Why is my Amazon SQS queue not receiving EventBridge notifications?

2 minute read

I set up an Amazon EventBridge rule to send notifications to my Amazon Simple Queue Service (Amazon SQS), but my SQS didn’t receive the event notifications.

Resolution

Review the Amazon CloudWatch metrics of EventBridge rule to confirm the invocation failures

Select the time range in the CloudWatch metrics dashboard to review TriggeredRules, and the Invocation and FailedInvocations CloudWatch metrics.

The Invocation data indicates that the rule invoked the target. However, the FailedInvocations data shows that the target wasn't invoked. FailedInvocations represent a permanent failure and might be the result of incorrect permissions or a misconfiguration of the target. For more information, see EventBridge metrics.

To confirm if the SQS queue received notification, check the NumberOfMessagesSent CloudWatch metrics of the SQS queue.

Confirm that you granted EventBridge the required permissions to send messages to your SQS queue

Your Amazon SQS queue resource-based policy must allow EventBridge to send messages to the queue. For example, events.amazonaws.com must be listed as the Service Principal and sqs:SendMessage must be listed as the Action value.

Example SQS queue resource-based policy statement that allows EventBridge to send messages to an Amazon SQS queue.

{
      "Sid": "AWSEvents_custom-eventbus-ack-sqs-rule_dlq_sqs-rule-target",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:region:account-id:queue-name",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:events:region:account-id:rule/bus-name/rule-name"
        }
      }
    }

Confirm that your encrypted SQS queue has the required AWS Key Management Service permissions

If your SQS queue is encrypted, then create a customer managed AWS KMS key. Make sure to include the kms:GenerateDataKey and kms:Decrypt permission in your KMS key policy. These additions allow EventBridge to send messages to the encrypted queue. For more information, see Configuring AWS KMS permissions.

Use a custom AWS key to set up the required AWS KMS permissions:

Example KMS key policy that allows EventBridge to send events to an encrypted SQS queue

{
    "Sid": "Allow EventBridge to use the key",
    "Effect": "Allow",
    "Principal": {
        "Service": "events.amazonaws.com"
    },
    "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey"
    ],
    "Resource": "*"
},/code>

Related information

Getting started with Amazon EventBridge

Topics

Serverless Application Integration

Relevant content

Eventbridge rule not triggering the target
IndieGameDeveloperFromParallelWorld
asked 7 months ago
Can't get EventBridge rule to create a message in SQS
AWS-User-1197982
asked 2 years ago
EventBridge Pipe with SQS/SNS not functioning
Accepted Answer
Billy
asked 8 months ago
cloudwatch log not reporting value in sqs queue metric
JessDL
asked 10 months ago
Troubleshooting EventBridge Cross-Account Event Routing Failure to SQS Queue
rePost-User-3438484
asked a year ago
How can I troubleshoot issues with Amazon EventBridge rules?
AWS OFFICIALUpdated a year ago
Why is the EventBridge rule that was created using AWS CLI or AWS CloudFormation failing to invoke its target?
AWS OFFICIALUpdated a year ago
Why wasn't my Lambda function triggered by my EventBridge rule?
AWS OFFICIALUpdated 10 months ago
Why is my Amazon SNS topic not receiving EventBridge notifications?
AWS OFFICIALUpdated 2 years ago
AWS B2B Data Interchange now publishes events to Amazon EventBridge
EXPERT
AWS Transfer Family
published 4 months ago