CloudWatch Events (EventBridge)

Event-Driven Architecture & Automation

What is CloudWatch Events?

CloudWatch Events (now Amazon EventBridge) delivers a near real-time stream of system events that describe changes in AWS resources. It enables you to respond to state changes in your AWS resources.

Note

CloudWatch Events is now Amazon EventBridge. EventBridge is the preferred service with additional features, but CloudWatch Events still works for existing implementations.

Core Components

Events

JSON objects that represent a change in your AWS environment

Rules

Match incoming events and route them to targets for processing

Targets

AWS services that process events (Lambda, SNS, SQS, etc.)

Event Sources

AWS Services
  • EC2 instance state changes
  • Auto Scaling events
  • AWS API calls via CloudTrail
  • CodePipeline state changes
  • EBS snapshot notifications
Scheduled Events

Cron or rate expressions to trigger events on a schedule

Custom Events

Your applications can publish custom events using PutEvents API

Event Targets

Compute Targets
  • Lambda functions
  • EC2 instances (via SSM Run Command)
  • ECS tasks
  • Batch jobs
Integration Targets
  • SNS topics
  • SQS queues
  • Kinesis streams
  • Step Functions state machines
Multiple Targets

A single rule can route events to up to 5 targets simultaneously

Event Patterns

Event patterns are JSON objects that define which events to match. They filter events based on event structure and values.

Pattern Matching
  • Match specific AWS service events
  • Filter by event detail fields
  • Use prefix matching for strings
  • Match numeric ranges
Example Pattern

Match EC2 instance state changes to "running": {"source": ["aws.ec2"], "detail-type": ["EC2 Instance State-change Notification"], "detail": {"state": ["running"]}}

Scheduled Events

Cron Expressions

cron(0 12 * * ? *) - Run at 12:00 PM UTC every day

Rate Expressions

rate(5 minutes) - Run every 5 minutes

Use Cases
  • Automated backups
  • Periodic data processing
  • Scheduled Lambda executions
  • Regular health checks

Input Transformation

Transform event data before sending to targets to customize the payload.

Input Path

Extract specific fields from the event JSON

Input Template

Define custom JSON structure for target input

Constant Values

Add static values to the transformed input

Common Use Cases

Automated Remediation

Automatically respond to security findings or compliance violations

Resource Tagging

Automatically tag new resources when they're created

Notifications

Send alerts when specific AWS events occur

Workflow Orchestration

Trigger Step Functions workflows based on events

EventBridge vs CloudWatch Events

EventBridge Advantages
  • Support for third-party SaaS applications
  • Custom event buses for application events
  • Schema registry for event discovery
  • Archive and replay events
  • Cross-account event delivery
Recommendation

Use EventBridge for new implementations. CloudWatch Events remains available for backward compatibility.

Best Practices

✓ Use Specific Event Patterns

Create precise event patterns to avoid unnecessary target invocations

✓ Implement Dead Letter Queues

Configure DLQs for targets to capture failed event deliveries

✓ Monitor Rule Metrics

Track Invocations, FailedInvocations, and TriggeredRules metrics

✓ Use Input Transformation

Transform events to reduce target processing complexity

Exam Tips

Key Point

CloudWatch Events/EventBridge is the service for event-driven architectures and automated responses to AWS resource changes

Remember

A single rule can have up to 5 targets, and events are delivered in near real-time

Important

Use scheduled events (cron/rate expressions) for time-based automation instead of Lambda scheduled triggers

Back: Agent Next: Service Limitations