# AWS services and tools integrations with Amazon EventBridge Services and tools integration Amazon EventBridge works with other AWS services and tools to process [events](eb-events.md) or invoke a resource as the [target](eb-targets.md) of a [rule](eb-rules.md). For more information about EventBridge integrations with other AWS services and tools, see the following: **Topics** + [AWS CloudFormation](related-services-cfn.md) + [Kafka connector](kafka-connector.md) + [Interface VPC Endpoints](eb-related-service-vpc.md) + [AWS X-Ray](eb-related-service-xray.md) # Including Amazon EventBridge resources in AWS CloudFormation stacks AWS CloudFormation CloudFormation enables you to configure and manage your AWS resources across accounts and regions in a centralized and repeatable manner by treating infrastructure as code. CloudFormation does this by letting you create *templates*, which define the resources you want to provision and manage. These resources can include EventBridge artifacts such as event buses and rules, pipes, schemas, and schedules, among others. Use these resources to include EventBridge functionality in the technology stacks you provision and manage through CloudFormation. ## Amazon EventBridge resources available in AWS CloudFormation EventBridge resources EventBridge provides resources for use in CloudFormation templates in the following resource namespaces: + [AWS::Events](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Events.html) Template examples include: + [Create an API destination for PagerDuty](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-apidestination.html#aws-resource-events-apidestination--examples) + [Create an API destinatio for Slack](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-apidestination.html#aws-resource-events-apidestination--examples) + [Create a connection with ApiKey authorization parameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.html#aws-resource-events-connection--examples) + [Create a connection with OAuth authorization parameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.html#aws-resource-events-connection--examples) + [Create a global endpoint with event replication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-endpoint.html#aws-resource-events-endpoint--examples) + [Deny policy using multiple principals and actions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbuspolicy.html#aws-resource-events-eventbuspolicy--examples) + [Grant permission to an organization using a custom event bus](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbuspolicy.html#aws-resource-events-eventbuspolicy--examples) + [Create a cross-Region rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#aws-resource-events-rule--examples) + [Create a rule that includes a dead-letter queue for a target](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#aws-resource-events-rule--examples) + [Regularly invoke a Lambda function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#aws-resource-events-rule--examples) + [Invoke Lambda function in response to an event](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#aws-resource-events-rule--examples) + [Notify a topic in response to a log nntry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#aws-resource-events-rule--examples) + [AWS::EventSchemas](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_EventSchemas.html) + [AWS::Pipes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Pipes.html) Template examples include: + [Create a pipe with an event filter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-pipes-pipe.html#aws-resource-pipes-pipe--examples) + [AWS::Scheduler](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Scheduler.html) ## Generating Amazon EventBridge resource definitions for AWS CloudFormation templates Generating resource definitions As an aid to help you jumpstart developing CloudFormation templates, the EventBridge console enables you to create CloudFormation templates from the existing event buses, rules, and pipes in your account. + [Generating an CloudFormation template from an existing EventBridge event bus](eb-generate-event-bus-template.md) + [Generating an AWS CloudFormation template from an existing EventBridge rule](rule-generate-template.md) + [Generating an CloudFormation template from EventBridge Pipes](pipes-generate-template.md) ## Bringing the default event bus under CloudFormation management Importing the default event bus Because EventBridge provisions the default event bus into your account automatically, you cannot create it using a CloudFormation template, as you normally would for any resource you