Event bridge API destination with OAuth connection not working using cdk


I am trying to create event bridge api destination with OAuth authorization.

var oAuthAuthorizationProps = new OAuthAuthorizationProps
    AuthorizationEndpoint = "authorizationEndpoint",
    ClientId = "clientId",
    ClientSecret =  SecretValue.UnsafePlainText("testSecret"),
    HttpMethod = HttpMethod.POST,

And I'm using these authorization props to create connection:

Connection connection = new Connection(this, "TestConnectionName", new ConnectionProps
    Description = "Test Connection",
    ConnectionName = "TestConnectionName",    
    Authorization = Authorization.Oauth(oAuthAuthorizationProps)

This code is throwing an error when creating the connection with OAuth authorisation:

Error occurred during operation 'AWS::Events::Connection'. (HandlerErrorCode: GeneralServiceException)

But if I change the authorisation to API key, then this is working perfectly fine. Will be really grateful for any help.

1 Answer


From the description, I understand that you are using "Connection" in CDK to create an EventBridge API destination with OAuth authorization and you encountered the below error in the associated CloudFormation stack:

Error occurred during operation 'AWS::Events::Connection'. (HandlerErrorCode: GeneralServiceException)

I would like to inform you that your CDK code looks valid and I do not see anything incorrect syntactically. However, it is possible that few other required parameters/permissions to create the required connection are missing at the moment leading to the error.

The easiest way to understand the exact issue would be to check the "CreateConnection" API call in CloudTrail and then update the CDK code accordingly.

I have also compiled a few other possible causes for the above error for your reference.

  1. The Secret used may have a resource based policy which restricts the CDK roles access to it.
  2. The IAM role used to perform the deployment or any custom Service Control Policies may have a deny statement for access to Secrets.
  3. The authorization parameters used to authorize with the endpoint might be missing few other required parameters. You can refer to the doc if you are making use of any API destination partners.
  4. The values passed in the authorization parameters like the AuthorizationEndpoint or the ClientId might be invalid depending on the use-case.

However, in case, there is no significant lead with the error message displayed in the "CreateConnection" API call, I would recommend reaching out to AWS Support Engineering via Support case with the "EventBridge" team for a deeper investigation specific to your account.

answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions