AWS Security ChangesHomeSearch

AWS eventbridge documentation change

Service: eventbridge · 2026-03-04 · Documentation medium

File: eventbridge/latest/userguide/eb-use-resource-based.md

Summary

Added warning about RoleArn usage with resource-based policies and KMS encryption

Security assessment

Documents configuration best practices to prevent event delivery failures, particularly with encrypted targets. Security-adjacent but not a vulnerability fix.

Diff

diff --git a/eventbridge/latest/userguide/eb-use-resource-based.md b/eventbridge/latest/userguide/eb-use-resource-based.md
index a67f5062c..d834b0369 100644
--- a//eventbridge/latest/userguide/eb-use-resource-based.md
+++ b//eventbridge/latest/userguide/eb-use-resource-based.md
@@ -10,0 +11,4 @@ When a [rule](./eb-rules.html) runs in EventBridge, all of the [targets](./eb-ta
+###### Important
+
+For targets that use resource-based policies (Lambda, Amazon SNS, Amazon SQS, and Amazon CloudWatch Logs), do not specify a `RoleArn` in the target configuration. When you specify a `RoleArn` for these target types, event delivery may fail, particularly for Amazon SQS and Amazon SNS targets with AWS KMS encryption enabled. Use resource-based policies only for these targets.
+