How do EventBridge event patterns work?

Event patterns are JSON objects that match against incoming events using structural comparison. Each field in the pattern is matched against the corresponding field in the event. Values can be exact strings, arrays (OR logic), numeric ranges, prefix matches, suffix matches, or anything-but exclusions. Only fields present in the pattern are evaluated — omitted fields match any value. All specified fields must match for the rule to trigger (AND logic between fields).

What is the difference between EventBridge and SNS for event routing?

EventBridge supports content-based filtering on event payload fields, while SNS message filtering is limited to message attributes. EventBridge has a richer set of pattern matchers (prefix, numeric range, exists, anything-but), native integrations with SaaS event sources, schema discovery, and event replay. SNS is simpler and better for high-throughput fan-out to many subscribers where content filtering is not required. EventBridge also supports archive and replay for debugging.

How do input transformers work in EventBridge rules?

Input transformers let you reshape the event before delivering it to the target. They have two components: an input paths map that extracts values from the event using JSONPath expressions, and an input template that defines the output structure using those extracted values as variables. This avoids writing Lambda functions just to reformat event data. For example, you can extract instance-id and state from an EC2 event and format a human-readable message for SNS.

AWS EventBridge Rule Builder

ServerlessAWS

Build EventBridge rule event patterns and target configurations.

Last verified: May 2026

EventBridge Configuration

Build EventBridge rule event patterns and target configurations.

Required Fields

NameEventPatternTargets

Generated Output

Output will appear here...

About This Tool

Amazon EventBridge is a serverless event bus that routes events from AWS services, SaaS applications, and custom sources to targets like Lambda, SQS, Step Functions, and API destinations. Rules define which events match and where to send them using event patterns — JSON structures that filter on event source, detail-type, account, region, and custom detail fields. Writing event patterns requires understanding exact-match, prefix, numeric range, exists, and anything-but matchers. The EventBridge Rule Builder helps you construct rules with correct event pattern syntax, target configurations, input transformations, and dead-letter queue settings.

Real-World Scenario

Your security team needs to alert on every IAM policy change across 30 AWS accounts. The builder generates a cross-account event bus rule: pattern matches `source: aws.iam` and `detail-type: AWS API Call via CloudTrail` with `eventName: prefix Put*Policy or Attach*`. Target: SNS topic that emails the security team. Within hours, every policy change in the org is visible to security in real-time. Without the builder, hand-crafting the event pattern from scratch took the team a half-day and missed several event names that the tool's catalog includes by default.

When to Use This Tool

•Building a rule that captures EC2 instance state changes (running, stopped, terminated) and routes them to a Lambda function for inventory tracking
•Creating content-based filtering rules that match S3 object creation events only for specific prefixes and file extensions
•Designing cross-account event routing rules that send security-relevant CloudTrail events to a central security account event bus
•Generating rules with input transformers that extract specific fields from events and format them for downstream targets like SNS notifications

Pro Tips

TIP

Event patterns use exact-match by default. The single most common mistake: writing `"detail-type": "EC2 Instance State-change Notification"` and getting nothing — the actual event uses different casing or punctuation. Always test patterns against real events using the EventBridge sandbox feature.

TIP

Input transformers replace the entire event with your transformed payload. If your downstream target expects fields outside what you transformed in, they'll be missing. For most cases, prefer adding additional fields via SetVariable rather than full-replace input transformers.

TIP

Always set a Dead Letter Queue (DLQ) on rules that target Lambda or SQS. Failed event deliveries without DLQ = silent data loss. EventBridge will retry up to 24 hours, but if the target is fundamentally broken, those events vanish without DLQ.

How It Works Under the Hood

The builder constructs EventBridge rule definitions with: name + description, event pattern (JSON object with matchers — exact, prefix, suffix, anything-but, numeric range, exists), event bus selection (default vs custom), targets array (with role ARN, optional input transformer, optional DLQ, retry policy). Output is generated as aws events put-rule + put-targets CLI commands and Terraform aws_cloudwatch_event_rule + aws_cloudwatch_event_target resources.

Frequently Asked Questions

How do EventBridge event patterns work?: Event patterns are JSON objects that match against incoming events using structural comparison. Each field in the pattern is matched against the corresponding field in the event. Values can be exact strings, arrays (OR logic), numeric ranges, prefix matches, suffix matches, or anything-but exclusions. Only fields present in the pattern are evaluated — omitted fields match any value. All specified fields must match for the rule to trigger (AND logic between fields).
What is the difference between EventBridge and SNS for event routing?: EventBridge supports content-based filtering on event payload fields, while SNS message filtering is limited to message attributes. EventBridge has a richer set of pattern matchers (prefix, numeric range, exists, anything-but), native integrations with SaaS event sources, schema discovery, and event replay. SNS is simpler and better for high-throughput fan-out to many subscribers where content filtering is not required. EventBridge also supports archive and replay for debugging.
How do input transformers work in EventBridge rules?: Input transformers let you reshape the event before delivering it to the target. They have two components: an input paths map that extracts values from the event using JSONPath expressions, and an input template that defines the output structure using those extracted values as variables. This avoids writing Lambda functions just to reformat event data. For example, you can extract instance-id and state from an EC2 event and format a human-readable message for SNS.

Related Learning Guides

SQS vs SNS vs EventBridge25 min read

Featured In

Event-Driven Architecture on AWS, Azure, and GCP: Patterns That Scale

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.

AWS EventBridge Rule Builder

ServerlessAWS

Build EventBridge rule event patterns and target configurations.

Last verified: May 2026

EventBridge Configuration

Build EventBridge rule event patterns and target configurations.

Required Fields

NameEventPatternTargets

Generated Output

Output will appear here...

About This Tool

Real-World Scenario

When to Use This Tool

•Building a rule that captures EC2 instance state changes (running, stopped, terminated) and routes them to a Lambda function for inventory tracking
•Creating content-based filtering rules that match S3 object creation events only for specific prefixes and file extensions
•Designing cross-account event routing rules that send security-relevant CloudTrail events to a central security account event bus
•Generating rules with input transformers that extract specific fields from events and format them for downstream targets like SNS notifications

Pro Tips

TIP

How It Works Under the Hood

Frequently Asked Questions

How do EventBridge event patterns work?: Event patterns are JSON objects that match against incoming events using structural comparison. Each field in the pattern is matched against the corresponding field in the event. Values can be exact strings, arrays (OR logic), numeric ranges, prefix matches, suffix matches, or anything-but exclusions. Only fields present in the pattern are evaluated — omitted fields match any value. All specified fields must match for the rule to trigger (AND logic between fields).
What is the difference between EventBridge and SNS for event routing?: EventBridge supports content-based filtering on event payload fields, while SNS message filtering is limited to message attributes. EventBridge has a richer set of pattern matchers (prefix, numeric range, exists, anything-but), native integrations with SaaS event sources, schema discovery, and event replay. SNS is simpler and better for high-throughput fan-out to many subscribers where content filtering is not required. EventBridge also supports archive and replay for debugging.
How do input transformers work in EventBridge rules?: Input transformers let you reshape the event before delivering it to the target. They have two components: an input paths map that extracts values from the event using JSONPath expressions, and an input template that defines the output structure using those extracted values as variables. This avoids writing Lambda functions just to reformat event data. For example, you can extract instance-id and state from an EC2 event and format a human-readable message for SNS.

Related Learning Guides

SQS vs SNS vs EventBridge25 min read

Featured In

Event-Driven Architecture on AWS, Azure, and GCP: Patterns That Scale

Was this tool helpful?