# Receiving events from a SaaS partner with Amazon EventBridge SaaS partner event sources To receive events from SaaS partner applications and services, you need a *partner event source* from the partner. A partner event source is a resource created by a partner that you can then accept as an event source. To accept the partner event source, you create a custom event bus and match it to the partner event source. ![\[An SaaS partner sends an event to a partner event source, which sends it to the partner event bus.\]](http://docs.aws.amazon.com/eventbridge/latest/userguide/images/bus-saas_eventbridge_conceptual.svg) The following video covers SaaS integrations with EventBridge: **Topics** + [ ## Supported SaaS partner integrations ](#eb-supported-integrations) + [ ## Configuring Amazon EventBridge to receive events from a SaaS integration ](#eb-saas-integration) + [ # Receiving SaaS events from AWS Lambda function URLs in Amazon EventBridge ](eb-saas-furls.md) + [ # Receiving events from Salesforce in Amazon EventBridge ](eb-saas-salesforce.md) ## Supported SaaS partner integrations EventBridge supports the following SaaS partner integrations: + [https://console.aws.amazon.com/events/#/partners/adobe.com?page=overview](https://console.aws.amazon.com/events/#/partners/adobe.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/appflow-salesforce.com?page=overview](https://console.aws.amazon.com/events/#/partners/appflow-salesforce.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/apptrail.com?page=overview](https://console.aws.amazon.com/events/#/partners/apptrail.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/atlan.com?page=overview](https://console.aws.amazon.com/events/#/partners/atlan.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/auth0.com?page=overview](https://console.aws.amazon.com/events/#/partners/auth0.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/authress.io?page=overview](https://console.aws.amazon.com/events/#/partners/authress.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/benchling.com?page=overview](https://console.aws.amazon.com/events/#/partners/benchling.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/bigcommerce.com?page=overview](https://console.aws.amazon.com/events/#/partners/bigcommerce.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/blitline.com?page=overview](https://console.aws.amazon.com/events/#/partners/blitline.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/buildkite.com?page=overview](https://console.aws.amazon.com/events/#/partners/buildkite.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/chargebee.com?page=overview](https://console.aws.amazon.com/events/#/partners/chargebee.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/checkout.com?page=overview](https://console.aws.amazon.com/events/#/partners/checkout.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/clevertap.com?page=overview](https://console.aws.amazon.com/events/#/partners/clevertap.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/cloudamqp.com?page=overview](https://console.aws.amazon.com/events/#/partners/cloudamqp.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/commercetools.com?page=overview](https://console.aws.amazon.com/events/#/partners/commercetools.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/datadoghq.com?page=overview](https://console.aws.amazon.com/events/#/partners/datadoghq.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/energysys.com?page=overview](https://console.aws.amazon.com/events/#/partners/energysys.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/epsagon.com?page=overview](https://console.aws.amazon.com/events/#/partners/epsagon.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/freshworks.com?page=overview](https://console.aws.amazon.com/events/#/partners/freshworks.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/genesys.com?page=overview](https://console.aws.amazon.com/events/#/partners/genesys.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/gladly.com?page=overview](https://console.aws.amazon.com/events/#/partners/gladly.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/gs2.io?page=overview](https://console.aws.amazon.com/events/#/partners/gs2.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/guidewire.com?page=overview](https://console.aws.amazon.com/events/#/partners/guidewire.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/hitachi-solutions.co.jp?page=overview](https://console.aws.amazon.com/events/#/partners/hitachi-solutions.co.jp?page=overview) + [https://console.aws.amazon.com/events/#/partners/ilert.com?page=overview](https://console.aws.amazon.com/events/#/partners/ilert.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/jiraservicemanagement.com?page=overview](https://console.aws.amazon.com/events/#/partners/jiraservicemanagement.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/karte.io?page=overview](https://console.aws.amazon.com/events/#/partners/karte.