Amazon EventBridge
EventBridge is a serverless event bus that connects application data from your own apps, AWS services, and SaaS providers, allowing you to build event-driven architectures.
- Key Features
- When to Use
- SNS vs EventBridge (Event-Driven Architecture)
- Question: Amazon EventBridge rule to notify
Key Features
- Event routing using rules (based on content).
- Built-in integration with 90+ AWS services and many SaaS apps (e.g., Zendesk, Auth0).
- Supports custom events, scheduled events, and AWS service events.
- Schema discovery & registry for easy integration.
- Multiple targets: Lambda, SQS, Step Functions, Kinesis, and more.
- Archive and replay of past events (optional).
When to Use
- Complex event-driven workflows.
- Need fine-grained filtering of events.
- Integrating AWS with external SaaS applications.
- Want loose coupling between services and teams.
Example
When a file is uploaded to S3, EventBridge routes the event to:
- A Lambda to process metadata.
- A Step Function to begin a workflow.
- A notification system via SNS.
SNS vs EventBridge (Event-Driven Architecture)
| Feature | SNS | EventBridge |
|---|---|---|
| Event Routing | Basic (Topic → Subscribers) | Advanced (Rules, Multiple Targets) |
| Filtering | Limited (Message Attributes) | Rich (Content-Based Filtering) |
| Supported Targets | SQS, Lambda, HTTP/S, Email, SMS | Lambda, Step Functions, SQS, Event Bus, Kinesis, etc. |
| Event Sources | Applications, Some AWS Services | Custom Apps, AWS Services, SaaS (e.g. Auth0, Zendesk) |
| Schema Registry | No | Yes |
| Replay / Archive Support | No | Yes |
| Fan-Out Capability | (Push to Multiple Subscribers) | (Multiple Targets via Rules) |
| Best Use Case | Simple Pub/Sub Messaging | Complex Event Routing & SaaS Integration |
Question: Amazon EventBridge rule to notify
A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificates that are imported into AWS Certificate Manager (ACM). The company's security team must be notified 30 days before the expiration of each certificate. What should a solutions architect recommend to meet this requirement?
- Add a rule in ACM to publish a custom message to an Amazon SNS topic every day, beginning 30 days before any certificate will expire.
- Create an AWS Config rule that checks for certificates that will expire within 30 days. Configure Amazon EventBridge to invoke a custom alert by way of Amazon SNS when AWS Config reports a noncompliant resource. Most Voted
- Use AWS Trusted Advisor to check for certificates that will expire within 30 days. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes. Configure the alarm to send a custom alert by way of Amazon SNS.
Create an Amazon EventBridge ruleto detect any certificates that will expire within 30 days. Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to send a custom alert by way of Amazon SNS.(Correct Ans)
Explanation: ACM automatically publishes certificate expiration events to Amazon EventBridge. These events can be used to trigger actions, such as invoking a Lambda function. You can create a rule in EventBridge to detect ACM events related to certificates nearing expiration.
Option 2 is not correct because AWS Config rules are generally used for compliance checks and resource configurations, not for monitoring time-based certificate expiration events. This approach is more complex and less direct than using EventBridge.