How to use IBM App Connect with Amazon EventBridge

Amazon EventBridge is a serverless event bus service that simplifies your application architecture by allowing you to create scalable events from your applications that can integrate with Amazon Web Services (AWS).

Availability:
  • A connector in IBM App Connect Enterprise as a ServiceApp Connect Enterprise as a Service connector
  • A local connector in a Designer instance of IBM App Connect in containers (Continuous Delivery release)Local connector in containers (Continuous Delivery release) 12.0.7.0-r3 or later

Connecting to Amazon EventBridge

Complete the connection fields that you see in the App Connect Designer Catalog page or flow editor. If necessary, work with your Amazon EventBridge administrator to obtain these values.

Amazon EventBridge connection fields:
Table 1. Connection fields and their description
Connection field Description
Secret access key The secret access key of your Amazon EventBridge account. Get the secret access key from the Security Credentials page in the AWS Management Console.
Access key ID The access key ID of your Amazon EventBridge account. Get the access key ID from the Security Credentials page in the AWS Management Console.
Region The region of your Amazon EventBridge instance, for example, us-east-1.
Tip: For more information, see AWS service endpoints on the AWS documentation page.
To obtain the connection values (Secret access key and Access key ID) for Amazon EventBridge and to connect to App Connect, do the following steps:
  1. Log in to your AWS account.
    Note: You can choose between Root user or IAM user based on your role.
    • Root user: Account owner that performs tasks requiring unrestricted access.
    • IAM user: User within an account that performs daily tasks.
    Note: AWS recommends using identity-based managed policies to attach permission sets and roles to an identity, and grant only the permissions the user needs. These policies control what actions that identity can perform, on which resources, and under what conditions. While setting the permissions for an identity in IAM, you can decide whether to use an AWS-managed policy, a customer-managed policy, or an inline policy.

    An AWS-managed policy is a standalone policy that is created and administered by AWS. The following are some examples of AWS-managed policies that are specific to Amazon EventBridge:

    • AmazonEventBridgeFullAccess policy provides full access to Amazon EventBridge service and all connector operations are accessible.
    • AmazonEventBridgeReadOnlyAccess policy gives limited read-only access, and few connector operations are accessible.
    For more information about AWS-managed policies that are specific to Amazon EventBridge, see the AWS managed policies list on the AWS documentation page.
  2. On the navigation menu, click Users.
  3. Select your applicable user name or account name.
  4. Click the Security credentials tab, and then click Create access key.
  5. To view the new access key, click Show.
    Note: You can retrieve the secret access key only when you create the key pair for the first time.
  6. For more information, see AWS Account and Access Keys on the AWS documentation page.

To connect to a Amazon EventBridge endpoint from the App Connect Designer Catalog page for the first time, expand Amazon EventBridge, then click Connect.

Tip:

Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Catalog page, select the account, open its options menu (⋮), then click Rename Account.

What should I consider first?

Before you use App Connect Designer with Amazon EventBridge, take note of the following considerations:
  • There are two types of events (data events and management events) logged in AWS CloudTrail.
  • Data events (for example, in Amazon S3 object-level events, Amazon DynamoDB, and AWS Lambda) must have trails that are configured to receive those events. By default, trails don't log data events, and data events aren't viewable in CloudTrail Event history. To activate data event logging, you must explicitly add the supported resources or resource types to a trail.

    For instructions to activate data event logging, see Logging data events for trails.

    For more information about how specific AWS services integrate with AWS CloudTrail, see CloudTrail supported services and integrations.

  • To use an API destination as a target, you must provide an IAM Role ARN with the correct permissions. For more information, see Permissions required for EventBridge to access targets using IAM roles . The following is an example of a sample policy to be used in a role that works for any App Connect API destination that is created through the Webhooks connector:
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [ "events:InvokeApiDestination" ],
            "Resource": [ "arn:aws:events:*:*:api-destination/appconnect*/*" ]
        }
    ]
}
  • For Amazon S3 events to get triggered through Amazon EventBridge, you must explicitly enable Amazon EventBridge event delivery in Amazon S3. For more information, see Enabling Amazon EventBridge.
  • (General consideration) You can see lists of the trigger events and actions that are available on the Catalog page of the App Connect Designer.

    For some applications, the events and actions in the catalog depend on the environment and whether the connector supports configurable events and dynamic discovery of actions. If the application supports configurable events, you see a Show more configurable events link under the events list. If the application supports dynamic discovery of actions, you see a Show more link under the actions list.

  • (General consideration) If you are using multiple accounts for an application, the set of fields that is displayed when you select an action for that application can vary for different accounts. In the flow editor, some applications always provide a curated set of static fields for an action. Other applications use dynamic discovery to retrieve the set of fields that are configured on the instance that you are connected to. For example, if you have two accounts for two instances of an application, the first account might use settings that are ready for immediate use. However, the second account might be configured with extra custom fields.

Events and actions

Amazon EventBridge events

These events are for changes in this application that trigger a flow to start completing the actions in the flow.

AWS events
New AWS event
Custom events
New custom event

Amazon EventBridge actions

Your flow completes these actions on this application.

Event buses
Create event bus
Retrieve event buses
Delete event bus
Events
Send events

Examples

Dashboard tile for a template that uses Amazon EventBridge

Use templates to quickly create flows for Amazon EventBridge

Learn how to use App Connect templates to quickly create flows that perform actions on Amazon EventBridge. For example, open the Templates gallery, and then search for Amazon EventBridge.

Learn more

Amazon EventBridge flow in detailed view

Use IBM® App Connect to build flows that integrate with Amazon EventBridge.

Read the blog in the IBM Community to learn how to send events from Amazon EventBridge whenever a Salesforce lead is successfully created or whenever a Salesforce lead creation fails. Click Read the blog to go to the blog.

Read the blog