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/kloudless.com?page=overview](https://console.aws.amazon.com/events/#/partners/kloudless.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/mackerel.io?page=overview](https://console.aws.amazon.com/events/#/partners/mackerel.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/mongodb.com?page=overview](https://console.aws.amazon.com/events/#/partners/mongodb.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/newrelic.com?page=overview](https://console.aws.amazon.com/events/#/partners/newrelic.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/nops.io?page=overview](https://console.aws.amazon.com/events/#/partners/nops.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/okta.com?page=overview](https://console.aws.amazon.com/events/#/partners/okta.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/onelogin.com?page=overview](https://console.aws.amazon.com/events/#/partners/onelogin.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/operata.com?page=overview](https://console.aws.amazon.com/events/#/partners/operata.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/opsgenie.com?page=overview](https://console.aws.amazon.com/events/#/partners/opsgenie.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/pagerduty.com?page=overview](https://console.aws.amazon.com/events/#/partners/pagerduty.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/payshield.com.au?page=overview](https://console.aws.amazon.com/events/#/partners/payshield.com.au?page=overview) + [https://console.aws.amazon.com/events/#/partners/rhythmsoftware.com?page=overview](https://console.aws.amazon.com/events/#/partners/rhythmsoftware.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/rightsline.com?page=overview](https://console.aws.amazon.com/events/#/partners/rightsline.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/rootly.com?page=overview](https://console.aws.amazon.com/events/#/partners/rootly.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/saasus.io?page=overview](https://console.aws.amazon.com/events/#/partners/saasus.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/sailpoint.com?page=overview](https://console.aws.amazon.com/events/#/partners/sailpoint.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/scalr.com?page=overview](https://console.aws.amazon.com/events/#/partners/scalr.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/segment.com?page=overview](https://console.aws.amazon.com/events/#/partners/segment.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/shopify.com?page=overview](https://console.aws.amazon.com/events/#/partners/shopify.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/signalfx.com?page=overview](https://console.aws.amazon.com/events/#/partners/signalfx.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/site24x7.com?page=overview](https://console.aws.amazon.com/events/#/partners/site24x7.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/snowcatcloud.com?page=overview](https://console.aws.amazon.com/events/#/partners/snowcatcloud.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/snyk.io?page=overview](https://console.aws.amazon.com/events/#/partners/snyk.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/stax.io?page=overview](https://console.aws.amazon.com/events/#/partners/stax.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/stripe.com?page=overview](https://console.aws.amazon.com/events/#/partners/stripe.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/sugarcrm.com?page=overview](https://console.aws.amazon.com/events/#/partners/sugarcrm.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/symantec.com?page=overview](https://console.aws.amazon.com/events/#/partners/symantec.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/tealium.com?page=overview](https://console.aws.amazon.com/events/#/partners/tealium.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/thundra.io?page=overview](https://console.aws.amazon.com/events/#/partners/thundra.io?page=overview) + [https://console.aws.amazon.com/events/#/partners/triggermesh.com?page=overview](https://console.aws.amazon.com/events/#/partners/triggermesh.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/whispir.com?page=overview](https://console.aws.amazon.com/events/#/partners/whispir.com?page=overview) + [https://console.aws.amazon.com/events/#/partners/zendesk.com?page=overview](https://console.aws.amazon.com/events/#/partners/zendesk.com?page=overview) + [Amazon Seller Partner API](https://console.aws.amazon.com/events/#/partners/sellingpartnerapi.amazon.com?page=overview) ## Configuring Amazon EventBridge to receive events from a SaaS integration Receive SaaS events Configuring EventBridge to receive partner events consists of two main steps: + Creating the partner event source + Associating that partner source with a partner event bus **Note** Any events published by a partner to a partner event source that has not been associated with an event bus will be immediately dropped. Those events will not be persisted at rest in EventBridge. **Create a partner event source (console only)** 1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/). 