EventBridge API invoke

Question

Hello Team,
We have done the necessary configuration on eventbridge rule to invoke a private API EndPoint, but still the API endpoint invocation is failing. Any assistance highly appreciated.

re:Post Agent · Answer

I understand you're having trouble with an EventBridge rule invoking a private API endpoint. There are a few things to check:

1. API Gateway Resource Policy: Ensure you've added the correct permission to your API Gateway endpoint's policy. The policy should allow the EventBridge service (events.amazonaws.com) to perform the "execute-api:Invoke" action. The policy should include a condition that specifies the ARN of your EventBridge rule.

2. IAM Permissions: Verify that EventBridge has the necessary IAM permissions to access the API Gateway and invoke the endpoint.

3. Network Configuration: For private APIs, ensure that your network configuration allows EventBridge to reach the endpoint. EventBridge API destinations currently only support public domain names with publicly trusted certificates for HTTPS endpoints when using private APIs.

4. Rule Configuration: Double-check your EventBridge rule configuration. Make sure the rule is enabled and associated with the correct event bus.

5. Region Considerations: If you're dealing with global services, remember that some events may only be available in specific regions (like US East (N. Virginia) for IAM events).

6. Logging and Monitoring: Enable CloudTrail logs for both EventBridge and API Gateway to get more detailed error messages. You can also set up CloudWatch metrics to monitor your rule's performance.

7. Retry Mechanism: EventBridge will retry failed invocations for up to 24 hours. If you're experiencing high event volumes, consider setting up a dead-letter queue to capture any events that fail to be delivered.

If you've verified all these points and are still experiencing issues, you may want to review the exact error messages you're receiving and potentially reach out to AWS support for more specific assistance.

**Sources**  
[The client is not authorized to perform this operation" Error with Amazon EventBridge call to API Gateway | AWS re:Post](https://repost.aws/questions/QUq653oVQzQbW84WEYc9T3oA/the-client-is-not-authorized-to-perform-this-operation-error-with-amazon-eventbridge-call-to-api-gateway)  
[EventBridge rule not triggered | AWS re:Post](https://repost.aws/questions/QUP55fugBBRXyLyfCHQxybpw/eventbridge-rule-not-triggered)  
[Using resource-based policies for Amazon EventBridge - Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-use-resource-based.html)  
[API destinations as targets in Amazon EventBridge - Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html)

EventBridge API invoke

Relevant content