a [Route 53 health check](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/health-checks-creating.html) to monitor your event buses. For assistance in creating your health check, choose **New Health Check** when creating your global endpoint.
1. Create your global endpoint.
Once you have set up the Route 53 health check, you can create a global endpoint.
## To create a global endpoint by using the console
<a name="eb-ge-create-endpoint-console"></a>
1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. In the navigation pane, choose **Global endpoints**.
1. Choose **Create Endpoint**.
1. Enter a name and description for the endpoint.
1. For **Event bus in primary Region**, choose the event bus you’d like the endpoint associated with.
1. For **Secondary Region**, choose the Region you'd like to direct events to in the event of a failover.
**Note**
The **Event bus in secondary Region** is auto-filled and not editable.
1. For **Route 53 health check for triggering failover and recovery**, choose the health check that the endpoint will monitor. If you don't already have a health check, choose **New Health check** to open the CloudFormation console and create a health check using a CloudFormation template.
**Note**
Missing data will cause the health check to fail. If you only need to send events intermittently, consider using a longer **MinimumEvaluationPeriod**, or treat missing data as 'missing' instead of 'breaching'.
1. (Optional) For **Event replication** do the following:
1. Select **Event replication enabled**.
1. For **Execution role**, choose whether to create a new AWS Identity and Access Management role or use an existing one. Do the following:
+ Choose **Create a new role for this specific resource**. Optionally, you can update the **Role name** to create a new role.
+ Choose **Use existing role**. Then, for **Execution role**, choose the desired role to use.
1. Choose **Create**.
## To create a global endpoint by using the API
<a name="eb-ge-create-endpoint-api"></a>
To create a global endpoint using the EventBridge API, see [CreateEndpoint](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateEndpoint.html) in the Amazon EventBridge API Reference.
## To create a global endpoint by using CloudFormation
<a name="eb-ge-create-endpoint-cfn"></a>
To create a global endpoint using the AWS CloudFormation API, see [AWS::Events::Endpoints](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html) in the AWS CloudFormation User Guide.
# Best practices for Amazon EventBridge global endpoints
<a name="eb-ge-best-practices"></a>
The following best practices are recommended when you set up global endpoints.
## Enabling event replication
<a name="eb-ge-bp-enable-replication"></a>
We strongly recommend that you turn on replication and process your events in the secondary Region that you assign to your global endpoint. This ensures that your application in the secondary Region is configured correctly. You should also turn on replication to ensure automatic recovery to the primary Region after an issue has been mitigated.
Event IDs can change across API calls so correlating events across Regions requires you to have an immutable, unique identifier. Consumers should also be designed with idempotency in mind. That way, if you're replicating events, or replaying them from archives, there are no side effects from the events being processed in both Regions.
## Preventing event throttling
<a name="eb-ge-bp-throttling"></a>
To prevent events from being throttled, we recommend updating your `PutEvents` and targets limits so they're consistent across Regions.
## Using subscriber metrics in Amazon Route 53 health checks
<a name="eb-ge-bp-sub-metrics"></a>
Avoid including subscriber metrics in your Amazon Route 53 health checks. Including these metrics may cause your publisher to failover to the secondary Regions if a subscriber encounters an issue despite all other subscribers remaining healthy in the primary Region. If one of your subcribers is failing to process events in the primary Region, you should turn on replication to ensure that your subscriber in the secondary Region can process events successfully.
# Setting up the Route 53 health check for EventBridge global endpoints
<a name="eb-ge-cfn"></a>
When using global endpoints you have to have a Route 53 health check to monitor the status of your Regions. The following template defines a [Amazon CloudWatch alarm](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html) and uses it to define a [Route 53 health check](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-healthcheck.html).
**Topics**
+ [CloudFormation template for defining a Route 53 health check](#eb-ge-cfn-template)
+ [CloudWatch alarm template properties](#eb-ge-cfn-cw-alarm-definitions)
+ [Route 53 health check template properties](#eb-ge-cfn-health-check-definitions)
## CloudFormation template for defining a Route 53 health check
<a name="eb-ge-cfn-template"></a>
Use the following template to define your Route 53 health check.