1. In the navigation pane, choose **Partner event sources**. 1. Find the partner that you want and then choose **Set up** for that partner. 1. To copy your account ID to the clipboard, choose **Copy**. 1. In the navigation pane, choose **Partner event sources**. 1. Go to the partner's website and follow the instructions to create a partner event source using your account ID. The event source that you create is available to only your account. **Associate the partner source with a partner event bus (console)** 1. In the EventBridge console, choose **Partner event sources** in the navigation pane. 1. Select the button next to the partner event source and then choose **Associate with event bus**. The status of the event source changes from `Pending` to `Active`, and the name of the event bus updates to match the partner event source name. You can now start creating rules that match events from the partner event source. **Associate the partner source with a partner event bus (AWS CLI)** + Use [https://docs.aws.amazon.com/cli/latest/reference/events/create-event-bus.html](https://docs.aws.amazon.com/cli/latest/reference/events/create-event-bus.html) to create a partner event bus associated with the partner event source. Both `name` and `event-source-name` should be set to the partner event source name. For example: ``` aws events create-event-bus \ --name "aws.partner/saas-integration/name" \ --event-source-name "aws.partner/saas-integration/name" \ --region us-east-1 ``` After EventBridge creates the event bus, you can call [https://docs.aws.amazon.com/cli/latest/reference/events/describe-event-source.html](https://docs.aws.amazon.com/cli/latest/reference/events/describe-event-source.html) to return details about the partner source. The `State` of the partner source should be `ACTIVE`. ``` aws events describe-event-source --name "aws.partner/saas-integration/name" ``` **Note** Calling [https://docs.aws.amazon.com/cli/latest/reference/events/put-permission.html](https://docs.aws.amazon.com/cli/latest/reference/events/put-permission.html) on a partner event bus returns an error. Only the partner account of the event source associated with the partner event bus is permitted to send events to it. **Associate the partner source with a partner event bus (CloudFormation)** 1. Create a CloudFormation template that provisions an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html) resource with the partner event source. Both `Name` and `EventSourceName` should be set to the partner event source name. For example: ``` AWSTemplateFormatVersion: 2010-09-09 Description: Cloudformation template to create Event Bus for receiving partner events Resources: ExamplePartnerEventBus: Type: AWS::Events::EventBus Properties: EventSourceName: 'aws.partner/saas-integration/name' Name: 'aws.partner/saas-integration/name' ``` 1. Use [https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-stack.html](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-stack.html) or the CloudFormation console to create a stack from the template. For example: ``` aws cloudformation create-stack --stack-name eventbridge-saas --template-body file://template.yml --region us-east-1 ``` **Note** Including an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbuspolicy.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbuspolicy.html) resource for the partner event bus in your template will result in an error. Only the partner account of the event source associated with the partner event bus is permitted to send events to it. # Receiving SaaS events from AWS Lambda function URLs in Amazon EventBridge Receiving SaaS events through Lambda **Note** In order for the Inbound Webhook to be accessible by our partners, we're creating an Open Lambda in your AWS account that is secured at the Lambda application level by verifying the authentication signature sent by the third-party partner. Please review this configuration with your security team. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html#urls-auth-none). Your Amazon EventBridge [event bus](eb-event-bus.md) can use an [AWS Lambda function URL](https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html) created by an CloudFormation template to receive [events](eb-events.md) from supported SaaS providers. With function URLs, the event data is sent to a Lambda function. The function then converts this data into an event that can be ingested by EventBridge and sent to an event bus for processing. Once the event is on an event bus, you can use rules to filter the events, apply any configured input transformations, and then route it to the correct target. **Note** Creating Lambda function URLs will increase your monthly costs. For more information, see [AWS Lambda pricing](https://aws.amazon.com/lambda/pricing). To set up a connection to EventBridge, you first select the SaaS provider that you