Amazon EventBridge近日推出增强日志功能，帮助用户更全面地监控和调试事件驱动应用。新功能提供详细的事件生命周期跟踪，包括事件匹配、发布、传递和失败重试等环节的日志记录。通过生成详细日志条目，用户可以快速识别和诊断问题，显著缩短调试时间。此外，用户可选择将日志发送至CloudWatch Logs、Data Firehose或S3，并支持自定义密钥加密。该功能特别适用于微服务和事件驱动架构，通过丰富的元数据和性能指标，助力开发者高效解决故障。

💡 Amazon EventBridge增强日志功能提供全面的事件生命周期跟踪，包括事件匹配、发布、传递和失败重试等环节的详细日志记录，帮助用户快速识别和诊断问题。

🔧 用户可将日志发送至CloudWatch Logs、Data Firehose或S3，并支持自定义密钥加密，满足不同场景下的日志管理和安全需求。

⏱️ 通过丰富的元数据和性能指标，如延迟时间、处理时长和HTTP状态码，用户可精准定位故障点，高效解决微服务和事件驱动架构中的调试难题。

🛡️ 增强功能特别适用于API目的地调试，通过详细错误信息帮助用户快速识别因认证要求变更或凭证修改导致的失败问题。

<section class="blog-post-content lb-rtxt"><table id="amazon-polly-audio-table"><tbody><tr><td id="amazon-polly-audio-tab"><p></p></td></tr></tbody></table><p>Starting today, you can use enhanced logging capability in <a href="https://aws.amazon.com/eventbridge/?trk=c4ea046f-18ad-4d23-a1ac-cdd1267f942c&amp;amp;sc_channel=el&quot;&gt;Amazon EventBridge</a> to monitor and debug your event-driven applications with comprehensive logs. These new enhancements help improve how you monitor and troubleshoot event flows.</p><p>Here’s how you can find this new capability on the <a href="https://console.aws.amazon.com/events/?trk=c4ea046f-18ad-4d23-a1ac-cdd1267f942c&amp;amp;amp;sc_channel=el&quot;&gt;Amazon EventBridge console</a>:</p><p><img class="aligncenter size-full wp-image-97767 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-0.png&quot; alt="" width="2980" height="1274" /></p><p>The new observability capabilities address microservices and event-driven architecture monitoring challenges by providing comprehensive event lifecycle tracking. EventBridge now generates detailed log entries every time a matched event against rules is published, delivered to subscribers, or encounters failures and retries.</p><p>You gain visibility into the complete event journey with detailed information about successes, failures, and status codes that make identifying and diagnosing issues straightforward. What used to take hours of trial-and-error debugging now takes minutes with detailed event lifecycle tracking and built-in query tools.</p><p><strong>Using Amazon EventBridge enhanced observability<br /></strong>Let me walk you through a demonstration that showcases the logging capability in Amazon EventBridge.</p><p>I can enable logging for an existing event bus or when creating a new custom event bus. First, I navigate to the EventBridge console and choose <strong>Event buses</strong> in the left navigation pane. In <strong>Custom event bus</strong>, I choose <strong>Create event bus</strong>.</p><p><img class="aligncenter wp-image-98141 size-full c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/11/2025-news-evb-logging-1-1.png&quot; alt="" width="2978" height="1580" /></p><p>I can see this new capability in the <strong>Logs</strong> section. I have three options to configure the <strong>Log destination</strong>: <a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html&quot;&gt;Amazon CloudWatch Logs</a>, <a href="https://aws.amazon.com/firehose/&quot;&gt;Amazon Data Firehose</a> Stream, and <a href="https://aws.amazon.com/s3/&quot;&gt;Amazon Simple Storage Service</a> (Amazon S3). If I want to stream my logs into a data lake, I can select Amazon Kinesis Data Firehose Stream. Logs are encrypted in transit with TLS and at rest if a <a href="https://aws.amazon.com/about-aws/whats-new/2024/05/amazon-eventbridge-cmk-event-buses/?trk=c4ea046f-18ad-4d23-a1ac-cdd1267f942c&amp;amp;sc_channel=el&quot;&gt;customer-managed key (CMK) is provided for the event bus</a>. CloudWatch Logs supports customer-managed keys, and Data Firehose offers server-side encryption for downstream destinations.</p><p>For this demo, I select <strong>CloudWatch logs</strong> and <strong>S3 logs</strong>.