```
Description: |-
Global endpoints health check that will fail when the average Amazon EventBridge
latency is above 30 seconds for a duration of 5 minutes. Note, missing data will
cause the health check to fail, so if you only send events intermittently, consider
changing the heath check to use a longer evaluation period or instead treat missing
data as 'missing' instead of 'breaching'.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "Global endpoint health check alarm configuration"
Parameters:
- HealthCheckName
- HighLatencyAlarmPeriod
- MinimumEvaluationPeriod
- MinimumThreshold
- TreatMissingDataAs
ParameterLabels:
HealthCheckName:
default: Health check name
HighLatencyAlarmPeriod:
default: High latency alarm period
MinimumEvaluationPeriod:
default: Minimum evaluation period
MinimumThreshold:
default: Minimum threshold
TreatMissingDataAs:
default: Treat missing data as
Parameters:
HealthCheckName:
Description: Name of the health check
Type: String
Default: LatencyFailuresHealthCheck
HighLatencyAlarmPeriod:
Description: The period, in seconds, over which the statistic is applied. Valid values are 10, 30, 60, and any multiple of 60.
MinValue: 10
Type: Number
Default: 60
MinimumEvaluationPeriod:
Description: The number of periods over which data is compared to the specified threshold. You must have at least one evaluation period.
MinValue: 1
Type: Number
Default: 5
MinimumThreshold:
Description: The value to compare with the specified statistic.
Type: Number
Default: 30000
TreatMissingDataAs:
Description: Sets how this alarm is to handle missing data points.
Type: String
AllowedValues:
- breaching
- notBreaching
- ignore
- missing
Default: breaching
Mappings:
"InsufficientDataMap":
"missing":
"HCConfig": "LastKnownStatus"
"breaching":
"HCConfig": "Unhealthy"
Resources:
HighLatencyAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: High Latency in Amazon EventBridge
MetricName: IngestionToInvocationStartLatency
Namespace: AWS/Events
Statistic: Average
Period: !Ref HighLatencyAlarmPeriod
EvaluationPeriods: !Ref MinimumEvaluationPeriod
Threshold: !Ref MinimumThreshold
ComparisonOperator: GreaterThanThreshold
TreatMissingData: !Ref TreatMissingDataAs
LatencyHealthCheck:
Type: AWS::Route53::HealthCheck
Properties:
HealthCheckTags:
- Key: Name
Value: !Ref HealthCheckName
HealthCheckConfig:
Type: CLOUDWATCH_METRIC
AlarmIdentifier:
Name:
Ref: HighLatencyAlarm
Region: !Ref AWS::Region
InsufficientDataHealthStatus: !FindInMap [InsufficientDataMap, !Ref TreatMissingDataAs, HCConfig]
Outputs:
HealthCheckId:
Description: The identifier that Amazon Route 53 assigned to the health check when you created it.
Value: !GetAtt LatencyHealthCheck.HealthCheckId
```
Event IDs can change across API calls so correlating events across Regions requires you to have an immutable, unique identifier. Consumers should also be designed with idempotency in mind. That way, if you're replicating events, or replaying them from archives, there are no side effects from the events being processed in both Regions.
## CloudWatch alarm template properties
<a name="eb-ge-cfn-cw-alarm-definitions"></a>
**Note**
For all **editable** fields, consider your throughput per second. If you only send events intermittently, consider changing the heath check to use a longer evaluation period or instead treat missing data as `missing` instead of `breaching`.
The following properties are used in th CloudWatch alarm section of the template:
| Metric | Description |
| --- | --- |
| `AlarmDescription` | The description of the alarm. Default: **High Latency in Amazon EventBridge** |
| `MetricName` | The name of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you use `Metrics` instead and you can't specify `MetricName`. Default: IngestionToInvocationStartLatency |
| `Namespace` | The namespace of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you can't specify `Namespace` and you use `Metrics` instead. Default: `AWS/Events` |
| `Statistic` | The statistic for the metric associated with the alarm, other than percentile. Default: Average |
| `Period` | The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60. Default: **60** |
| `EvaluationPeriods` | The number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an "M out of N" alarm, this value is the N, and `DatapointsToAlarm` is the M. Default: **5** |
| `Threshold` | The value to compare with the specified statistic. Default: **30,000** |
| `ComparisonOperator` | The arithmetic operation to use when comparing the specified statistic and threshold. The specified statistic value is used as the first operand. Default: `GreaterThanThreshold` |
| `TreatMissingData` | Sets how this alarm is to handle missing data points. Valid values: `breaching`, `notBreaching`, `ignore`, and `missing` Default: `breaching` |
## Route 53 health check template properties
<a name="eb-ge-cfn-health-check-definitions"></a>
**Note**
For all **editable** fields, consider your throughput per second. If you only send events intermittently, consider changing the heath check to use a longer evaluation period or instead treat missing data as `missing` instead of `breaching`.
The following properties are used in th Route 53 health check section of the template:
| Metric | Description |
| --- | --- |
| `HealthCheckName` | The name of the health check. Default: **LatencyFailuresHealthCheck** |
| `InsufficientDataHealthStatus` | When CloudWatch has insufficient data about the metric to determine the alarm state, the status that you want Amazon Route 53 to assign to the health check Valid values: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/eventbridge/latest/userguide/eb-ge-cfn.html) Default: Unhealthy This field is updated based on the input to the `TreatMissingData` field. If `TreatingMissingData` is set to `Missing`, it will be updated to `LastKnownStatus`.If `TreatingMissingData` is set to `Breaching`, it will be updated to `Unhealthy`. |
# Configuring logs for Amazon EventBridge event buses
<a name="eb-event-bus-logs"></a>
You can configure EventBridge to send logs detailing how an event bus is processing events, to help with troubleshooting and debugging.
You can select the following AWS services as *log destinations* to which EventBridge delivers logs for the specified event bus:
+ Amazon CloudWatch Logs
EventBridge delivers logs to the specified CloudWatch Logs log group.
Use CloudWatch Logs to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. For more information, see [Working with log groups and log streams](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html) in the *Amazon CloudWatch Logs User Guide*.
+ Amazon Data Firehose
EventBridge delivers logs to a Firehose delivery stream.
Amazon Data Firehose is a fully-managed service for delivering real-time streaming data to destinations such as certain AWS services, as well as any custom HTTP endpoint or HTTP endpoints owned by supported third-party service providers. For more information, see [Creating an Amazon Data Firehose delivery stream](https://docs.aws.amazon.com/firehose/latest/dev/basic-create.html) in the *Amazon Data Firehose User Guide*.
+ Amazon S3
EventBridge delivers logs as Amazon S3 objects to the specified bucket.
Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. For more information, see [Uploading, downloading, and working with objects in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/uploading-downloading-objects.html) in the *Amazon Simple Storage Service User Guide*.
## How logging works for event buses
<a name="eb-event-logs-overview"></a>
EventBridge generates logs for:
+ Any AWS service events that matches a rule on the event bus
+ Any events delivered by the following methods, whether or not the event is ingested successfully or matches any rule:
+ Events from [partner event sources](eb-saas.md)
+ Events [replayed from an archive](eb-archive.md)
+ Events sent to the bus via [`PutEvents`](eb-putevents.md)
EventBridge does not log events that only match [managed rules](eb-rules.md#eb-rules-managed).
The log data sent to each selected log destination is the same.
You can customize the logs EventBridge sends to the selected destinations in the following way:
+ You can specify the *log level*, which determines the steps for which EventBridge sends logs to the selected destinations. For more information, see [Specifying event bus log level](#eb-event-bus-logs-level).
+ You can specify whether EventBridge includes more granular information when relevant, including:
+ Event details
+ Target input information
+ Target request information
For more information, see [Including detail data in event bus logs](#eb-event-logs-data).
### Log delivery considerations
<a name="eb-event-logs-delivery"></a>
Keep the following considerations in mind as you configure logging for event buses:
+ Event bus log records are delivered on a best effort basis. Most requests for an event bus that is properly configured for logging result in a delivered log record. The completeness and timeliness of event bus logging is not guaranteed.