want to set up a connection with. Then, you provide a *signing secret* that you’ve created with that provider, and select the EventBridge event bus to send events to. Finally, you use an CloudFormation template and create the needed resources to complete the connection. The following SaaS providers are currently available for use with EventBridge using Lambda function URLs: + GitHub + Twilio **Topics** + [ ## Step 1: Create the CloudFormation stack ](#create-gh-cfn-stack) + [ ## Step 2: Create a GitHub webhook ](#create-gh-webhook) + [ ## Set up a connection to a Twilio ](#furls-connection-twilio) + [ ## Update webhook secret or auth token ](#furls-update-secret) + [ ## Update Lambda function ](#furls-update-function) + [ ## Available event types ](#furls-event-types) + [ ## Quotas, error codes, and retrying delivery ](#furls-quotas-errors) ## Step 1: Create the CloudFormation stack First, use the Amazon EventBridge console to create a CloudFormation stack: 1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/). 1. From the navigation pane, choose **Quick starts**. 1. Under **Inbound webhooks using Lambda fURLs**, choose **Get started**. 1. Under **GitHub**, choose **Set up**. 1. Under **Step 1: Select an event bus**, select an event bus from the dropdown list. This event bus receives data from the Lambda function URL that you provide to GitHub. You can also create an event bus by selecting **New event bus**. 1. Under **Step 2: Set up using CloudFormation**, choose **New GitHub webhook**. 1. Select **I acknowledge that the Inbound Webhook I create will be publicly accessible.** and choose **Confirm**. 1. Enter a name for the stack. 1. Under parameters, verify that the correct event bus is listed, then specify a secure token for the **GitHubWebhookSecret**. For more information on creating a secure token, see [Setting your secret token](https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks#setting-your-secret-token) in the GitHub documentation. 1. Under **Capabilities and transforms**, select each of the following: + **I acknowledge that CloudFormation might create IAM resources.** + **I acknowledge that CloudFormation might create IAM resources with custom names.** + **I acknowledge that CloudFormation might require the following capability: `CAPABILITY_AUTO_EXPAND`** 1. Choose **Create stack**. ## Step 2: Create a GitHub webhook Next, create the webhook on GitHub. You’ll need both the secure token and the Lambda function URL you created in step 2 to complete this step. For more information, see [Creating webhooks](https://docs.github.com/en/developers/webhooks-and-events/webhooks/creating-webhooks) in the GitHub documentation. ## Set up a connection to a Twilio ### Step 1: Find your Twilio auth token To set up a connection between Twilio and EventBridge, first set up the connection to Twilio with the auth token, or secret, for your Twilio account. For more information, see [Auth Tokens and How To Change Them](https://support.twilio.com/hc/en-us/articles/223136027-Auth-Tokens-and-How-to-Change-Them) in the Twilio documentation. ### Step 2: Create the CloudFormation stack 1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/). 1. In the navigation pane, choose **Quick starts**. 1. Under **Inbound webhooks using Lambda fURLs**, choose **Get started**. 1. Under **Twilio**, choose **Set up**. 1. Under **Step 1: Select and event bus**, sselect an event bus from the dropdown list. This event bus receives data from the Lambda function URL that you provide to Twilio. You can also create an event bus by selecting **New event bus**. 1. Under **Step 2: Set up using CloudFormation**, choose **New Twilio webhook**. 1. Select **I acknowledge that the Inbound Webhook I create will be publicly accessible.** and choose **Confirm**. 1. Enter a name for the stack. 1. Under parameters, verify that the correct event bus is listed, then enter the **TwilioWebhookSecret** that you created in Step 1. 1. Under **Capabilities and transforms**, select each of the following: + **I acknowledge that CloudFormation might create IAM resources.** + **I acknowledge that CloudFormation might create IAM resources with custom names.** + **I acknowledge that CloudFormation might require the following capability: CAPABILITY\$1AUTO\$1EXPAND** 1. Choose **Create stack**. ### Step 3: Create a Twilio webhook After you set up the Lambda function URL, you need to give it to Twilio so that event data can be sent. For more information, see [Configure your public URL with Twilio](https://www.twilio.com/docs/usage/webhooks/getting-started-twilio-webhooks#configure-your-public-url-with-twilio) in the Twilio documentation. ## Update webhook secret or auth token ### Update GitHub secret **Note** GitHub doesn’t support having two secrets at the same time. You may experience resource downtime while the GitHub secret and the secret in the CloudFormation stack are out of sync. GitHub messages sent while the secrets are out of sync will fail becaue of incorrect signatures. Wait until the GitHub and CloudFormation secrets are in sync, then try again. 