</p><p><img class="aligncenter size-full wp-image-97769 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-2-1-1.png&quot; alt="" width="1460" height="746" /></p><p>I can also choose <strong>Log level</strong>, from Error, Info, or Trace. I choose <strong>Trace</strong> and select <strong>Include execution data</strong> because I need to review the payloads. You need to be mindful as logging payload data may contain sensitive information, and this setting applies to all log destinations you select. Then, I configure two destinations, one each for <strong>CloudWatch log group</strong> and <strong>S3 logs</strong>. Then I choose <strong>Create</strong>.</p><p><img class="aligncenter size-full wp-image-97770 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-3-1-1.png&quot; alt="" width="1460" height="1240" /></p><p>After logging is enabled, I can start publishing test events to observe the logging behavior.</p><p><img class="aligncenter size-full wp-image-97771 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-4.png&quot; alt="" width="1454" height="1413" /></p><p>For the first scenario, I’ve built an <a href="https://aws.amazon.com/lambda/&quot;&gt;AWS Lambda</a> function and configured this Lambda function as a target.</p><p><img class="aligncenter size-full wp-image-97772 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-5.png&quot; alt="" width="1532" height="659" /></p><p>I navigate to my event bus to send a sample event by choosing <strong>Send events</strong>.</p><p><img class="aligncenter size-full wp-image-97773 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-6.png&quot; alt="" width="2256" height="1268" /></p><p>Here’s the payload that I use:</p><pre class="language-json">{ "Source": "ecommerce.orders", "DetailType": "Order Placed", "Detail": { "orderId": "12345", "customerId": "cust-789", "amount": 99.99, "items": [ { "productId": "prod-456", "quantity": 2, "price": 49.99 } ] }}</pre><p>After I sent the sample event, I can see the logs are available in my S3 bucket.</p><p><img class="aligncenter size-full wp-image-97774 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-7.png&quot; alt="" width="1887" height="843" /></p><p>I can also see the log entries appearing in the Amazon CloudWatch logs. The logs show the event lifecycle, from <code>EVENT_RECEIPT</code> to <code>SUCCESS</code>. Learn more about the complete event lifecycle on TBD:DOC_PAGE.</p><p><img class="aligncenter size-full wp-image-97775 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-8.png&quot; alt="" width="1503" height="635" /></p><p>Now, let’s evaluate these logs. For brevity, I only include a few logs and have redacted them for readability. Here’s the log from when I triggered the event:</p><pre class="language-json">{ "resource_arn": "arn:aws:events:us-east-1:123:event-bus/demo-logging", "message_timestamp_ms": 1751608776896, "event_bus_name": "demo-logging",// REDACTED FOR BREVITY // "message_type": "EVENT_RECEIPT", "log_level": "TRACE", "details": { "caller_account_id": "123", "source_time_ms": 1751608775000, "source": "ecommerce.orders", "detail_type": "Order Placed", "resources": [], "event_detail": "REDACTED FOR BREVITY" }}</pre><p>Here’s the log when the event was successfully invoked:</p><pre class="language-json">{ "resource_arn": "arn:aws:events:us-east-1:123:event-bus/demo-logging", "message_timestamp_ms": 1751608777091, "event_bus_name": "demo-logging",// REDACTED FOR BREVITY // "message_type": "INVOCATION_SUCCESS", "log_level": "INFO", "details": {// REDACTED FOR BREVITY // "total_attempts": 1, "final_invocation_status": "SUCCESS", "ingestion_to_start_latency_ms": 105, "ingestion_to_complete_latency_ms": 183, "ingestion_to_success_latency_ms": 183, "target_duration_ms": 53, "target_response_body": "&lt;REDACTED FOR BREVITY&gt;", "http_status_code": 202 }}</pre><p>The additional log entries include rich metadata that makes troubleshooting straightforward. For example, on a successful event, I can see the latency timing from starting to completing the event, duration for the target to finish processing, and HTTP status code.