Posted On: May 14, 2024

Amazon EventBridge announces support for Amazon Key Management Service (KMS) Customer Managed Keys (CMK) on Event Buses. This capability allows you to encrypt your events using your own keys instead of an AWS owned key (which is used by default). With support for CMK, you now have more fine grained security control over your events, satisfying your company’s security requirements and governance policies.

Amazon EventBridge Event Bus is a serverless event router that enables you to create scalable event-driven applications by routing events between your own applications, third-party SaaS applications, and AWS services. You can set up rules to determine where to send your events, allowing applications to react to changes in your events as they occur.

Customer managed Keys (CMK) are KMS keys that you create and manage by yourself. You can also audit and track usage of your keys via CloudTrail when keys are used for encryption in EventBridge. You can encrypt your custom and partner events by enabling CMK on custom, partner or default buses and you will only be charged for the customer managed key by KMS. Optionally, you can also add Dead Letter Queues (DLQs) for your event buses to persist events that could not be decrypted for rule matching because of misconfigured permisions. 

CMK support is now available in all AWS Commercial Regions where EventBridge is available. To learn more, read EventBridge documentation and KMS documentation.