1. Create a new GitHub secret. For more information, see [Encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in the GitHub documentation. 1. Open the CloudFormation console at [https://console.aws.amazon.com/cloudformation](https://console.aws.amazon.com/cloudformation/). 1. From the navigation pane, choose **Stacks**. 1. Choose the stack for the webhook that includes the secret you want to update. 1. Choose **Update**. 1. Make sure **Use current template** is selected and choose **Next**. 1. Under **GitHubWebhookSecret**, clear **Use existing value**, enter the new GitHub secret you created in step 1, and choose **Next**. 1. Choose **Next**. 1. Choose **Update stack**. It may take up to one hour for the secret to propagate. To reduce this downtime, you can refresh the Lambda execution context. ### Update Twilio secret **Note** Twilio doesn’t support having two secrets at the same time. You may experience resource downtime while the Twilio secret and the secret in the CloudFormation stack are out of sync. Twilio messages sent while the secrets are out of sync will fail because of incorrect signatures. Wait until the Twilio and CloudFormation secrets are in sync, then try again. 1. Create a new Twilio secret. For more information, see [Auth Tokens and How To Change Them](https://support.twilio.com/hc/en-us/articles/223136027-Auth-Tokens-and-How-to-Change-Them) in the Twilio documentation. 1. Open the CloudFormation console at [https://console.aws.amazon.com/cloudformation](https://console.aws.amazon.com/cloudformation/). 1. From the navigation pane, choose **Stacks**. 1. Choose the stack for the webhook that includes the secret you want to update. 1. Choose **Update**. 1. Make sure **Use current template** is selected and choose **Next**. 1. Under **TwilioWebhookSecret**, clear **Use existing value**, enter the new Twilio secret you created in step 1, and choose **Next**. 1. Choose **Next**. 1. Choose **Update stack**. It may take up to one hour for the secret to propagate. To reduce this downtime, you can refresh the Lambda execution context. ## Update Lambda function The Lambda function that's created by the CloudFormation stack creates the basic webhook. If you want to customize the Lambda function for a specific use case, such as customized logging, use the CloudFormation console to access the function and then use the Lambda console to update the Lambda function code. **Access the Lambda function** 1. Open the CloudFormation console at [https://console.aws.amazon.com/cloudformation](https://console.aws.amazon.com/cloudformation/). 1. From the navigation pane, choose **Stacks**. 1. Choose the stack for the webhook that includes the Lambda function you want to update. 1. Choose **Resources** tab. 1. To open the Lambda function in the Lambda console, under **Physical ID**, choose the ID of the Lambda function. Now that you've accessed the Lambda function, use the Lambda console to update the function code. **Update the Lambda function code** 1. Under **Actions**, choose **Export function**. 1. Choose **Download deployment package** and save the file to your computer. 1. Unzip the deployment package .zip file, update the `app.py` file, and zip the updated deployment package, making sure all the files in the original .zip file are included. 1. In the Lambda console, choose the **Code** tab. 1. Under **Code source**, choose **Upload from**. 1. Choose **.zip file**, and then choose **Upload**. 1. In the file chooser, select the file you updated, choose **Open**, and then choose **Save**. 1. Under **Actions**, choose **Publish new version**. ## Available event types The following event types are currently supported by CloudFormation event buses: + **GitHub** – [All event types](https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads) are supported. + **Twilio** – [Post-event webhooks](https://www.twilio.com/docs/chat/webhook-events) are supported. ## Quotas, error codes, and retrying delivery ### Quotas The number of incoming requests to the webhook is capped by the underlying AWS services. The following table includes the relevant quotas. | Service | Quota | | --- | --- | | AWS Lambda | Default: 10 concurrent executions For more information about quotas, including requesting quota increases, see [Lambda quotas](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html). | | AWS Secrets Manager | Default: 5,000 requests per second For more information about quotas, including requesting quota increases, see [AWS Secrets Manager quotas](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html). The number of requests per second is minimized using the [AWS Secrets Manager Python caching client](https://github.com/aws/aws-secretsmanager-caching-python#cache-configuration). | | Amazon EventBridge | 1 MB maximum entry size for PutEvents actions. EventBridge enforces Region-based rate quotas. For more information, see [EventBridge event bus quotas](eb-quota.md#eb-limits). | ### Error codes Each AWS service returns specific error codes when errors occur. The following table includes the relevant error codes. | Service | Error code | Description | | --- | --- | --- | | AWS Lambda | 429 “TooManyRequestsExption” | The concurrent execution quota is exceeded. | | AWS Secrets Manager | 500 “Internal Server Error” | The requests per second quota is exceeded. | | Amazon EventBridge | 500 “Internal Server Error” | The rate quota is exceeded for the Region. | ### Event redelivery When errors happen you can retry delivery of the affected events. Each SaaS provider has different retry procedures. #### GitHub Use the GitHub webhooks API to check the deliver status of any webhook call and redeliver the event, if needed. For more information, see the following GitHub documentation: + **Organization** – [Redeliver a delivery for an organization webhook](https://docs.github.com/en/rest/orgs/webhooks#redeliver-a-delivery-for-an-organization-webhook) + **Repository** – [Redeliver a delivery for a repository webhook](https://docs.github.com/en/rest/webhooks/repo-deliveries#redeliver-a-delivery-for-a-repository-webhook) + **App** – [Redeliver a delivery for an app webhook](https://docs.github.com/en/rest/apps/webhooks#redeliver-a-delivery-for-an-app-webhook) #### Twilio Twilio users can customize event retry options using connection overrides. For more information, see [Webhooks (HTTP callbacks): Connection Overrides ](https://www.twilio.com/docs/usage/webhooks/webhooks-connection-overrides) in the Twilio documentation. # Receiving events from Salesforce in Amazon EventBridge Receiving events from Salesforce You can use Amazon EventBridge to receive [events](eb-events.md) from Salesforce in following ways: + By using Salesforce's Event Bus Relay feature to receive events directly on an EventBridge partner event bus. + By configuring a flow in [Amazon AppFlow](https://aws.amazon.com/appflow/) that uses Salesforce as a data source. Amazon AppFlow then sends Salesforce events to EventBridge by using a [partner event bus](eb-saas.md). You can send event information to Salesforce using API destinations. Once the event is sent to Salesforce, it can be processed by [Flows](https://help.salesforce.com/s/articleView?id=flow.htm) or [Apex triggers](https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_triggers.htm). For more information about setting up a Salesforce API destination, see [Tutorial: Send events to Salesforce from Amazon EventBridge](eb-tutorial-salesforce.md). **Topics** + [ ## Receiving events from Salesforce using Event Bus Relay ](#eb-saas-salesforce-relay) + [ ## Receiving events from Salesforce using Amazon AppFlow ](#eb-saas-salesforce-appflow) ## Receiving events from Salesforce using Event Bus Relay Receiving events from Salesforce using Event Bus Relay ### Step 1: Set up Salesforce Event Bus Relay and an EventBridge partner event source When you create an event relay configuration on Salesforce, Salesforce creates a partner event source in EventBridge in the pending state. **To configure Salesforce Event Bus Relay** 1. [Set Up a REST API Tool](https://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/Salesforce_Event_Bus_Relay_Pilot.pdf#h.z63eim1tqkm3) 1. [(Optional) Define a Platform Event](https://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/Salesforce_Event_Bus_Relay_Pilot.pdf#h.2m5t2i52o23m) 1. [Create a Channel for a Custom Platform Event](https://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/Salesforce_Event_Bus_Relay_Pilot.pdf#h.s0spl5puf9d0) 1. [Create a Channel Member to Associate the Custom Platform Event](https://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/Salesforce_Event_Bus_Relay_Pilot.pdf#h.rdhi4awp8cvv) 1. [Create a Named Credential](https://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/Salesforce_Event_Bus_Relay_Pilot.pdf#h.etec44jyv3og) 1. [Create an Event Relay Configuration](https://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/Salesforce_Event_Bus_Relay_Pilot.pdf#h.43rfyeehz0w5) ### Step 2: Activate Salesforce partner event source in the EventBridge console and start the event relay 1. Open the [Partner event sources](https://console.aws.amazon.com/events/home?#/partners) page in the EventBridge console. 1. Select the Salesforce partner event source that you created in Step 1. 1. Choose **Associate with event bus**. 1. Validate the name of the partner event bus. 1. Choose **Associate**. 