AWS::Events::Connection
Creates a connection. A connection defines the authorization type and credentials to use for authorization with an API destination HTTP endpoint.
For more information, see Connections for endpoint targets in the Amazon EventBridge User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Events::Connection", "Properties" : { "AuthorizationType" :String, "AuthParameters" :AuthParameters, "Description" :String, "InvocationConnectivityParameters" :InvocationConnectivityParameters, "Name" :String} }
YAML
Type: AWS::Events::Connection Properties: AuthorizationType:StringAuthParameters:AuthParametersDescription:StringInvocationConnectivityParameters:InvocationConnectivityParametersName:String
Properties
-
The type of authorization to use for the connection.
Note
OAUTH tokens are refreshed when a 401 or 407 response is returned.
Required: No
Type: String
Allowed values:
API_KEY | BASIC | OAUTH_CLIENT_CREDENTIALSUpdate requires: No interruption
AuthParameters-
The authorization parameters to use to authorize with the endpoint.
You must include only authorization parameters for the
AuthorizationTypeyou specify.Required: No
Type: AuthParameters
Update requires: No interruption
Description-
A description for the connection to create.
Required: No
Type: String
Maximum:
512Update requires: No interruption
InvocationConnectivityParameters-
For connections to private APIs, the parameters to use for invoking the API.
For more information, see Connecting to private APIs in the Amazon EventBridge User Guide .
Required: No
Type: InvocationConnectivityParameters
Update requires: No interruption
Name-
The name for the connection to create.
Required: No
Type: String
Pattern:
[\.\-_A-Za-z0-9]+Minimum:
1Maximum:
64Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the connection that was created by the
request.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Arn-
The ARN of the connection that was created by the request.
AuthParameters.ConnectivityParameters.ResourceParameters.ResourceAssociationArn-
For connections to private APIs, the Amazon Resource Name (ARN) of the resource association EventBridge created between the connection and the private API's resource configuration.
For more information, see Managing service network resource associations for connections in the Amazon EventBridge User Guide .
InvocationConnectivityParameters.ResourceParameters.ResourceAssociationArn-
For connections to private APIs, the Amazon Resource Name (ARN) of the resource association EventBridge created between the connection and the private API's resource configuration.
For more information, see Managing service network resource associations for connections in the Amazon EventBridge User Guide .
SecretArn-
The ARN for the secret created for the connection.
Examples
Create a connection with ApiKey authorization parameters
The following example creates a connection named pagerduty-connection using ApiKey authorization and stores a secret from Secrets Manager.
JSON
{ "PagerDutyConection": "Type" : "AWS::Events::Connection", "Properties" : { "Name" : "pagerduty-connection", "AuthorizationType" : "API_KEY", "AuthParameters" : { "ApiKeyAuthParameters" : { "ApiKeyName" : "Authorization", "ApiKeyValue" : "{{resolve:secretsmanager:arn:aws:secretsmanager:us-west-2:123456789012:secret:pagerdutyApiToken-S9SoDa}}"}, "AdditionalParameters" : { "BodyParameters" : { "routing_key" : "my-pagerduty-integration-key", }, }, }, } }
YAML
PagerDutyConection: Type: AWS::Events::Connection Properties: Name: 'pagerduty-connection' AuthorizationType: API_KEY AuthParameters: ApiKeyAuthParameters: ApiKeyName: Authorization ApiKeyValue: '{{resolve:secretsmanager:arn:aws:secretsmanager:us-west-2:123456789012:secret:pagerdutyApiToken-S9SoDa}}' AdditionalParameters: BodyParameters: routing_key: 'my-pagerduty-integration-key'
Create a connection with OAuth authorization parameters
The following example creates a connection named auth0-connection using OAuth authorization and stores a secret from Secrets Manager.
JSON
{ "Auth0Connection": "Type" : "AWS::Events::Connection", "Properties": { "Name" : "auth0-connection", "AuthorizationType" : "OAUTH_CLIENT_CREDENTIALS", "AuthParameters" : { "OAuthParameters": { "ClientParameters" : { "ClientId": "{{resolve:secretsmanager:arn:aws:secretsmanager:us-west-2:123456789012:secret:auth0ClientId}}", "ClientSecret": "{{resolve:secretsmanager:arn:aws:secretsmanager:us-west-2:123456789012:secret:auth0ClientSecret}}", }, "AuthorizationEndpoint" : "https://yourUserName.us.auth0.com/oauth/token", "HttpMethod" : "POST", "AdditionalParameters" : { "BodyParameters: { "audience" : "my-auth0-identifier", }, }, }, }, } }
YAML
Auth0Connection: Type: AWS::Events::Connection Properties: Name: 'auth0-connection' AuthorizationType: OAUTH_CLIENT_CREDENTIALS AuthParameters: OAuthParameters: ClientParameters: ClientId: '{{resolve:secretsmanager:arn:aws:secretsmanager:us-west-2:123456789012:secret:auth0ClientId}}' ClientSecret: '{{resolve:secretsmanager:arn:aws:secretsmanager:us-west-2:123456789012:secret:auth0ClientSecret}}' AuthorizationEndpoint: 'https://yourUserName.us.auth0.com/oauth/token' HttpMethod: POST AdditionalParameters: BodyParameters: audience: 'my-auth0-identifier' #Note: This AdditionalParameters field is a child of OAuthParameters entry, meaning it's only sent with the token exchange
