All Products
Search

This Product

    EventBridge:Route events to EventBridge

    Document Center

    EventBridge:Route events to EventBridge

    Last Updated:Oct 31, 2025

    EventBridge lets you route events within the same Alibaba Cloud account or to a different Alibaba Cloud account. You can use event rules to filter events and route them to an EventBridge bus in the same or a different Alibaba Cloud account. This topic describes the prerequisites, background information, usage notes, and procedure for routing events to EventBridge.

    Prerequisites

    Activate EventBridge and grant permissions

    Background information

    Feature 1: Same-account routing

    The following figure shows a scenario where events are routed within the same Alibaba Cloud account. In this scenario, the default event bus and custom event buses A, B, and C all belong to Alibaba Cloud account A. You can route events from any of these event buses to other custom event buses within the same account for centralized processing.同账号路由

    Feature 2: Cross-account routing

    The following figure shows a scenario where events are routed across Alibaba Cloud accounts. In this scenario, Alibaba Cloud account A and Alibaba Cloud account B belong to the same organization or related organizations. You can route events from Resource Access Management (RAM) users of the sending account (Account A) to the event bus of the receiving account (Account B) for centralized processing. The procedure is as follows:

    1. The receiving account (Account B) creates a RAM role. The trusted entity is the sending account (Account A).

    2. Account B grants the RAM role the permission to publish events. Account A can then assume the RAM role to publish events to Account B.

    3. Account B modifies the trust policy of the RAM role to grant its Alibaba Cloud services permission to publish events. The Alibaba Cloud services of Account B can then assume the RAM role to publish events to Account B.

    4. Account A creates an event rule to route events to the bus of Account B.

    跨账号路由事件

    Note

    An event bus in the receiving account can accept events from multiple sending accounts. The aliyunoriginalaccountid extension field in these events identifies the source account. The receiving account can filter events based on the aliyunoriginalaccountid field.

    Usage notes

    • Both same-account and cross-account routing support routing events between different regions.

    • Events from a default event bus can be routed only to a custom event bus. Events from a custom event bus can also be routed only to another custom event bus.

    Route events within the same account

    1. Log on to the EventBridge console. In the navigation pane on the left, click Event Buses.

    2. In the top navigation bar, select a region. On the Event Buses page, click default (System Event Bus).

    3. In the left-side navigation pane, click Event Rules. On the page that appears, click Create Rule.

    4. In the Create Rule wizard, complete the following steps.

      1. On the Configure Basic Info tab, set Name and Description for the rule, and then click Next.

      2. On the Configure Event Pattern tab, configure the following parameters, and then click Next.

        • Event Source: Select the Alibaba Cloud service event source from which you want to deliver events.

        • Event Type: Select the event type that you want to deliver.

        • Pattern Content: Enter an event pattern.

      3. On the Configure Targets tab, configure the following parameters, and then click Create.

        • Service Type: Select EventBridge.

        • Target Type: Select Same-account Bus.

        • Region: Select the region where the destination event bus is located.

        • Event Bus: Select the destination event bus.

        • Event: The default value is Complete Event. The complete event structure that complies with the CloudEvents 1.0 protocol is delivered without transformation.

        Note

        You can add a maximum of 5 targets to an event rule.

      You can query the event on the destination event bus. For more information, see Query events.

    Route events across accounts

    Step 1: Create a RAM role

    1. Use the receiving account (Account B) to log on to the RAM console.

    2. In the left-side navigation pane, choose Identities > Roles.

    3. On the Roles page, click Create Role.

      image

    4. On the Create Role page, set the Principal Type parameter to Cloud Account, specify an Alibaba Cloud account, and then click OK.

      image

      • Current Account: If you want a RAM user or RAM role that belongs to your Alibaba Cloud account to assume the RAM role, select Current Account.

