Authorization methods for connections in EventBridge
EventBridge connections support the following authorization methods:
Basic
API Key
For Basic and API Key authorization, EventBridge populates the required authorization headers for you.
OAuth
For OAuth authorization, EventBridge also exchanges your client ID and secret for an access token and then manages it securely.
When you create a connection that uses OAuth authorization, you have the option of specifying a public or private authorization endpoint.
OAUTH tokens are refreshed when a 401 or 407 response is returned.
When you create a connection, you can also include the header, body, and query parameters that are required for authorization with an endpoint. You can use the same connection for more than one HTTPS endpoint if the authorization for the endpoint is the same.
When you create a connection and add authorization parameters, EventBridge creates a secret in AWS Secrets Manager. The cost of both storing and accessing the Secrets Manager secret is included with the charge for using an API destination.
For information on how to have EventBridge re-authorize the connection once you have updated it to address authorization or connectivity issues, see Updating connections.
Note
To successfully create or update a connection, you must use an account that has permission to use Secrets Manager. The required permission is included in the AmazonEventBridgeFullAccess policy. The same permission is granted to the service-linked role that's created in your account for the connection.
For examples of how to create a AWS CloudFormation template that provisions an EventBridge connection with authentication, see AWS::Events::Connection in the CloudFormation User Guide.
