Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

2.3.1. EventBridge: Event Routing and Automation

šŸ’” First Principle: EventBridge is a serverless event bus ā€” a router that receives events from AWS services, custom applications, and SaaS partners, and delivers them to the right targets based on rules you define. It's the glue between detection (CloudWatch, Config, CloudTrail) and action (Lambda, SSM, SQS).

Think of EventBridge as a sophisticated air traffic controller. Events arrive from many sources simultaneously. Rules examine each event's content and pattern-match it to the right target. The controller (EventBridge) handles routing without any of the individual services needing to know about each other.

EventBridge Components:
ComponentDescription
Event BusThe channel that receives events. default bus receives AWS service events. Custom buses are for your own events. Partner buses are for SaaS events.
RuleA pattern-matching definition that routes matching events to targets
TargetThe service that receives the routed event (Lambda, SQS, SNS, SSM, Step Functions, etc.)
Event PatternA JSON filter that specifies which events match a rule
ScheduleRules can also trigger on a cron or rate schedule (replacing CloudWatch Events)

Event Pattern Example: Route all EC2 instance terminations to a Lambda function:

{
  "source": ["aws.ec2"],
  "detail-type": ["EC2 Instance State-change Notification"],
  "detail": {
    "state": ["terminated"]
  }
}

EventBridge Pipes connect a source (SQS, DynamoDB Stream, Kinesis) to a target with optional filtering and enrichment in between. This simplifies point-to-point event pipelines without custom Lambda glue code.

Cross-Account and Cross-Region: EventBridge can route events to buses in other accounts and regions. This is the recommended pattern for centralizing operational automation in a multi-account environment ā€” each account publishes events, and a central security/operations account processes them.

Dead Letter Queues (DLQ): If EventBridge can't deliver an event to a target after retries, it can send the failed event to an SQS DLQ. Always configure DLQs for critical automation to catch and investigate failures.

āš ļø Exam Trap: EventBridge rules are exactly one event pattern OR one schedule ā€” not both in the same rule. If you need a scheduled action that also responds to events, create two separate rules. Also: EventBridge event buses are regional ā€” you must explicitly route cross-region events.

Reflection Question: A Config rule detects that an S3 bucket has public access enabled. Design an EventBridge-based architecture that automatically remediates this within 5 minutes of detection, without human intervention.

Alvin Varughese
Written byAlvin Varughese
Founderā€¢15 professional certifications