EventBridge Troubleshooting


Team, I'm trying to trigger an event based on the Ec2 tag "key" (Using EventBridge), But it fails.

{ "source": ["aws.ec2"], "detail-type": ["EC2 Instance State-change Notification"], "detail": { "state": ["running"], } }

This creates Event


{ "source": ["aws.ec2"], "detail-type": ["EC2 Instance State-change Notification"], "detail": { "state": ["running"], "tags": ["Name"] } }

Doesn't . I took the json based on the cloudtrail event

"tagSpecificationSet": {
        "items": [
                "resourceType": "instance",
                "tags": [
                        "key": "Name",
                        "value": "Instance3"


  • I believe the problem is with event pattern matching and me not having right source
  • Side note, The sample event in event change not notification doesn't have TAG. So, Is it event possible to use filter event based on TAG with the EventBridge?
1 Answer
Accepted Answer

The issue with your pattern is that you omitted the "Key" from there. It should be something like this (I based it on your example, did not check what the actual event looks like):

  "source": ["aws.ec2"],
  "detail-type": ["EC2 Instance State-change Notification"],
  "detail": { 
    "state": ["running"],
    "tagSpecificationSet": {
      "items": {
        "tags": {
          "key": ["Name"]

Note, the above pattern will match any tag that has a Key = Name. I assume you want to have a rule that matches Name = Instance3. This, i.e., correlating two attributes, is not supported by EventBridge Rules. If all you do is catch events regarding instances that have a tag names Name, this will work.

profile pictureAWS
answered 2 years ago
  • That's a nice catch ! Unfortunately it didn't work . Probably do to with the actual event itself. How can log the events? (I tired DQL , But didn't work) Bcoz I'm now suspecting the Amazon EC2 State Change Event doesn't have "TAG" link https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/EventTypes.html#ec2_event_type . I'm looking for the event when EC2 is successfully created . Based on the event/json, so I can trigger the Run command (Target) by getting the Instance ID .

  • The issue was due to the event not having the TAG

    { "version": "0", "id": "XX", "detail-type": "EC2 Instance State-change Notification", "source": "aws.ec2", "account": "123", "time": "2022-09-05T10:42:39Z", "region": "us-east-1", "resources": [ "XX" ], "detail": { "instance-id": "XX", "state": "running" } }

  • EC2 Instance State-change Notification do not specify tags within the Event JSON, for available JSON properties please see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instance-state-changes.html

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions