Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bronto.io/llms.txt

Use this file to discover all available pages before exploring further.

When to Use EventBridge

EventBridge API Destinations are a good fit when you want to:
  • Forward AWS service events into Bronto without writing or maintaining a Lambda function
  • Ingest audit and compliance data such as CloudTrail events, GuardDuty findings, or AWS Config change notifications
  • React to ECS task state changes, EC2 instance events, or other AWS operational events in near real-time
For application logs or traces from running workloads, use ADOT, FireLens, or the CloudWatch Log Forwarder instead.

Supported AWS Services

EventBridge API Destinations work with any AWS service that publishes to the default event bus:
ServiceLog / event type
AWS CloudTrailManagement and data event audit records
AWS GuardDutySecurity threat findings
Amazon DynamoDBTable state changes (via CloudTrail)
AWS ConfigResource configuration change events
Amazon ECSTask and container state changes
Amazon EC2Instance state change notifications
AWS HealthService health and scheduled maintenance events
AWS Step FunctionsState machine execution events
AWS WAFRule match events (via CloudTrail)
Any other AWS service that publishes events to EventBridge can be captured by adding the appropriate rule pattern. See the AWS documentation on EventBridge event sources for the full list.

How it Works

EventBridge API Destinations allow EventBridge rules to POST matched events directly to any HTTP endpoint. You define:
  1. A Connection — stores the authentication credentials (your Bronto API key)
  2. An API Destination — points to Bronto’s ingestion endpoint using the connection
  3. A Rule — matches the AWS events you want to capture and targets the API Destination
EventBridge delivers events as JSON payloads, handled retries natively, and requires no Lambda or additional infrastructure.

Bronto Ingestion Endpoint

EventBridge posts JSON payloads, so it targets the Bronto base endpoint (no path), which accepts JSON:
RegionEndpoint
EUhttps://ingestion.eu.bronto.io
UShttps://ingestion.us.bronto.io
Do not use the /v1/logs path with EventBridge. That endpoint accepts only OTLP protobuf via an OTel-compatible agent. EventBridge sends JSON and must target the base endpoint.
See API Keys for how to generate a key.

Setup

Step 1 — Create an EventBridge Connection

The connection stores your Bronto API key as a custom authorisation header. In the AWS Console, go to EventBridge → API Destinations → Connections → Create connection:
FieldValue
Connection namebronto-connection
Authorization typeAPI Key
API key namex-bronto-api-key
API key value<YOUR_API_KEY>
Via AWS CLI: 
aws events create-connection \
  --name bronto-connection \
  --authorization-type API_KEY \
  --auth-parameters '{
    "ApiKeyAuthParameters": {
      "ApiKeyName": "x-bronto-api-key",
      "ApiKeyValue": "<YOUR_API_KEY>"
    }
  }'

Step 2 — Create an API Destination

In EventBridge → API Destinations → Create API destination:
FieldValue
Namebronto-destination
API destination endpointhttps://ingestion.<REGION>.bronto.io
HTTP methodPOST
Connectionbronto-connection (from Step 1)
Rate limitSet based on your expected event volume

Step 3 — Create an EventBridge Rule

Create a rule that matches the events you want to forward and targets the API Destination. Example: forward all CloudTrail management events: 
{
  "source": ["aws.cloudtrail"],
  "detail-type": ["AWS API Call via CloudTrail"]
}
Example: forward GuardDuty findings: 
{
  "source": ["aws.guardduty"],
  "detail-type": ["GuardDuty Finding"]
}
Set the rule target to the bronto-destination API Destination created in Step 2.

Data Organization

EventBridge Connections support custom HTTP headers via InvocationHttpParameters. Use these to set Bronto’s recommended headers — see Data Organization for how datasets, collections, and tags work.
HeaderDescription
x-bronto-datasetDataset to ingest into
x-bronto-collectionCollection name
x-bronto-tagsComma-separated tags to attach to events
Add them when creating or updating the Connection: 
aws events update-connection \
  --name bronto-connection \
  --auth-parameters '{
    "ApiKeyAuthParameters": {
      "ApiKeyName": "x-bronto-api-key",
      "ApiKeyValue": "<YOUR_API_KEY>"
    },
    "InvocationHttpParameters": {
      "HeaderParameters": [
        { "Key": "x-bronto-dataset", "Value": "<YOUR_DATASET_NAME>", "IsValueSecret": false },
        { "Key": "x-bronto-collection", "Value": "<YOUR_COLLECTION_NAME>", "IsValueSecret": false },
        { "Key": "x-bronto-tags", "Value": "env=prod,source=eventbridge", "IsValueSecret": false }
      ]
    }
  }'
To route different rules to different datasets, create one Connection per dataset and attach a separate API Destination to each.

Cost Notes

  • No Lambda compute cost — EventBridge delivers events directly.
  • You pay for EventBridge custom event publishing and API Destination invocations, which are typically very low cost relative to log ingestion alternatives.
For assistance, contact support@bronto.io.