Posted On: May 20, 2024
Amazon EventBridge announces support for Amazon Key Management Service (KMS) Customer Managed Keys (CMK) on Event Buses. This capability allows you to encrypt your events using your own keys instead of an Amazon Web Services owned key (which is used by default). With support for CMK, you now have more fine grained security control over your events, satisfying your company’s security requirements and governance policies.
Amazon EventBridge Event Bus is a serverless event router that enables you to create scalable event-driven applications by routing events between your own applications, third-party SaaS applications, and Amazon Web Services services. You can set up rules to determine where to send your events, allowing applications to react to changes in your events as they occur.
Customer managed Keys (CMK) are KMS keys that you create and manage by yourself. You can also audit and track usage of your keys via CloudTrail when keys are used for encryption in EventBridge. You can encrypt your custom and partner events by enabling CMK on custom, partner or default buses and you will only be charged for the customer managed key by KMS. Optionally, you can also add Dead Letter Queues (DLQs) for your event buses to persist events that could not be decrypted for rule matching because of misconfigured permissions.
CMK support in Amazon EventBridge is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more, read EventBridge documentation and KMS documentation.