AWS eventbridge documentation change
Summary
Added warning about RoleArn usage with resource-based policies and KMS encryption
Security assessment
Documents configuration best practices to prevent event delivery failures, particularly with encrypted targets. Security-adjacent but not a vulnerability fix.
Diff
diff --git a/eventbridge/latest/userguide/eb-use-resource-based.md b/eventbridge/latest/userguide/eb-use-resource-based.md index a67f5062c..d834b0369 100644 --- a//eventbridge/latest/userguide/eb-use-resource-based.md +++ b//eventbridge/latest/userguide/eb-use-resource-based.md @@ -10,0 +11,4 @@ When a [rule](./eb-rules.html) runs in EventBridge, all of the [targets](./eb-ta +###### Important + +For targets that use resource-based policies (Lambda, Amazon SNS, Amazon SQS, and Amazon CloudWatch Logs), do not specify a `RoleArn` in the target configuration. When you specify a `RoleArn` for these target types, event delivery may fail, particularly for Amazon SQS and Amazon SNS targets with AWS KMS encryption enabled. Use resource-based policies only for these targets. +