Can we trigger AWS Cloudwatch event bridge from AWS config aggregator?


We are trying to trigger a lambda when certain AWS Config rules are breached. Currently, we have linked AWS Config with AWS Cloudwatch event bridge and this triggers the lambda on any rule breach.

This works great for a single region, but for multiple regions, we will have to set up AWS config rules in that region and an event bridge integration, and a lambda handler in that region as well. This is a lot of additional setups to extend this trigger to multiple regions.

So, we set up an AWS Config aggregator which collects AWS config rule breaches from all regions and accounts and consolidates them in one place. If we can set up an AWS Cloudwatch event bridge trigger on the AWS Config Aggregator, it will solve our problem. I could not find anything regarding this.

Also, if there is any other way to solve this problem, please let us know. Any input is greatly appreciated. Thanks.

3 Answers


Unfortunately, the there is no integration in place yet between AWS Config Aggregator feature and AWS CloudWatch event rules. The reason for this is the AWS Config Aggregator feature is supporting Multi-account & Multi-region. However, AWS CloudWatch service (event rules) is a regional service. Therefore, at the moment we can't build Cloudwatch event rule based on the aggregated data received from multi-account & multi-region. Hence, as of now there is no out of the box solution.

However that there is an existing feature request in place for this functionality of including CloudWatch Event Delivery along with the Config Aggregation, As is the case with all feature requests, the internal team takes them seriously and evaluates every request, but we are unable to share any rough ETA for delivering this feature as inclusion of any new feature needs rigorous testing and shall be prioritized along with the team's additional workload. However, any new announcements will be made in our What's New page What's New page [] and our Official Blog [].

answered 2 years ago
  • Hello AWS-User-6158549. Could it worked if the eventbridge rule is created in every region but only in one account with the config aggregator?


any update about this topic?

answered 7 months ago

Today, EventBridge Rules can only match on events published in the same account.

However, you can set as a target of that Rule an Event Bus in another account.

Meaning, you should be able to create rules that match events in each accounts where they're occurring, then route them to a central account and event bus, then process them all there.

answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions