Creates a connection. A connection defines the authorization type and credentials to use for authorization with an API destination HTTP endpoint.
For more information, see Connections for endpoint targets in the Amazon EventBridge User Guide .
See also: AWS API Documentation
  create-connection
--name <value>
[--description <value>]
--authorization-type <value>
--auth-parameters <value>
[--invocation-connectivity-parameters <value>]
[--kms-key-identifier <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
--name (string) [required]
The name for the connection to create.
Constraints:
- min:
1- max:
64- pattern:
[\.\-_A-Za-z0-9]+
--description (string)
A description for the connection to create.
Constraints:
- max:
512- pattern:
.*
--authorization-type (string) [required]
The type of authorization to use for the connection.
Note
OAUTH tokens are refreshed when a 401 or 407 response is returned.Possible values:
BASIC
OAUTH_CLIENT_CREDENTIALS
API_KEY
--auth-parameters (structure) [required]
The authorization parameters to use to authorize with the endpoint.
You must include only authorization parameters for the
AuthorizationTypeyou specify.BasicAuthParameters -> (structure)
The Basic authorization parameters to use for the connection.
Username -> (string) [required]
The user name to use for Basic authorization.
Constraints:
- min:
1- max:
512- pattern:
^[ \t]*[^\x00-\x1F:\x7F]+([ \t]+[^\x00-\x1F:\x7F]+)*[ \t]*$Password -> (string) [required]
The password associated with the user name to use for Basic authorization.
Constraints:
- min:
1- max:
512- pattern:
^[ \t]*[^\x00-\x1F:\x7F]+([ \t]+[^\x00-\x1F:\x7F]+)*[ \t]*$OAuthParameters -> (structure)
The OAuth authorization parameters to use for the connection.
ClientParameters -> (structure) [required]
The client parameters for OAuth authorization.
ClientID -> (string) [required]
The client ID to use for OAuth authorization for the connection.
Constraints:
- min:
1- max:
512- pattern:
^[ \t]*[^\x00-\x1F:\x7F]+([ \t]+[^\x00-\x1F:\x7F]+)*[ \t]*$ClientSecret -> (string) [required]
The client secret associated with the client ID to use for OAuth authorization for the connection.
Constraints:
- min:
1- max:
512- pattern:
^[ \t]*[^\x00-\x1F:\x7F]+([ \t]+[^\x00-\x1F:\x7F]+)*[ \t]*$AuthorizationEndpoint -> (string) [required]
The URL to the authorization endpoint when OAuth is specified as the authorization type.
Constraints:
- min:
1- max:
2048- pattern:
^((%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@\x26=+$,A-Za-z0-9])+)([).!';/?:,])?$HttpMethod -> (string) [required]
The method to use for the authorization request.
Possible values:
GET
POST
PUTOAuthHttpParameters -> (structure)
Details about the additional parameters to use for the connection.
HeaderParameters -> (list)
Any additional header parameters for the connection.
Constraints:
- min:
0- max:
100(structure)
Additional parameter included in the header. You can include up to 100 additional header parameters per request. An event payload cannot exceed 64 KB.
Key -> (string)
The key for the parameter.
Constraints:
- max:
512- pattern:
^[!#$%&'*+-.^_`|~0-9a-zA-Z]+$Value -> (string)
The value associated with the key.
Constraints:
- max:
512- pattern:
^[ \t]*[\x20-\x7E]+([ \t]+[\x20-\x7E]+)*[ \t]*$IsValueSecret -> (boolean)
Specifies whether the value is a secret.QueryStringParameters -> (list)
Any additional query string parameters for the connection.
Constraints:
- min:
0- max:
100(structure)
Any additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.
Key -> (string)
The key for a query string parameter.
Constraints:
- max:
512- pattern:
[^\x00-\x1F\x7F]+Value -> (string)
The value associated with the key for the query string parameter.
Constraints:
- max:
512- pattern:
[^\x00-\x09\x0B\x0C\x0E-\x1F\x7F]+IsValueSecret -> (boolean)
Specifies whether the value is secret.BodyParameters -> (list)
Any additional body string parameters for the connection.
Constraints:
- min:
0- max:
100(structure)
Additional parameter included in the body. You can include up to 100 additional body parameters per request. An event payload cannot exceed 64 KB.
Key -> (string)
The key for the parameter.Value -> (string)
The value associated with the key.IsValueSecret -> (boolean)
Specifies whether the value is secret.ApiKeyAuthParameters -> (structure)
The API key authorization parameters to use for the connection.
ApiKeyName -> (string) [required]
The name of the API key to use for authorization.
Constraints:
- min:
1- max:
512- pattern:
^[ \t]*[^\x00-\x1F:\x7F]+([ \t]+[^\x00-\x1F:\x7F]+)*[ \t]*$ApiKeyValue -> (string) [required]
The value for the API key to use for authorization.
Constraints:
- min:
1- max:
512- pattern:
^[ \t]*[^\x00-\x1F:\x7F]+([ \t]+[^\x00-\x1F:\x7F]+)*[ \t]*$InvocationHttpParameters -> (structure)
The API key authorization parameters to use for the connection. Note that if you include additional parameters for the target of a rule via
HttpParameters, including query strings, the parameters added for the connection take precedence.HeaderParameters -> (list)
Any additional header parameters for the connection.
Constraints:
- min:
0- max:
100(structure)
Additional parameter included in the header. You can include up to 100 additional header parameters per request. An event payload cannot exceed 64 KB.
Key -> (string)
The key for the parameter.
Constraints:
- max:
512- pattern:
^[!#$%&'*+-.^_`|~0-9a-zA-Z]+$Value -> (string)
The value associated with the key.
Constraints:
- max:
512- pattern:
^[ \t]*[\x20-\x7E]+([ \t]+[\x20-\x7E]+)*[ \t]*$IsValueSecret -> (boolean)
Specifies whether the value is a secret.QueryStringParameters -> (list)
Any additional query string parameters for the connection.
Constraints:
- min:
0- max:
100(structure)
Any additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.
Key -> (string)
The key for a query string parameter.
Constraints:
- max:
512- pattern:
[^\x00-\x1F\x7F]+Value -> (string)
The value associated with the key for the query string parameter.
Constraints:
- max:
512- pattern:
[^\x00-\x09\x0B\x0C\x0E-\x1F\x7F]+IsValueSecret -> (boolean)
Specifies whether the value is secret.BodyParameters -> (list)
Any additional body string parameters for the connection.
Constraints:
- min:
0- max:
100(structure)
Additional parameter included in the body. You can include up to 100 additional body parameters per request. An event payload cannot exceed 64 KB.
Key -> (string)
The key for the parameter.Value -> (string)
The value associated with the key.IsValueSecret -> (boolean)
Specifies whether the value is secret.ConnectivityParameters -> (structure)
If you specify a private OAuth endpoint, the parameters for EventBridge to use when authenticating against the endpoint.
For more information, see Authorization methods for connections in the * Amazon EventBridge User Guide * .
ResourceParameters -> (structure) [required]
The parameters for EventBridge to use when invoking the resource endpoint.
ResourceConfigurationArn -> (string) [required]
The Amazon Resource Name (ARN) of the Amazon VPC Lattice resource configuration for the resource endpoint.
Constraints:
- min:
0- max:
2048- pattern:
^(?:^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$|^$)
JSON Syntax:
{
  "BasicAuthParameters": {
    "Username": "string",
    "Password": "string"
  },
  "OAuthParameters": {
    "ClientParameters": {
      "ClientID": "string",
      "ClientSecret": "string"
    },
    "AuthorizationEndpoint": "string",
    "HttpMethod": "GET"|"POST"|"PUT",
    "OAuthHttpParameters": {
      "HeaderParameters": [
        {
          "Key": "string",
          "Value": "string",
          "IsValueSecret": true|false
        }
        ...
      ],
      "QueryStringParameters": [
        {
          "Key": "string",
          "Value": "string",
          "IsValueSecret": true|false
        }
        ...
      ],
      "BodyParameters": [
        {
          "Key": "string",
          "Value": "string",
          "IsValueSecret": true|false
        }
        ...
      ]
    }
  },
  "ApiKeyAuthParameters": {
    "ApiKeyName": "string",
    "ApiKeyValue": "string"
  },
  "InvocationHttpParameters": {
    "HeaderParameters": [
      {
        "Key": "string",
        "Value": "string",
        "IsValueSecret": true|false
      }
      ...
    ],
    "QueryStringParameters": [
      {
        "Key": "string",
        "Value": "string",
        "IsValueSecret": true|false
      }
      ...
    ],
    "BodyParameters": [
      {
        "Key": "string",
        "Value": "string",
        "IsValueSecret": true|false
      }
      ...
    ]
  },
  "ConnectivityParameters": {
    "ResourceParameters": {
      "ResourceConfigurationArn": "string"
    }
  }
}
--invocation-connectivity-parameters (structure)
For connections to private APIs, the parameters to use for invoking the API.
For more information, see Connecting to private APIs in the * Amazon EventBridge User Guide * .
ResourceParameters -> (structure) [required]
The parameters for EventBridge to use when invoking the resource endpoint.
ResourceConfigurationArn -> (string) [required]
The Amazon Resource Name (ARN) of the Amazon VPC Lattice resource configuration for the resource endpoint.
Constraints:
- min:
0- max:
2048- pattern:
^(?:^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$|^$)
Shorthand Syntax:
ResourceParameters={ResourceConfigurationArn=string}
JSON Syntax:
{
  "ResourceParameters": {
    "ResourceConfigurationArn": "string"
  }
}
--kms-key-identifier (string)
The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt this connection. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.
If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt the connection.
For more information, see Identify and view keys in the Key Management Service Developer Guide .
Constraints:
- max:
2048- pattern:
^[a-zA-Z0-9_\-/:]*$
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
--debug (boolean)
Turn on debug logging.
--endpoint-url (string)
Override command’s default URL with the given URL.
--no-verify-ssl (boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate (boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output (string)
The formatting style for command output.
--query (string)
A JMESPath query to use in filtering the response data.
--profile (string)
Use a specific profile from your credential file.
--region (string)
The region to use. Overrides config/env settings.
--version (string)
Display the version of this tool.
--color (string)
Turn on/off color output.
--no-sign-request (boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle (string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout (int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout (int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
--cli-binary-format (string)
The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.
--no-cli-pager (boolean)
Disable cli pager for output.
--cli-auto-prompt (boolean)
Automatically prompt for CLI input parameters.
--no-cli-auto-prompt (boolean)
Disable automatically prompt for CLI input parameters.
ConnectionArn -> (string)
The ARN of the connection that was created by the request.
Constraints:
- min:
1- max:
1600- pattern:
^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:connection\/[\.\-_A-Za-z0-9]+\/[\-A-Za-z0-9]+$
ConnectionState -> (string)
The state of the connection that was created by the request.
Possible values:
CREATING
UPDATING
DELETING
AUTHORIZED
DEAUTHORIZED
AUTHORIZING
DEAUTHORIZING
ACTIVE
FAILED_CONNECTIVITY
CreationTime -> (timestamp)
A time stamp for the time that the connection was created.
LastModifiedTime -> (timestamp)
A time stamp for the time that the connection was last updated.