Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

EventBridge API invocations without a secret

0

It looks like EventBridge invoking my HTTPS API requires a secret. If I’m happy there’s no security issues with completely anonymous calls to my API, is there no way I can configure this without a secret?

I need to deploy this across many accounts, at minimum cost.

Topics
Application IntegrationServerless
Tags
Amazon EventBridge
Language
English
asked a year ago163 views
2 Answers
0

You cannot have an API destination in EventBridge that requires no authentication. EventBridge requires you to specify an authentication method for all API destinations.

However, if your service doesn't have auth requirements, one workaround is to use API Key as the authentication method and create a dummy header with a dummy value. It is also mentioned here.

AWS
answered a year ago
EXPERT
reviewed a year ago
  • O
    a year ago

    That dummy value still ends up in Secrets Manager though, right?

  • Jesus Bernal
    a year ago

    That is correct. It gets stored in Secret Manager and encrypted with the KMS key you choose. There is currently no way to avoid that.

0

Hi,

According to the AWS documentation, it is not possible to create an API destination without authorization. However, the cost of storing the necessary credentials in Secret Manager is already included in the usage charges for the API destination.

When you create a connection and add authorization parameters, EventBridge creates a secret in AWS Secrets Manager. The cost of both storing and accessing the Secrets Manager secret is included with the charge for using an API destination.

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content