Amazon EventBridge to Amazon SNS

Sign Up to Build

About this Architecture

Here is some information about this architecture.

How to Build This Solution

Here are the steps you can follow to build this solution on your own.

This project will guide you through the integration of Amazon EventBridge with Simple Notification Service (SNS). You'll create an event-driven architecture that leverages EventBridge to detect specific events and trigger notifications via SNS. This approach enables real-time alerts and enhances your ability to respond to significant events within your system.

Get Your AWS Credentials

If you're using the Skillmix Labs feature, open the lab settings (the beaker icon) on the right side of the code editor. Then, click the Start Lab button to start hte lab environment.

Wait for the credentials to load. Then run this in the terminal.

Be sure to enter in your own access key and secret key and name your profile 'smx-lab'.

$ aws configure --profile smx-lab
AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [None]: us-west-2
Default output format [None]: 

Note: If you're using your own AWS account you'll need to ensure that you've created and configured a named AWS CLI profile named smx-lab.

Create the Terraform Config

Next, we'll create the required_providers config. This config is used to specify the required providers for our Terraform project. In this case, we are requiring the aws provider from HashiCorp with a version constraint of ~> 3.27.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.27"
  required_version = ">= 0.14.9"

Create the aws Config

Next, we'll create the aws config which is used to configure the AWS provider in Terraform. This config specifies the AWS profile to use, which is 'smx-lab', and the region to operate in, which is 'us-west-2'.

provider "aws" {
  profile = "smx-lab"
  region  = "us-west-2"

Create the aws_caller_identity Config

Next, we'll create the aws_caller_identity config. This config is used to retrieve information about the AWS caller identity, such as the AWS account ID and the ARN of the IAM user or role making the request.

data "aws_caller_identity" "current" {
  # No configuration required

Create the aws_sns_topic Config

Next, we'll create the aws_sns_topic config. This config is used to create an Amazon Simple Notification Service (SNS) topic.

resource "aws_sns_topic" "MySNSTopic" {

Create the aws_sns_topic_policy Config

Next, we'll create the aws_sns_topic_policy config. This config is used to define the policy for an AWS SNS topic.

resource "aws_sns_topic_policy" "default" {
  arn     = "${aws_sns_topic.MySNSTopic.arn}"
  policy  = <<EOF
    "Version": "2008-10-17",
    "Statement": [
        "Effect": "Allow",
        "Principal": {
          "Service": ""
        "Action": "sns:Publish",
        "Resource": "${aws_sns_topic.MySNSTopic.arn}",
        "Condition": {
          "ArnEquals": {
            "aws:SourceArn": "${aws_cloudwatch_event_rule.MyEventRule.arn}"

This config creates an AWS SNS topic policy that allows the service to publish messages to the specified SNS topic. The policy also includes a condition that ensures the source ARN of the event rule matches the specified CloudWatch event rule ARN.

Create the aws_cloudwatch_event_rule Config

Next, we'll create the aws_cloudwatch_event_rule config. This config is used to define an event rule in AWS CloudWatch. In this example, we are creating a rule named MyEventRule with an event pattern that filters events based on the AWS account ID and the source being demo.sns.

resource "aws_cloudwatch_event_rule" "MyEventRule" {
  event_pattern = <<PATTERN
    "account": ["${data.aws_caller_identity.current.account_id}"],
    "source": ["demo.sns"]

Create the aws_cloudwatch_event_target Config

Next, we'll create the aws_cloudwatch_event_target config. This config is used to define a target for an Amazon CloudWatch event rule. In this case, we are creating a target named MyRuleTarget that is associated with the event rule MyEventRule and the Amazon SNS topic MySNSTopic.

resource "aws_cloudwatch_event_target" "MyRuleTarget" {
  rule = "${}"
  arn  = "${aws_sns_topic.MySNSTopic.arn}"

Create the SNS-Topic Config

Next, we'll create the SNS-Topic config. This config is used to define an output variable named 'SNS-Topic' which retrieves the name of an AWS SNS topic created with the resource 'aws_sns_topic.MySNSTopic'. The output variable has a value attribute that references the name of the SNS topic and a description attribute that provides a brief description of the topic.

output {
  SNS-Topic = {
    value       = "${}"
    description = "The SNS Topic Name"

Create the SNS-Topic-ARN Config

Next, we'll create the SNS-Topic-ARN config. This config is used to define the output value for the SNS Topic ARN.

output {
  SNS-Topic-ARN = {
    value       = "${aws_sns_topic.MySNSTopic.arn}"
    description = "The SNS Topic ARN"

Deploy the Solution

Let's deploy this thing! If you haven't done so, start the Skillmix lab session and get the account credentials. Configure your Terraform environment to use those credentials.

Then, open a terminal or command prompt, navigate to the folder with your Terraform file, and execute these commands:

# initiatlize the project 
$ terraform init 

# show the plan 
$ terraform plan 

# apply the changes 
$ terraform apply

Wait for the changes to be applied before proceeding.

Test the Solution

Use the AWS CLI to send a test event to EventBridge:

  1. Subscribe your email address to the SNS topic:

    aws sns subscribe --topic-arn ENTER_YOUR_TOPIC_ARN --protocol email-json --notification-endpoint ENTER_YOUR_EMAIL_ADDRESS
  • Click the confirmation link delivered to your email to verify the endpoint.

  • Send an event to EventBridge:

    aws events put-events --entries file://event.json
  • The event is delivered to your email address.