AWS EventBridge: Complete Event-Driven Architecture Guide

Amazon EventBridge is the central nervous system of modern AWS architectures. It is a serverless event bus that routes events between AWS services, SaaS applications, and your own microservices. Unlike SQS (point-to-point) or SNS (fan-out), EventBridge provides content-based routing, schema registry, and archive/replay capabilities. This guide covers architectural patterns, advanced filtering, cross-account routing, and production best practices from deploying EventBridge in high-throughput financial systems.

EventBridge vs SNS vs SQS

Understanding when to use each service is critical for architecture decisions:

Feature	EventBridge	SNS	SQS
Routing	Content-based (rules)	Topic-based	Queue-based
Filtering	Deep JSON matching	Attribute filters	None (consumer filters)
Targets	20+ AWS services	HTTP, Lambda, SQS, etc.	Consumer pulls
Schema	Schema Registry	None	None
Replay	Archive & Replay	None	DLQ only
Latency	~400ms avg	~20ms	~10ms

Use EventBridge for event-driven architectures where routing logic matters. Use SNS for simple pub/sub. Use SQS for work queues with rate limiting.

Architecture Pattern: Event Mesh

flowchart TB
    subgraph Producers ["Event Producers"]
        OrderSvc["Order Service"]
        InventorySvc["Inventory Service"]
        PaymentSvc["Payment Service"]
    end
    
    subgraph EventBridge ["EventBridge"]
        Bus["Custom Event Bus"]
        Rule1["Rule: Order Created"]
        Rule2["Rule: High Value Order"]
        Rule3["Rule: Inventory Low"]
    end
    
    subgraph Consumers ["Event Consumers"]
        Shipping["Shipping Lambda"]
        Analytics["Analytics Pipeline"]
        Alerts["SNS Alerts"]
        Archive["S3 Archive"]
    end
    
    OrderSvc -->|PutEvents| Bus
    InventorySvc -->|PutEvents| Bus
    PaymentSvc -->|PutEvents| Bus
    
    Bus --> Rule1 --> Shipping
    Bus --> Rule2 --> Alerts
    Bus --> Rule3 --> Analytics
    Bus --> Archive
    
    style Bus fill:#FFF3E0,stroke:#E65100

Event Structure

EventBridge events follow a standard envelope format:

{
  "version": "0",
  "id": "12345678-1234-1234-1234-123456789012",
  "detail-type": "Order Created",
  "source": "com.mycompany.orders",
  "account": "123456789012",
  "time": "2022-06-09T10:30:00Z",
  "region": "us-east-1",
  "resources": [],
  "detail": {
    "orderId": "ORD-12345",
    "customerId": "CUST-789",
    "total": 1499.99,
    "items": [
      {"productId": "PROD-001", "quantity": 2, "price": 749.99}
    ],
    "metadata": {
      "source": "mobile-app",
      "version": "2.1.0"
    }
  }
}

Advanced Event Pattern Matching

EventBridge supports sophisticated pattern matching on event content:

{
  "source": ["com.mycompany.orders"],
  "detail-type": ["Order Created"],
  "detail": {
    "total": [{"numeric": [">=", 1000]}],
    "items": {
      "productId": [{"prefix": "PREMIUM-"}]
    },
    "metadata": {
      "source": [{"anything-but": "test-harness"}]
    }
  }
}

Supported operators:

numeric: {"numeric": [">=", 100, "<", 1000]}
prefix: {"prefix": "order-"}
suffix: {"suffix": ".jpg"}
anything-but: {"anything-but": ["test", "dev"]}
exists: {"exists": true}

Cross-Account Event Routing

EventBridge supports cross-account event routing via resource policies. This enables centralized event buses in hub-and-spoke architectures:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Sid": "AllowAccountBToPublish",
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::222222222222:root"
    },
    "Action": "events:PutEvents",
    "Resource": "arn:aws:events:us-east-1:111111111111:event-bus/central-bus"
  }]
}

Archive and Replay

EventBridge can archive all events to S3, enabling replay for debugging, testing, or disaster recovery:

# Create archive
aws events create-archive \
  --archive-name order-events-archive \
  --event-source-arn arn:aws:events:us-east-1:123456789012:event-bus/orders \
  --event-pattern '{"source": ["com.mycompany.orders"]}'

# Replay events from a time range
aws events start-replay \
  --replay-name debug-replay-001 \
  --event-source-arn arn:aws:events:us-east-1:123456789012:archive/order-events-archive \
  --destination '{"Arn": "arn:aws:events:us-east-1:123456789012:event-bus/orders-dev"}' \
  --event-start-time 2022-06-01T00:00:00Z \
  --event-end-time 2022-06-02T00:00:00Z

Terraform Implementation

resource "aws_cloudwatch_event_bus" "orders" {
  name = "orders-bus"
}

resource "aws_cloudwatch_event_rule" "high_value_orders" {
  name           = "high-value-orders"
  event_bus_name = aws_cloudwatch_event_bus.orders.name
  
  event_pattern = jsonencode({
    source      = ["com.mycompany.orders"]
    detail-type = ["Order Created"]
    detail = {
      total = [{ numeric = [">=", 1000] }]
    }
  })
}

resource "aws_cloudwatch_event_target" "notify_sales" {
  rule           = aws_cloudwatch_event_rule.high_value_orders.name
  event_bus_name = aws_cloudwatch_event_bus.orders.name
  target_id      = "notify-sales-team"
  arn            = aws_sns_topic.sales_alerts.arn
}

Key Takeaways

Use EventBridge for content-based routing, SNS for simple fan-out, SQS for work queues
Design events with clear source and detail-type for discoverability
Advanced pattern matching enables routing without consumer logic
Archive events for debugging and disaster recovery
Cross-account routing enables centralized event buses

Discover more from C4: Container, Code, Cloud & Context

Subscribe to get the latest posts sent to your email.

Searching in