Build Eventarc trigger configurations for routing events from GCP services to Cloud Run destinations.
Last verified: May 2026
Build Eventarc trigger configurations for routing events from GCP services to Cloud Run destinations.
Required Fields
namematchingCriteriadestinationserviceAccountOutput will appear here...The builder constructs Eventarc trigger configurations with: name + region, event filters (event type like google.cloud.storage.object.v1.finalized, plus attribute filters like bucket=X for Storage or methodName=Y for Audit Logs), transport (direct or via custom Pub/Sub channel), destination (Cloud Run service URL with optional path, Cloud Functions function reference, GKE service ref, or Workflows ref), service account, and event filter policy. Output is generated as gcloud eventarc triggers commands and Terraform google_eventarc_trigger resources.
Eventarc is Google Cloud's eventing platform that routes events from over 130 Google Cloud sources, third-party providers via Pub/Sub, and custom applications to Cloud Run services, Cloud Functions, GKE services, and Workflows. It provides a unified model for event-driven architectures with filtering, delivery guarantees, and audit logging. This builder helps you configure Eventarc triggers with event type filters, path patterns, service account bindings, and destination configurations.
Your team needs to automatically process every uploaded image in a Cloud Storage bucket — resize, watermark, generate thumbnails. The builder generates an Eventarc trigger: filters on `google.cloud.storage.object.v1.finalized` for the specific upload bucket, routes to a Cloud Run service that handles the processing. Service account has only roles/run.invoker on the destination + roles/storage.objectViewer on the bucket. End-to-end image processing pipeline: ~30 minutes vs the 4+ hours of trial-and-error to wire up Cloud Storage notifications + Pub/Sub + Cloud Run permissions correctly by hand.
Eventarc with Cloud Audit Logs as the source is the cleanest pattern for compliance-driven workflows. Want to react to every IAM policy change in your org? An Eventarc trigger filtered on `methodName: SetIamPolicy` routes those events to a Cloud Run service for processing. No polling, no scraping logs — direct event-driven triggers.
Always set a service account for the trigger that has minimum permissions. The default Compute Engine SA is overly broad — Eventarc inherits its permissions when invoking destinations. Create a dedicated SA with ONLY the roles needed (e.g., roles/run.invoker on the target Cloud Run service).
Eventarc filters at the cloud event level, BEFORE invoking destinations. A filter like `bucket=my-bucket` on Cloud Storage events means only events for that bucket trigger the destination — saving compute cost and avoiding the destination having to discard irrelevant events.
Pub/Sub is a messaging service for publishing and subscribing to streams of messages. Eventarc is an eventing layer built on top of Pub/Sub (and Cloud Audit Logs) that adds event filtering, standardized CloudEvents format, automatic trigger management, and direct integration with 130+ Google Cloud event sources. Use Pub/Sub when you need raw message queuing; use Eventarc when you want event-driven triggers with declarative routing from cloud service events to specific destinations.
Eventarc supports direct events from Cloud Storage, BigQuery, Firestore, and other Google services, Cloud Audit Log events from any GCP service that produces audit logs, Pub/Sub messages as a channel for custom or third-party events, and third-party providers registered through Eventarc's provider framework. For Cloud Audit Log events, you can filter by service name, method name, and resource type to trigger only on specific operations.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.