wanted to include in a CloudFormation stack. To include the default event bus in a CloudFormation stack, you must first *import* it into a stack. Once you have imported the default event bus into a stack, you can then update the event bus properties as desired. For more information, see [Updating a default event bus using AWS CloudFormation in EventBridge](event-bus-update-default-cfn.md) ## Managing CloudFormation stack events using EventBridge Managing CloudFormation stack events Beyond including EventBridge resources in your CloudFormation stacks, you can use EventBridge to manage the events generated by CloudFormation stacks themselves. CloudFormation sends events to EventBridge whenever a create, update, delete, or drift-detection operation is performed on a stack. CloudFormation also sends events to EventBridge for status changes to stack sets and stack set instances. You can use EventBridge rules to route events to your defined targets. For more information, see [Managing CloudFormation events using EventBridge](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks-event-bridge.html) in the *CloudFormation User Guide*. # Kafka connector for Amazon EventBridge Kafka connector The Kafka sink connector for EventBridge allows you convert records from one or more Kafka topics into events, and send those events to the event bus of your choice. The connector includes the following capabilities: + Customizable mapping of Kafka records to event types. You can customize the mapping of Kafka topic names to the event type, including using JsonPath expressions. This enables you to configure the connector to consume from multiple Kafka topics and filter the events sent to the specified event bus. + Offload large event payloads to Amazon S3. Kafka topics can contain records exceeding the size limit of [PutEvents](eb-putevents.md). You can configure the connector to offload events to Amazon S3 prior to calling PutEvents. + Support for dead-letter topics. + Schema registry support for Avro and Protocol Buffers (Protobuf) The [Kafka Connector for Amazon EventBridge](https://github.com/awslabs/eventbridge-kafka-connector/blob/main/README.md) is available on GitHub. For detailed instruction on installing and configuring the connector using Amazon MSK Connect, see [Set up EventBridge Kafka sink connector for Amazon MSK Connect](https://docs.aws.amazon.com/msk/latest/developerguide/mkc-eventbridge-kafka-connector.html) in the *Amazon Managed Streaming for Apache Kafka Developer Guide*. # Using Amazon EventBridge with Interface VPC endpoints Interface VPC Endpoints If you use Amazon Virtual Private Cloud (Amazon VPC) to host your AWS resources, you can establish a private connection between your VPC and EventBridge. Your resources on your VPC can use this connection to communicate with EventBridge. With a VPC, you have control over your network settings, such as the IP address range, subnets, route tables, and network gateways. To connect your VPC to EventBridge, you define an *interface VPC endpoint* for EventBridge. The endpoint provides reliable, scalable connectivity to EventBridge without requiring an internet gateway, network address translation (NAT) instance, or VPN connection. For more information, see [What is Amazon VPC](https://docs.aws.amazon.com/vpc/latest/userguide/) in the *Amazon VPC User Guide*. Interface VPC endpoints are powered by AWS PrivateLink, which enables private communication between AWS services using an elastic network interface with private IP addresses. For more information, see [AWS PrivateLink and VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-overview.html). ![\[Private interface endpoints providing connections between VPCs and EventBridge event buses, pipes, and schemas.\]](http://docs.aws.amazon.com/eventbridge/latest/userguide/images/interface-vpc_eventbridge_conceptual.svg) When you use a private interface VPC endpoint, custom [events](eb-events.md) your VPC sends to EventBridge use that endpoint. EventBridge then sends those events to other AWS services based on the [rules](eb-rules.md) and [targets](eb-targets.md) that you've configured. Once events are sent to another service you can receive them through either the public endpoint or a VPC endpoint for that service. For example, if you create a rule to send events to an Amazon SQS queue, you can configure an interface VPC endpoint for Amazon SQS to receive messages from that queue in your VPC without using the public endpoint. ## Creating a VPC endpoint for EventBridge Creating a VPC endpoint To use EventBridge with your VPC, create an interface VPC endpoint for EventBridge and choose the appropriate EventBridge service name. For more information, see [Creating an Interface Endpoint](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint.html) in the *Amazon VPC User Guide*. + **Event buses** Service name: **com.amazonaws.