+ In some circumstances, delivering event bus log records itself generates events that are then sent to EventBridge, which can lead to disruption in log record delivery. For this reason, EventBridge does not log the following events:
+ AWS KMS `[Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html)` and `[GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html)` events generated when log records encrypted using a customer managed key are delivered to a log destination.
+ `[PutRecordBatch](https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html)` events in Firehose generated by the delivery of event bus logs.
+ For S3 log destinations, specifying a destination bucket with [event notification for EventBridge](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications-eventbridge.html) enabled is not recommended, as this can result in disruption in the delivery of your logs.
### Logging encryption
<a name="eb-event-logs-encryption"></a>
When sending logs, EventBridge encrypts the `detail` and `error` sections of each log record with the KMS key specified for the event bus. Once delivered, the record is decrypted and then re-encrypted with the KMS key specified for the log destination.
For more information, see [Encrypting event bus logs](encryption-bus-logs.md).
### Specifying event bus logging permissions
<a name="eb-event-logs-permission"></a>
To enable logging from an event bus, you must grant permissions for EventBridge to send logs from that bus. Add a policy that grants **AllowVendedLogDeliveryForResource** to the event bus.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ServiceLevelAccessForLogDelivery",
"Effect": "Allow",
"Action": [
"events:AllowVendedLogDeliveryForResource"
],
"Resource": "arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus*"
}
]
}
```
------
For more information, see [Service-specific permissions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-vended-logs-permissions) in the *CloudWatch Logs User Guide*.
## Specifying event bus log level
<a name="eb-event-bus-logs-level"></a>
You can specify the types of event processing steps which EventBridge logs to the selected log destinations.
Choose from the following levels of detail to include in logs. The log level applies to all log destinations specified for the event bus. Each log level includes the steps of the previous log levels.
+ **OFF** – EventBridge does not send any logs. This is the default.
+ **ERROR** – EventBridge sends any logs related to errors generated during event processing and target delivery.
+ **INFO** – EventBridge sends any logs related to errors, as well as major steps performed during event processing.
+ **TRACE** – EventBridge sends any logs generated during all steps in the event processing.
The following table lists the event processing steps included in each log level.
| Step | TRACE | INFO | ERROR | OFF |
| --- | --- | --- | --- | --- |
| Event Ingested | x | x | | |
| Event Ingestion Failed | x | x | x | |
| Event Received | x | | | |
| Invocation Attempt Started | x | | | |
| Invocation Attempt Permanent Failure | x | x | x | |
| Invocation Attempt Retry-able Failure | x | x | x | |
| Invocation Attempt Succeeded | x | | | |
| Invocation Attempt Throttled | x | x | x | |
| Invocation DLQ | x | x | x | |
| Invocation Failed | x | x | x | |
| Invocation Started | x | x | | |
| Invocation Succeeded | x | x | | |
| Invocation Throttle Started | x | x | x | |
| No Rules Matched | x | x | | |
| Rule Matched | x | x | | |
| Rule Matching Started | x | | | |
## Including detail data in event bus logs
<a name="eb-event-logs-data"></a>
You can specify for EventBridge to include more granular information in the logs it generates. This data can be useful for troubleshooting and debugging. If you select this option, EventBridge includes this data in the relevant records for all the specified log destinations.
Detail information includes the following fields:
+ `event_detail`: The details of the event itself.
+ `target_input`: The request EventBridge sends to the target.
+ `target_properties`:
## Truncating data in event bus logs
<a name="eb-event-logs-data-truncation"></a>
Due to log destination constraints, EventBridge limits log records to 1 MB. If a log record exceeds this limit, EventBridge truncates the record by removing the following fields in the following order:
+ `target_input`
+ `target_properties`
+ `target_response_body`
EventBridge removes the `event_detail` field from the following log record types if necessary:
+ `EVENT_RECEIVED`
+ `EVENT_INGESTED`
+ `EVENT_INGESTED_FAILED`
+ `RULE_MATCH_STARTED`
If truncation is necessary, EventBridge removes the entire field.
If EventBridge does truncate fields in the event, the `dropped_fields` field includes a list of the excised data fields.
## Error reporting in event bus logs
<a name="eb-event-logs-errors"></a>
EventBridge also includes error data, where available, in steps that represent failure states. These steps include:
+ `EVENT_INGEST_FAILURE`
+ `INVOCATION_THROTTLE_START`
+ `INVOCATION_ATTEMPT_THROTTLE`
+ `INVOCATION_ATTEMPT_RETRYABLE_FAILURE`
+ `INVOCATION_ATTEMPT_PERMANENT_FAILURE`
+ `INVOCATION_FAILURE`
+ `INVOCATION_DLQ`
# What Amazon EventBridge logs for event buses
<a name="eb-event-logs-execution-steps"></a>
Understanding how EventBridge processes events can aid you in using logs to troubleshoot or debug event bus issues.
If logging is enabled, EventBridge generates multiple log records as an event is processed.
Here are the main steps EventBridge performs when processing an event:
+ An event is sent to an event bus
EventBridge generates logs for events sent from partner sources, replayed from archives, or sent using `PutEvents`, whether or not they match any rules.
+ EventBridge determines if the event matches any rules on the bus.
If the event matches one or more rules, EventBridge proceeds to the next step.
If an AWS event doesn't match any rules, EventBridge discards the event and does not generate any logs.
+ EventBridge invokes the target.
EventBridge retries invoking the target as necessary until:
+ The event has been successfully delivered.
+ Event delivery fails, such as if the retry policy expires or a permanent failure occurs.
If delivery fails, EventBridge sends the event to a dead-letter queue (DLQ) if one is specified, or drops the event if no DLQ is specified.
The diagram below presents a detailed view of the event processing flow, with all possible steps represented, along with the log level of each step.
For a complete list of steps, see [Specifying log level](eb-event-bus-logs.md#eb-event-bus-logs-level).
![\[EventBridge proceeds through steps to process each event sent to the bus.\]](http://docs.aws.amazon.com/eventbridge/latest/userguide/images/bus_logging_eventbridge_conceptual.svg)
# Amazon EventBridge event bus log schema
<a name="eb-event-logs-schema"></a>
The following reference details the schema for EventBridge event bus log records. Each record represent a step EventBridge performs processing a specific event.
For more information, see [Logging event buses ](eb-event-bus-logs.md).
```
{
"resource\$1arn": "arn:aws:events:region:account:event-bus/bus-name",
"request\$1id": "guid",
"event\$1id": "guid",
"invocation\$1id": "guid",
"message\$1timestamp\$1ms": "date_time",
"message\$1type": "step",
"log\$1level": "TRACE | INFO | ERROR",
"details": {
},
"error": {
"http\$1status\$1code": code,
"error\$1message": "error_message",
"aws\$1service": "service_name",
"request\$1id": "service_request_id"
}
}
```
**resource\$1arn** <a name="event-log-schema-resource-arn"></a>
The Amazon Resource Name (ARN) for the event bus.
**request\$1id** <a name="event-log-schema-request-id"></a>
The ID of the request.
**event\$1id** <a name="event-log-schema-event-id"></a>
The ID of the event being processed.
**invocation\$1id** <a name="event-log-schema-invocation-id"></a>
The ID of the invocation for the event.
**message\$1timestamp\$1ms** <a name="event-log-schema-timestamp"></a>
The date and time the log event was emitted.
Unit: millisecond
**message\$1type** <a name="event-log-schema-message-type"></a>
The event processing step for which the log record was generated.
For more information on the steps EventBridge performs when processing an event, see [What Amazon EventBridge logs for event buses](eb-event-logs-execution-steps.md).
*Valid values:*
+ `EVENT_INGEST_FAILURE`
+ `EVENT_INGEST_SUCCESS`
+ `EVENT_RECEIPT`
+ `INVOCATION_ATTEMPT_PERMANENT_FAILURE`
+ `INVOCATION_ATTEMPT_RETRYABLE_FAILURE`
+ `INVOCATION_ATTEMPT_START`
+ `INVOCATION_ATTEMPT_SUCCESS`
+ `INVOCATION_ATTEMPT_THROTTLE`
+ `INVOCATION_DLQ`
+ `INVOCATION_FAILURE`
+ `INVOCATION_START`
+ `INVOCATION_SUCCESS`
+ `INVOCATION_THROTTLE_START`
+ `NO_STANDARD_RULES_MATCHED`
+ `RULE_MATCH`
+ `RULE_MATCH_START`
**log\$1level** <a name="event-log-schema-loglevel"></a>
The level of detail specified for the event bus log.
*Valid values*: `ERROR` \$1 `INFO` \$1 `TRACE`
For more information, see [Specifying event bus log level](eb-event-bus-logs.md#eb-event-bus-logs-level).
**details** <a name="event-log-schema-details"></a>
Contains step details, based on the step detail type.
The fields listed below are returned for the following message types:
+ `EVENT_INGEST_SUCCESS`
+ `EVENT_INGEST_FAILURE`
+ `EVENT_RECEIPT`
+ `RULE_MATCH_START`
```
{
"caller_account_id": "account_id",
"source_time_ms": date_time,
"source": "source",
"detail_type": " type",
"resources": [],
"event_detail": "{}"
}
```
The fields listed below are returned for the following message type:
+ `RULE_MATCH`
```
{
"rule_arn": "ARN",
"target_arns": [
"ARN"
],
"invocation_ids": [
"guid"
]
}
```
The fields listed below are returned for the following message types:
+ `INVOCATION_ATTEMPT_START`
+ `INVOCATION_START`
+ `INVOCATION_THROTTLE_START`
```
{
"rule_arn": "ARN",
"role_arn": "ARN",
"target_arn": "ARN",
"attempt_count": Integer,
"target_input": "string",
"target_properties": "string"
}
```
The fields listed below are returned for the following message types:
+ `INVOCATION_DLQ`
+ `INVOCATION_FAILURE`
+ `INVOCATION_SUCCESS`
```
{
"rule_arn": "ARN",
"role_arn": "ARN",
"target_arn": "ARN",
"target_input": "string",
"target_properties": "string",
"total_attempts": Integer,
"final_invocation_status": "status",
"ingestion_to_start_latency_ms": Integer,
"ingestion_to_complete_latency_ms": Integer,
"ingestion_to_success_latency_ms": Integer,
"target_duration_ms": Integer,
"target_response_body": "string"
}
```
The `ingestion_to_start_latency_ms` and `ingestion_to_complete_latency_ms` are only included in the first invocation attempt. The `ingestion_to_success_latency_ms` field is only included for successful invocations.
The fields listed below are returned for the following message types:
+ `INVOCATION_ATTEMPT_PERMANENT_FAILURE`
+ `INVOCATION_ATTEMPT_RETRYABLE_FAILURE`
+ `INVOCATION_ATTEMPT_SUCCESS`
+ `INVOCATION_ATTEMPT_THROTTLE`
```
{
"rule_arn": "ARN",
"role_arn": "ARN",
"target_arn": "ARN",
"attempt_type": "FIRST | THROTTLE | RETRY",
"attempt_count": Integer,
"invocation_status": "status",
"target_duration_ms": Integer,
"target_response_body": "string"
}
```
**dropped\$1fields** <a name="event-log-schema-dropped_fields"></a>
A list of any data fields EventBridge has truncated to keep the record below the 1 MB size limitation.
EventBridge does not include this field if it has truncated any detail fields.
For more information, see [Truncating data in event bus logs](eb-event-bus-logs.md#eb-event-logs-data-truncation).
**error** <a name="event-log-schema-error"></a>
Contains information for any error generated during this step. For errors, EV always includes the following fields:
+ `error_message`
+ `aws_service`
And the following fields if available:
+ `request_id`
+ `http_status_code`
If no error was generated during this step, EventBridge does not include this field in the log record.
**http\$1status\$1code** <a name="event-log-schema-http-status-code"></a>
The HTTP status code returned by the called service.
**error\$1message** <a name="event-log-schema-message"></a>
The error message returned by the called service.
**aws\$1service** <a name="event-log-schema-aws-service"></a>
The name of the service called.
**request\$1id** <a name="event-log-schema-error-request-id"></a>
The request ID for this request from the called service.