AWS EventBridge provides a serverless event bus service that enables you to collect and route data from your applications and services to any target destination. By integrating EventBridge with Coralogix, you can stream real-time application data for comprehensive monitoring and analysis.

## Requirements

- AWS account
- Amazon EventBridge event bus created

## Create an API destination to Coralogix

1.

Go to **EventBridge** > **API destinations**, and create a new API destination.

For the **API destination endpoint**, select the https://ingress.\[[DOMAIN_VALUE]\]/aws/event-bridge endpoint that corresponds to your Coralogix [domain](https://coralogix.com/docs/user-guides/account-management/account-settings/coralogix-domain/index.md) using the domain selector at the top of the page.

Create a new connection:

4.

Optionally, specify the application and subsystem name.

Select **Invocation Http Parameters** and add 2 parameters as shown in the screenshot below. The values can be anything you would like to identify the logs with.

5.

To send your data to Coralogix, create your unique [**Coralogix Send-Your-Data API key**](https://coralogix.com/docs/user-guides/account-management/api-keys/send-your-data-api-key/index.md) and fill the values as detailed below.

| Setting            | Value                                 |
| ------------------ | ------------------------------------- |
| Authorization type | API Key                               |
| API Key Name       | `x-amz-event-bridge-access-key`       |
| API Key Value      | Your Coralogix Send-Your-Data API key |

## Create an EventBridge Rule

1.

Create a rule to route the events to the API destination. On the **Buses** section, select **Rules**.

2.

Select **Create rule**

3.

Give the rule a name, select the correct **event bus**, and select **Next**.

4.

For **Event pattern** (source), scroll down and select the desired source. "GuardDuty Findings", for example.

5.

Select EventBridge API destination as the target.

Every event that goes to the selected event bus will be sent to Coralogix.

## CloudFormation

You can automate the EventBridge setup using the [AWS EventBridge CloudFormation template](https://coralogix.com/docs/external/cloudformation-coralogix-aws/aws-integrations/eventbridge/index.md).

| Parameter           | Description                                                  | Required |
| ------------------- | ------------------------------------------------------------ | -------- |
| `ApplicationName`   | Coralogix application name                                   | ✓        |
| `SubsystemName`     | Coralogix subsystem name                                     | ✓        |
| `EventbridgeStream` | AWS EventBridge delivery stream name                         | ✓        |
| `RoleName`          | IAM role name for EventBridge                                | ✓        |
| `PrivateKey`        | Coralogix Send-Your-Data API key                             | ✓        |
| `CoralogixRegion`   | Coralogix account region (EU1, EU2, AP1, AP2, AP3, US1, US2) | ✓        |
| `CustomUrl`         | Custom Coralogix endpoint URL                                |          |

## Terraform Module Setup

Using **Coralogix Terraform modules**, you can install and manage the EventBridge integration as modules in your infrastructure code. Modules are available on [GitHub](https://github.com/coralogix/terraform-coralogix-aws/) and the [Terraform Registry](https://registry.terraform.io/modules/coralogix/aws/coralogix/latest). For the full module reference, see [AWS EventBridge Terraform Module](https://coralogix.com/docs/external/terraform-coralogix-aws/modules/eventbridge/index.md).

**Requirements**

| Provider  | Version |
| --------- | ------- |
| terraform | >= 1.9  |
| aws       | >= 6.0  |

```hcl
module "eventbridge_coralogix" {
  source             = "coralogix/aws/coralogix//modules/eventbridge"
  eventbridge_stream = var.coralogix_eventbridge_stream_name
  role_name          = var.eventbridge_role_name
  private_key        = var.coralogix_privatekey
  coralogix_region   = var.coralogix_region
  application_name   = var.application_name
}
```

| Variable             | Description                                                  | Required |
| -------------------- | ------------------------------------------------------------ | -------- |
| `eventbridge_stream` | AWS EventBridge delivery stream name                         | ✓        |
| `role_name`          | IAM role name for EventBridge                                | ✓        |
| `private_key`        | Coralogix Send-Your-Data API key                             | ✓        |
| `coralogix_region`   | Coralogix region (EU1, EU2, AP1, AP2, AP3, US1, US2, Custom) | ✓        |
| `application_name`   | Coralogix application name                                   | ✓        |
| `sources`            | EventBridge event sources to match                           |          |
| `policy_name`        | IAM policy name                                              |          |
| `custom_url`         | Custom Coralogix endpoint                                    |          |
| `detail_type`        | EventBridge detail type filter                               |          |

## Notes

A "resources" key is present in the AWS EventBridge and [Cloudtrail](https://coralogix.com/docs/integrations/aws/forward-aws-logs-via-lambda-shipper/index.md) integrations. If you are integrating both EventBridge and CloudTrail logs, create a parsing rule to rename the mentioned field to avoid mapping conflicts.

## Additional resources

|                     |                                                                                             |
| ------------------- | ------------------------------------------------------------------------------------------- |
| Coralogix Endpoints | [Coralogix Endpoints](https://coralogix.com/docs/integrations/coralogix-endpoints/index.md) |
