A collection of configuration templates for Amazon Event Bridge as well as security controls for monitoring and protecting Amazon EventBridge configuration such as Config Rules, CloudWatch Alarms, EventBridge Rules, IAM policies, and more.

EventBridge
Amazon EventBridge API Destination for Slack

This template creates an ApiDestination connection to Slack. It includes an IAM role, an EventBridge event bus, a connection to Slack API using an API key stored in Secrets Manager, and sets the HttpMethod to POST with an InvocationEndpoint provided as a parameter.

CloudFormationTerraform
Amazon EventBridge EventBus Policy: Grant Permission to AWS Account

This template creates an AWS::Events::EventBusPolicy resource that grants permission to one AWS account with an account ID of 111122223333. The policy allows the account to perform the events:PutEvents action on the default event bus in the us-east-1 region.

CloudFormationTerraform
Amazon EventBridge EventBus Policy: Deny policy using multiple principals and actions

This template creates an AWS::Events::EventBusPolicy resource that denies permission to multiple principals and actions. The policy denies the specified principals (arn:aws:iam::111122223333:user/alice and arn:aws:iam::111122223333:user/bob) from performing the events:PutEvents and events:PutRule actions on the default event bus in the us-east-1 region.

CloudFormationTerraform
Amazon EventBridge EventBus Policy: Grant Permission to an Organization using a custom event bus

This template creates an AWS::Events::EventBus resource named MyCustomEventBus and an AWS::Events::EventBusPolicy resource that grants permission to all AWS accounts in the organization with an organization ID of o-1234567890. The policy allows the accounts to perform the events:PutEvents action on the custom event bus and applies the aws:PrincipalOrgID condition to restrict access to the specified organization ID.

CloudFormationTerraform
Amazon EventBridge EventBus: Partner Event Bus

This template creates a partner event bus named `aws.partner.repo1` with the properties `EventSourceName` set to `aws.partner/PartnerName/acct1/repo1` and `Name` set to `aws.partner.repo1`.

CloudFormationTerraform
Amazon EventBridge Events Connection with ApiKey Authorization

This template creates an AWS Events Connection resource with ApiKey authorization. It creates a connection named pagerduty-connection and uses an ApiKey from Secrets Manager for authorization.

CloudFormationTerraform
Amazon Events Connection with OAuth Authorization

This CloudFormation template creates an Amazon Events Connection with OAuth authorization using Auth0. It retrieves the Auth0 ClientId and ClientSecret from a secret stored in AWS Secrets Manager.

CloudFormationTerraform
Amazon EventBridge Events: Archive EC2 Events

This template creates an AWS Events Archive resource named 'MyArchive' that is used to store all EC2 events. The archive retains events for 10 days and is associated with the default event bus. The archive is configured to capture events from the 'aws.ec2' source.

CloudFormationTerraform
Amazon EventBridge API Destination for PagerDuty

This template creates an ApiDestination connection to PagerDuty. It includes a connection to PagerDuty API using an API key, and sets the HttpMethod to POST with an InvocationEndpoint of 'https://events.pagerduty.com/v2/enqueue'.

CloudFormationTerraform
Amazon EventBridge Rule: Create a cross-Region rule

This CloudFormation template creates an event rule that routes events from a specific source and detail to an event bus in the us-east-1 region. It also creates an IAM role with the necessary permissions for event routing.

CloudFormationTerraform
Amazon EventBridge Rule: Create a rule that includes a dead-letter queue for a target

This template creates an AWS Events Rule that sends all EC2 events to an SQS queue. The rule includes a dead-letter queue and retry policy settings for the target.

CloudFormationTerraform
Amazon EventBridge Rule: Regularly invoke Lambda function

This template creates an AWS Events Rule that invokes a specified Lambda function every 10 minutes. The rule is configured with a schedule expression and is enabled to trigger the Lambda function.

CloudFormationTerraform
Amazon EventBridge Rule: Invoke Lambda Function in Response to an Event

This template creates an AWS Events Rule that invokes a specified Lambda function when any EC2 instance's state changes to stopping. The rule is configured with an event pattern that filters for EC2 instance state-change notifications and a target that specifies the Lambda function to invoke.

CloudFormationTerraform
Amazon EventBridge Rule: Notify an SNS Topic in Response to a Log Entry

This template creates an AWS Events Rule that notifies an Amazon Simple Notification Service (SNS) topic if an AWS CloudTrail log entry contains a call by the root user. The rule is configured with an event pattern that filters for CloudTrail log entries with a specific detail type and detail, and a target that specifies the SNS topic to notify.

CloudFormationTerraform
CloudWatch Events
AWS Trusted Advisor Events

A CloudWatch Event Rule that triggers on changes in the status of AWS Trusted Advisor checks, and forwards the events to an SNS topic

CloudFormationTerraformAWS CLI
AWS Personal Health Dashboard Events

A CloudWatch Event Rule that triggers on changes in the status of AWS Personal Health Dashboard (AWS Health) and forwards the events to an SNS topic

CloudFormationTerraformAWS CLI
Detect Config Rule Compliance Changes

A CloudWatch Event Rule that detects changes to AWS Config Rule compliance status and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect Amazon GuardDuty Findings

A CloudWatch Event Rule that triggers on Amazon GuardDuty findings and publishes findings to an SNS topic. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Detect Amazon Inspector (v2) Findings

A CloudWatch Event Rule that triggers on Amazon Inspector findings and publishes findings to an SNS topic. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Detect Security Hub Findings

A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Detect Amazon Macie Findings

A CloudWatch Event Rule that triggers on Amazon Macie findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Detect Security Group Changes

Detect changes to security groups and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect EC2 Instance Changes

Detect changes to EC2 Instances and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect Network ACL (NACL) Changes

Detect changes to network ACLs and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect Network Changes

Detect changes to network configuration and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect IAM Policy Changes

A CloudWatch Event Rule that detects IAM policy changes and publishes change events to an SNS topic for notification. Events include IAM policy creation/deletion/update operations as well as attaching/detaching policies from IAM users, roles or groups.

CloudFormationTerraformAWS CLI
Detect IAM User Changes

A CloudWatch Event Rule that detects changes to IAM users and groups and publishes change events to an SNS topic for notification. Events include IAM user creation/deletion/update operations, updating IAM user passwords or Access Keys, as well as attaching/detaching policies from IAM users or groups.

CloudFormationTerraformAWS CLI
Detect IAM MFA Changes

A CloudWatch Event Rule that detects changes to IAM MFA devices (Virtual and Hardware) and publishes change events to an SNS topic for notification. Events include enabling/disabling/updating MFA virtual and hardware devices in an AWS account.

CloudFormationTerraformAWS CLI
Detect CloudTrail Changes

Detect changes to CloudTrail configutation and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect S3 Bucket Policy Changes

Detect changes to S3 bucket policies and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect AWS Config Changes

Detect changes to AWS Config and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect KMS CMK Operations

A CloudWatch Event Rule that detects KMS Customer Master Key (CMK) changes and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Detect KMS CMK Deletion Events

A CloudWatch Event Rule that triggers on AWS KMS Customer Master Key (CMK) deletion events.

CloudFormationTerraformAWS CLI
Detect KMS CMK Rotation Events

A CloudWatch Event Rule that triggers on AWS KMS Customer Master Key (CMK) rotation events.

CloudFormationTerraformAWS CLI
Detect KMS CMK Expiration Events

A CloudWatch Event Rule that triggers on AWS KMS Customer Master Key (CMK) imported material expiration events.

CloudFormationTerraformAWS CLI
Detect Access Analyzer Findings

A CloudWatch Event Rule that triggers on IAM Access Analyzer Findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Detect ECR Vulnerability Image Scans

A CloudWatch Event Rule that triggers when each ECR vulnerability image scan is completed. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Detect and Notify on ACM Certificate Expiry Events

A CloudWatch Event Rule that sends a notification to provide notice of approaching expiration of an ACM certificate. and forwards the events to an SNS topic.

CloudFormationTerraformAWS CLI
Detect and Notify on AWS Organizations Changes

A CloudWatch Event Rule that detects changes to AWS Organizations and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI