> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bronto.io/llms.txt
> Use this file to discover all available pages before exploring further.
# AWS EventBridge API Destinations
> Route AWS service events directly to Bronto using Amazon EventBridge API Destinations, with no Lambda function required for forwarding or transformation.
## When to Use EventBridge
EventBridge API Destinations are a good fit when you want to:
* Forward **AWS service events** into Bronto without writing or maintaining a Lambda function
* Ingest audit and compliance data such as CloudTrail events, GuardDuty findings, or AWS Config change notifications
* React to ECS task state changes, EC2 instance events, or other AWS operational events in near real-time
For application logs or traces from running workloads, use [ADOT](./aws-adot), [FireLens](./aws-firelens), or the [CloudWatch Log Forwarder](./aws-client-cloudwatch) instead.
***
## Supported AWS Services
EventBridge API Destinations work with any AWS service that publishes to the default event bus:
| Service | Log / event type |
| ------------------ | ----------------------------------------------- |
| AWS CloudTrail | Management and data event audit records |
| AWS GuardDuty | Security threat findings |
| Amazon DynamoDB | Table state changes (via CloudTrail) |
| AWS Config | Resource configuration change events |
| Amazon ECS | Task and container state changes |
| Amazon EC2 | Instance state change notifications |
| AWS Health | Service health and scheduled maintenance events |
| AWS Step Functions | State machine execution events |
| AWS WAF | Rule match events (via CloudTrail) |
Any other AWS service that publishes events to EventBridge can be captured by adding the appropriate rule pattern. See the [AWS documentation on EventBridge event sources](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-service-event.html) for the full list.
***
## How it Works
[EventBridge API Destinations](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html) allow EventBridge rules to POST matched events directly to any HTTP endpoint. You define:
1. A **Connection** — stores the authentication credentials (your Bronto API key)
2. An **API Destination** — points to Bronto's ingestion endpoint using the connection
3. A **Rule** — matches the AWS events you want to capture and targets the API Destination
EventBridge delivers events as JSON payloads, handled retries natively, and requires no Lambda or additional infrastructure.
***
## Bronto Ingestion Endpoint
EventBridge posts JSON payloads, so it targets the Bronto base endpoint (no path), which accepts JSON:
| Region | Endpoint |
| ------ | -------------------------------- |
| EU | `https://ingestion.eu.bronto.io` |
| US | `https://ingestion.us.bronto.io` |
Do not use the `/v1/logs` path with EventBridge. That endpoint accepts only OTLP protobuf via an OTel-compatible agent. EventBridge sends JSON and must target the base endpoint.
See [API Keys](/Account-Management/API-Keys) for how to generate a key.
***
## Setup
### Step 1 — Create an EventBridge Connection
The connection stores your Bronto API key as a custom authorisation header.
In the AWS Console, go to **EventBridge → API Destinations → Connections → Create connection**:
| Field | Value |
| ------------------ | ------------------- |
| Connection name | `bronto-connection` |
| Authorization type | `API Key` |
| API key name | `x-bronto-api-key` |
| API key value | `` |
Via AWS CLI:
```bash theme={"dark"}
aws events create-connection \
--name bronto-connection \
--authorization-type API_KEY \
--auth-parameters '{
"ApiKeyAuthParameters": {
"ApiKeyName": "x-bronto-api-key",
"ApiKeyValue": ""
}
}'
```
### Step 2 — Create an API Destination
In **EventBridge → API Destinations → Create API destination**:
| Field | Value |
| ------------------------ | --------------------------------------- |
| Name | `bronto-destination` |
| API destination endpoint | `https://ingestion..bronto.io` |
| HTTP method | `POST` |
| Connection | `bronto-connection` (from Step 1) |
| Rate limit | Set based on your expected event volume |
### Step 3 — Create an EventBridge Rule
Create a rule that matches the events you want to forward and targets the API Destination.
Example: forward all CloudTrail management events:
```json theme={"dark"}
{
"source": ["aws.cloudtrail"],
"detail-type": ["AWS API Call via CloudTrail"]
}
```
Example: forward GuardDuty findings:
```json theme={"dark"}
{
"source": ["aws.guardduty"],
"detail-type": ["GuardDuty Finding"]
}
```
Set the rule target to the `bronto-destination` API Destination created in Step 2.
***
## Data Organization
EventBridge Connections support custom HTTP headers via `InvocationHttpParameters`. Use these to set Bronto's recommended headers — see [Data Organization](/Search-and-Visualize/Partitions) for how datasets, collections, and tags work.
| Header | Description |
| --------------------- | ---------------------------------------- |
| `x-bronto-dataset` | Dataset to ingest into |
| `x-bronto-collection` | Collection name |
| `x-bronto-tags` | Comma-separated tags to attach to events |
Add them when creating or updating the Connection:
```bash theme={"dark"}
aws events update-connection \
--name bronto-connection \
--auth-parameters '{
"ApiKeyAuthParameters": {
"ApiKeyName": "x-bronto-api-key",
"ApiKeyValue": ""
},
"InvocationHttpParameters": {
"HeaderParameters": [
{ "Key": "x-bronto-dataset", "Value": "", "IsValueSecret": false },
{ "Key": "x-bronto-collection", "Value": "", "IsValueSecret": false },
{ "Key": "x-bronto-tags", "Value": "env=prod,source=eventbridge", "IsValueSecret": false }
]
}
}'
```
To route different rules to different datasets, create one Connection per dataset and attach a separate API Destination to each.
***
## Cost Notes
* No Lambda compute cost — EventBridge delivers events directly.
* You pay for EventBridge custom event publishing and API Destination invocations, which are typically very low cost relative to log ingestion alternatives.
***
For assistance, contact [support@bronto.io](mailto:support@bronto.io).