1. [Start the Event Relay](https://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/Salesforce_Event_Bus_Relay_Pilot.pdf#h.t01b3xp87vhu) Now that you've set up and started the Event Bus Relay and configured the partner event source you can create an [EventBridge rule that reacts to events](eb-create-rule-visual.md) to filter and send the data to a [target](eb-targets.md). ## Receiving events from Salesforce using Amazon AppFlow Receiving events from Salesforce using Amazon AppFlow Amazon AppFlow encapsulates events from Salesforce in an EventBridge event envelope. The following example shows a Salesforce event received by an EventBridge partner event bus. ``` { "version": "0", "id": "5c42b99e-e005-43b3-c744-07990c50d2cc", "detail-type": "AccountChangeEvent", "source": "aws.partner/appflow.test/salesforce.com/364228160620/CustomSF-Source-Final", "account": "000000000", "time": "2020-08-20T18:25:51Z", "region": "us-west-2", "resources": [], "detail": { "ChangeEventHeader": { "commitNumber": 248197218874, "commitUser": "0056g000003XW7AAAW", "sequenceNumber": 1, "entityName": "Account", "changeType": "UPDATE", "changedFields": [ "LastModifiedDate", "Region__c" ], "changeOrigin": "com/salesforce/api/soap/49.0;client=SfdcInternalAPI/", "transactionKey": "000035af-b239-0581-9f14-461e4187de11", "commitTimestamp": 1597947935000, "recordIds": [ "0016g00000MLhLeAAL" ] }, "LastModifiedDate": "2020-08-20T18:25:35.000Z", "Region__c": "America" } } ``` ### Step 1: Configure Amazon AppFlow to use Salesforce as a partner event source To send events to EventBridge, you first need to configure Amazon AppFlow to use Salesforce as a partner event source. 1. In the [Amazon AppFlow console](https://console.aws.amazon.com/appflow/), choose **Create flow**. 1. In the **Flow details** section, in **Flow name** enter a name for your flow. 1. (Optional) Enter a description for the flow and then choose **Next**. 1. Under **Source details**, choose *Salesforce* from the **Source name** drop-down, and then choose **Connect** to create a new connection. 1. In the **Connect to Salesforce** dialog box, choose either **Production** or **Sandbox** for the Salesforce environment. 1. In the **Connection name** field, enter a unique name for the connection, and then choose **Continue**. 1. In the Salesforce dialog box, do the following: 1. Enter your Salesforce sign-in credentials to log in to Salesforce. 1. Select Salesforce events for the types of data for Amazon AppFlow to process. 1. In the **Choose Salesforce event** drop-down, select the type of event to send to EventBridge. 1. For a destination, select **Amazon EventBridge**. 1. Select **Create new partner event source**. 1. (Optional) Specify a unique suffix for the partner event source. 1. Choose **Generate partner event source**. 1. Choose an Amazon S3 bucket to store event payload files that are larger than 1 MB. 1. In the **Flow trigger** section, ensure that **Run flow on event** is selected. This setting ensures that the flow is executed when a new Salesforce event occurs. 1. Choose **Next**. 1. For field mapping, select **Map all fields directly**. Alternatively, you can select the fields that are of interest from the **Source field name** list. For more information about field mapping, see [Map data fields](https://docs.aws.amazon.com//appflow/latest/userguide/getting-started.html#map-fields). 1. Choose **Next**. 1. (Optional) Configure filters for data fields in Amazon AppFlow. 1. Choose **Next**. 1. Review the settings and then choose **Create flow**. With the flow configured, Amazon AppFlow creates a new partner event source that you then need to associate with a partner event bus in your account. ### Step 2: Configure EventBridge to receive Salesforce events Ensure that the Amazon AppFlow flow that is triggered from Salesforce events with EventBridge as a destination is configured before following instructions in this section. **To configure EventBridge to receive Salesforce events** 1. Open the [Partner event sources](https://console.aws.amazon.com/events/home?#/partners) page in the EventBridge console. 1. Select the Salesforce partner event source that you created in Step 1. 1. Choose **Associate with event bus**. 1. Validate the name of the partner event bus. 1. Choose **Associate**. 1. In the Amazon AppFlow console, open the flow you created and choose **Activate flow**. 1. Open the [Rules](https://console.aws.amazon.com/events/home?#/rules) page in the EventBridge console. 1. Choose **Create rule**. 1. Enter a unique name for the rule. 1. Choose **Event pattern** in the **Define pattern** section. 1. For **Event matching pattern**, select **Pre-defined pattern by service**. 1. For **Service provider** section, select **All Events**. 1. For **Select event bus**, choose **Custom or partner event bus**. 1. Select the event bus that you associated with the Amazon AppFlow partner event source. 1. For **Select targets**, choose the AWS service that is to act when the rule runs. One rule can have up to five targets. 1. Choose **Create**. The target service receives all Salesforce events configured for your account. To filter the events or send some events to different targets, you can use [content-based filtering with event patterns](eb-create-pattern.md#eb-event-patterns-content-based-filtering). **Note** For events larger than 1 MB, Amazon AppFlow doesn't send the full event to EventBridge. Instead, Amazon AppFlow puts the event into an S3 bucket in your account, and then sends an event to EventBridge with a pointer to the Amazon S3 bucket. You can use the pointer to get the full event from the bucket.