*region*.events** Event bus FIPS endpoints also support VPC endpoints. For a complete list of FIPS endpoints, see [EventBridge endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/ev.html) in the *AWS General Reference.*. Service name: **com.amazonaws.*region*.events-fips** + **Pipes** Service name: **com.amazonaws.*region*.pipes** EventBridge Pipes supports endpoints for all [pipe API operations](https://docs.aws.amazon.com/eventbridge/latest/pipes-reference/Welcome.html). Pipes FIPS endpoints also support VPC endpoints. For a complete list of FIPS endpoints, see [EventBridge Pipes endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/ev_pipes.html) in the *AWS General Reference.*. Service name: **com.amazonaws.*region*.pipes-fips** You can also use a VPC endpoint to fulfill networking requirements for Pipes Apache Kafka and Amazon MQ sources. Service name: **com.amazonaws.*region*.pipes-data** For more information, refer to the following: + [Apache Kafka network configuration](eb-pipes-kafka.md#pipes-kafka-vpc-config) + [Amazon MSK network configuration](eb-pipes-msk.md#pipes-msk-vpc-config) + [Amazon MQ network configuration](eb-pipes-mq.md#pipes-mq-vpc-config) **Note** VPC endpoints to **pipes-data** do not support VPC Endpoint resource policies. VPC endpoints to **pipes** and **pipes-fips** do support VPC Endpoint resource policies that allow you to: Deny access to specific Pipe APIs. Limit access on some APIs to specific Pipes by ARN using the IAM **Resource** condition key. + **Schemas** Service name: **com.amazonaws.*region*.schema** EventBridge supports endpoints for all [schema API operations](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/what-is-eventbridge-schemas.html). # Amazon EventBridge integration with AWS X-Ray AWS X-Ray You can use AWS X-Ray to trace [events](eb-events.md) that pass through EventBridge. EventBridge passes the original trace header to the [target](eb-targets.md) so that target services can track, analyze, and debug. EventBridge can pass a trace header for an event only if the event came from a `PutEvents` request that passed the trace context. X-Ray doesn't trace events that originate from third-party partners, scheduled events, or [AWS services](eb-events.md#eb-service-event), and these event sources don't appear on your X-Ray service map. X-Ray validates trace headers, and trace headers that aren't valid are dropped. However, the event is still processed. **Important** The trace header is **not** available on the event that's delivered to the invocation target. If you have an [event archive](eb-archive-event.md), the trace header isn't available on archived events. If you replay archived events, the trace header isn't included. If you have a [dead-letter queue (DLQ)](eb-rule-dlq.md), the trace header is included in the `SendMessage` request that sends the event to the DLQ. If you retrieve events (messages) from the DLQ by using `ReceiveMessage`, the trace header associated with the event is included on the Amazon SQS message attribute, but it isn't included in the event message. For information about how an EventBridge event node connects source and target services, see [Viewing source and targets in the X-Ray service map](https://docs.aws.amazon.com//xray/latest/devguide/xray-services-eventbridge.html#xray-services-eventbridge-service-map) in the *AWS X-Ray Developer Guide*. You can pass the following trace header information through EventBridge: + **Default HTTP header** – The X-Ray SDK automatically populates the trace header as the `X-Amzn-Trace-Id` HTTP header for all invocation targets. To learn more about the default HTTP header, see [Tracing header](https://docs.aws.amazon.com//xray/latest/devguide/xray-concepts.html#xray-concepts-tracingheader) in the *AWS X-Ray Developer Guide*.. + **`TraceHeader` system attribute** – `TraceHeader` is a [PutEventsRequestEntry attribute](https://docs.aws.amazon.com//eventbridge/latest/APIReference/API_PutEventsRequestEntry.html) reserved by EventBridge to carry the X-Ray trace header to a target. If you also use `PutEventsRequestEntry`, `PutEventsRequestEntry` overrides the HTTP trace header. **Note** The trace header doesn't count towards the `PutEventsRequestEntry` event size. For more information, see [Calculating PutEvents event entry size](eb-putevents.md#eb-putevent-size). The following video demonstrates the use of X-Ray and EventBridge together: