EventBridge Rules | Overview.

Amazon EventBridge Rules - Overview.

 Scope:

• Intro,
• Key Aspects of Amazon EventBridge Rules,
• Types of Amazon EventBridge Rules,
• The Concept: EventBridge Rule,
• Types of EventBridge Rules,
• Sample EventBridge Rule that Captures all EC2 state changes where instance state = "stopped",
• Rule Processing Logic,
• Architecture,
• Key Features of Rules,
• Sample EventBridge Rule that Only send instance-id instead of the full event JSON,
• Security & Permissions,
• Sample Use Cases,
• Insights.

Intro:

• An Amazon EventBridge rule specifies which events on an event bus should be sent to which targets for processing. 
• Rules act as filters and routers within the event-driven architecture of AWS. 

Key Aspects of Amazon EventBridge Rules

• Functionality: Rules define the criteria for matching incoming events. 
• When an event matches a rule's criteria, EventBridge sends the event to the specified target(s).

Types of Amazon EventBridge Rules:

• Event Pattern Rules: These rules match events based on their data structure and content. 
• The pattern uses JSON syntax for content-based filtering, allowing for precise conditions using comparison operators, wildcards, and nested structures.
• Scheduled Rules: These rules run on a defined schedule, using rate or cron expressions, to trigger targets periodically regardless of any incoming events.
• Managed Rules: Certain AWS services create and manage rules in twtech account automatically to enable specific functionality.

Event Buses: 

• Rules are associated with a single event bus (either the default, a custom one, or a partner event bus).

Targets: 

• Rules can route events to various AWS services (e.g., AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, other event buses). 
• A single rule can have up to five targets, which are invoked in parallel.

Permissions: 

• EventBridge uses resource-based permissions for most targets (like Lambda or SNS) and IAM roles for specific cases like Kinesis streams.

Best Practices: 

• To avoid issues like infinite loops or higher-than-expected charges, it is recommended to write precise event patterns and monitor rule performance. 

NB:

•  twtech can manage its rules through the Amazon EventBridge console, the AWS CLI, or the AWS SDKs.

The Concept: EventBridge Rule

• A Rule in EventBridge is a filtering and routing logic that decides which events get processed and where they should be sent.
• Think of Rule in EventBridge like a subscription with conditions for:
• Pattern Matching: Selects events based on event fields (e.g., source, detail-type, custom attributes).
• Schedule Expressions: Triggers events at fixed intervals or cron-based schedules.
• Routing: Forwards matching events to one or more targets.

 Types of EventBridge Rules

1. Event Pattern Rules
• Match events against JSON-based event patterns.

# Sample EventBridge Rule that Captures all EC2 state changes where instance state = "stopped".

{

  "source": ["aws.ec2"],

  "detail-type": ["EC2 Instance State-change Notification"],

  "detail": {

    "state": ["stopped"]

  }

}

2. Schedule Rules
• Triggered on cron or rate expressions.
• Examples:
• Every 5 minutes → rate(5 minutes)
• Every day at 3 AM UTC → cron(0 3 * * ? *)

 Rule Processing Logic

1. Event Arrives → Event Bus
   Event is placed on an event bus (default, partner, or custom).
2. Rule Evaluation
• Each Rule on that bus is evaluated in parallel.
• Rules check if the incoming event matches the pattern or if the time schedule triggers.
• No match = no forwarding.
3. Target Invocation
• If matched, EventBridge sends the event to one or more targets.
• Examples: Lambda, Step Functions, SQS, SNS, Kinesis, API Gateway, Event Bus (chaining), or even 3rd-party SaaS integrations.
4. Retry + DLQ (Dead Letter Queue)
• If a target fails, EventBridge retries with exponential backoff for up to 24 hours.
• Optionally, twtech can configure a DLQ (SQS or SNS) for failed events.

Architecture

Key Features of Rules

• Multiple Targets per Rule
  One rule can fan out to multiple targets.
  Example: A single EC2 state-change event can both:
• Trigger a Lambda to stop billing.
• Send a Slack notification via SNS.
• Input Transformer
  Transform event payloads before delivering to targets.
  
  

# Sample EventBridge Rule that Only send instance-id instead of the full event JSON:

{

  "inputTransformer": {

    "inputPathsMap": {

      "instance": "$.detail.twtechinstance-id"

    },

    "inputTemplate": "{\"EC2Instance\": twtechinstance}"

  }

}

NB:

• Event Archiving & Replay
• Rules can work with archived events → twtech can replay past events to test new rules.
• Cross-Account Routing
• Rules can route events to another AWS account’s event bus for multi-account architectures.

 Security & Permissions

• Rules need IAM permissions to invoke their targets.
• Example: If a rule triggers Lambda, EventBridge must have lambda:InvokeFunction permissions.

Sample Use Cases

1. Monitoring & Alerts
• Rule: Capture all EC2 terminated events → SNS topic → PagerDuty/Slack.
2. Automation
• Rule: Trigger Lambda when an S3 object is created.
• Rule: Start an EMR cluster every day at midnight using cron.
3. Integration
• Rule: Forward AWS Health Dashboard events to ServiceNow via API target.
4. Multi-Account Event Bus
• Rule: In dev account, forward security-related events to central security account bus.

Insights:

• EventBridge Rules are the "brains" of EventBridge.
• EventBridge Rules filter, transform, and route events from sources → targets.
•  EventBridge Rules support event-driven, time-based, and multi-account/multi-service workflows.