      • Other Account: If you want a RAM user or RAM role that belongs to a different Alibaba Cloud account to assume the RAM role, select Other Account and enter the ID of the Alibaba Cloud account. This option is provided to grant permissions on resources that belong to different Alibaba Cloud accounts. For more information, see Use a RAM role to grant permissions across Alibaba Cloud accounts. You can view the ID of your Alibaba Cloud account on the Security Settings page.

    5. Configure the role information.

      1. Enter a Role Name.

      2. Optional: Enter a Description.

      3. For Alibaba Cloud account, select Other Alibaba Cloud Account, enter the ID of the sending account (Account A), and then click OK.

    Step 2: Grant permissions to the RAM role

    1. Use the receiving account (Account B) to log on to the RAM console.

    2. In the left-side navigation pane, choose Identities > Roles.

    3. On the Roles page, find the RAM role that you want to manage and click Grant Permission in the Actions column.

      image

      You can also select multiple RAM roles and click Grant Permission in the lower part of the RAM role list to grant permissions to multiple RAM roles at a time.

    4. In the Add Permissions panel, grant permissions to the RAM role.

      1. Select an authorization scope.

        • Account: The permissions take effect within the current Alibaba Cloud account.

        • Resource Group: The permissions take effect within the specified resource group.

          Note

          To grant permissions by resource group, ensure that the Alibaba Cloud service supports resource groups. For more information, see Services that work with Resource Group.

      2. Specify the principal.

        The principal is the RAM role to which you want to grant permissions. The current RAM role is specified by default. You can also add other RAM roles.

      3. Select policies.

        In the Policy Name list, find and select AliyunEventBridgePutEventsPolicy, and then click OK.

        Note

        • You can attach a maximum of five policies at a time. To attach more policies, repeat the operation.

        • If the system policies do not meet your requirements, you can create custom policies for fine-grained permission management. This lets you grant permissions on specific event buses to the sending account. For more information, see Create custom policies.

    Step 3: Modify the trust policy

    1. Use the receiving account (Account B) to log on to the RAM console.

    2. In the left-side navigation pane, choose Identities > Roles.

    3. On the Roles page, click the name of the RAM role that you created.

    4. On the Trust Policy tab, click Edit Trust Policy.

      image

    5. Modify the trust policy document and click Save.

      The following is a sample trust policy:

      {
    "Statement":[
        {
            "Action":"sts:AssumeRole",
            "Effect":"Allow",
            "Principal":{
                "Service":[
                    "${Account A}@eventbridge.aliyuncs.com"
                ]
            }
        }
    ],
    "Version":"1"
}

      After the configuration is complete, EventBridge in the sending account (Account A) can assume the RAM role.

    Step 4: Create an event rule

    1. Use the sending account (Account A) to log on to the EventBridge console. In the navigation pane on the left, click Event Buses.

    2. In the top navigation bar, select a region. On the Event Buses page, click default (System Event Bus).

    3. In the left-side navigation pane, click Event Rules. On the page that appears, click Create Rule.

    4. In the Create Rule wizard, complete the following steps.

      1. On the Configure Basic Info tab, set Name and Description for the rule, and then click Next.

      2. On the Configure Event Pattern tab, configure the following parameters, and then click Next.

        • Event Source: Select the Alibaba Cloud service event source from which you want to deliver events.

        • Event Type: Select the event type that you want to deliver.

        • Pattern Content: Enter an event pattern.

      3. On the Configure Targets tab, configure the following parameters, and then click Create.

        • Service Type: Select EventBridge.

        • Target Type: Select Cross-account Bus.

        • Region: Select the region where the destination account is located.

        • Account ID: Enter the ID of the receiving account (Account B).

        • Bus Name: Enter default.

        • Role: Enter the name of the RAM role that you created.

        • Event: The default value is Complete Event. The complete event structure that complies with the CloudEvents 1.0 protocol is delivered without transformation.

        Note

        You can add a maximum of 5 targets to an event rule.

      You can use the receiving account (Account B) to query the event. For more information, see Query events.