</p><p><strong>Debugging failures with complete event lifecycle tracking<br /></strong>The benefit of EventBridge logging becomes apparent when things go wrong. To test failure scenarios, I intentionally misconfigure a Lambda function’s permissions and change the rule to point to a different Lambda function without proper permissions.</p><p><img class="aligncenter size-full wp-image-97776 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/04/2025-news-evb-logging-9.png&quot; alt="" width="1529" height="726" /></p><p>The attempt failed with a permanent failure due to missing permissions. The log shows it’s a <code>FIRST</code> attempt that resulted in <code>NO_PERMISSIONS</code> status.</p><pre class="language-json">{ "message_type": "INVOCATION_ATTEMPT_PERMANENT_FAILURE", "log_level": "ERROR", "details": { "rule_arn": "arn:aws:events:us-east-1:123:rule/demo-logging/demo-order-placed", "role_arn": "arn:aws:iam::123:role/service-role/Amazon_EventBridge_Invoke_Lambda_123", "target_arn": "arn:aws:lambda:us-east-1:123:function:demo-evb-fail", "attempt_type": "FIRST", "attempt_count": 1, "invocation_status": "NO_PERMISSIONS", "target_duration_ms": 25, "target_response_body": "{\"requestId\":\"a4bdfdc9-4806-4f3e-9961-31559cb2db62\",\"errorCode\":\"AccessDeniedException\",\"errorType\":\"Client\",\"errorMessage\":\"User: arn:aws:sts::123:assumed-role/Amazon_EventBridge_Invoke_Lambda_123/db4bff0a7e8539c4b12579ae111a3b0b is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:123:function:demo-evb-fail because no identity-based policy allows the lambda:InvokeFunction action\",\"statusCode\":403}", "http_status_code": 403 }}</pre><p>The final log entry summarizes the complete failure with timing metrics and the exact error message.</p><pre class="language-json">{ "message_type": "INVOCATION_FAILURE", "log_level": "ERROR", "details": { "rule_arn": "arn:aws:events:us-east-1:123:rule/demo-logging/demo-order-placed", "role_arn": "arn:aws:iam::123:role/service-role/Amazon_EventBridge_Invoke_Lambda_123", "target_arn": "arn:aws:lambda:us-east-1:123:function:demo-evb-fail", "total_attempts": 1, "final_invocation_status": "NO_PERMISSIONS", "ingestion_to_start_latency_ms": 62, "ingestion_to_complete_latency_ms": 114, "target_duration_ms": 25, "http_status_code": 403 }, "error": { "http_status_code": 403, "error_message": "User: arn:aws:sts::123:assumed-role/Amazon_EventBridge_Invoke_Lambda_123/db4bff0a7e8539c4b12579ae111a3b0b is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:123:function:demo-evb-fail because no identity-based policy allows the lambda:InvokeFunction action", "aws_service": "AWSLambda", "request_id": "a4bdfdc9-4806-4f3e-9961-31559cb2db62" }}</pre><p>The logs provide detailed performance metrics that help identify bottlenecks. The <code>ingestion_to_start_latency_ms: 62</code> shows the time from event ingestion to starting invocation, while <code>ingestion_to_complete_latency_ms: 114</code> represents the total time from ingestion to completion. Additionally, <code>target_duration_ms: 25</code> indicates how long the target service took to respond, helping distinguish between EventBridge processing time and target service performance.</p><p>The error message clearly states what failed, <code>lambda:InvokeFunction action</code>, why it failed, (<code>no identity-based policy allows the action</code>), which role was involved (<code>Amazon_EventBridge_Invoke_Lambda_1428392416</code>), and which specific resource was affected, which was indicated by the Lambda function Amazon Resource Name (ARN).</p><p><strong>Debugging API Destinations with EventBridge Logging<br /></strong>One particular use case that I think EventBridge logging capability will be helpful is to debug issues with API destinations. <a href="https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html?trk=c4ea046f-18ad-4d23-a1ac-cdd1267f942c&amp;amp;sc_channel=el&quot;&gt;EventBridge API destinations</a> are HTTPS endpoints that you can invoke as the target of an event bus rule or pipe. HTTPS endpoints help you to route events from your event bus to external systems, software-as-a-service (SaaS) applications, or third-party APIs using HTTPS calls. They use connections to handle authentication and credentials, making it easy to integrate your event-driven architecture with any HTTPS-based service. </p><p>API destinations are commonly used to send events to external HTTPS endpoints and debugging failures from the external endpoint can be a challenge. These problems typically stem from changes to the endpoint authentication requirements or modified credentials.</p><p>To demonstrate this debugging capability, I intentionally configured an API destination with incorrect credentials in the connection resource.</p><p><img class="aligncenter size-full wp-image-97983 c6" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/07/09/2025-news-evb-logging-10.png&quot; alt="" width="1872" height="760" /></p><p>When I send an event to this misconfigured endpoint, the enhanced logging shows the root cause of this failure.</p><pre class="lang-json">{ "resource_arn": "arn:aws:events:us-east-1:123:event-bus/demo-logging", "message_timestamp_ms": 1750344097251, "event_bus_name": "demo-logging", //REDACTED FOR BREVITY//, "message_type": "INVOCATION_FAILURE", "log_level": "ERROR", "details": { //REDACTED FOR BREVITY//, "total_attempts": 1, "final_invocation_status": "SDK_CLIENT_ERROR", "ingestion_to_start_latency_ms": 135, "ingestion_to_complete_latency_ms": 549, "target_duration_ms": 327, "target_response_body": "", "http_status_code": 400 }, "error": { "http_status_code": 400, "error_message": "Unable to invoke ApiDestination endpoint: The request failed because the credentials included for the connection are not authorized for the API destination." }}</pre><p>The log provides immediate clarity about the failure. The target_arn shows this involves an API destination, the <code>final_invocation_status</code> indicates <code>SDK_CLIENT_ERROR</code>, and the <code>http_status_code</code> of <code>400</code> , which points to a client-side issue. Most importantly, the <code>error_message</code> explicitly states that: <code>Unable to invoke ApiDestination endpoint: The request failed because the credentials included for the connection are not authorized for the API destination.</code></p><p>This complete log sequence provides useful debugging insights because I can see exactly how the event moved through EventBridge — from event receipt, to ingestion, to rule matching, to invocation attempts. This level of detail eliminates guesswork and points directly to the root cause of the issue.</p><p><strong>Additional things to know<br /></strong>Here are a couple of things to note:</p><ul><li><strong>Architecture support</strong> – Logging works with all EventBridge features including custom event buses, partner event sources, and API destinations for HTTPS endpoints.</li><li><strong>Performance impact</strong> – Logging operates asynchronously with no measurable impact on event processing latency or throughput.</li><li><strong>Pricing</strong> – You pay standard Amazon S3, Amazon CloudWatch Logs or Amazon Data Firehose pricing for log storage and delivery. EventBridge logging itself incurs no additional charges. For details, visit the <a href="https://aws.amazon.com/eventbridge/pricing/?trk=c4ea046f-18ad-4d23-a1ac-cdd1267f942c&amp;amp;sc_channel=el&quot;&gt;Amazon EventBridge pricing page</a> .</li><li><strong>Availability</strong> – Amazon EventBridge logging capability is available in all AWS Regions where EventBridge is supported.</li><li><strong>Documentation</strong> — For more details, refer to the <a href="https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-monitoring.html?trk=c4ea046f-18ad-4d23-a1ac-cdd1267f942c&amp;amp;sc_channel=el&quot;&gt;Amazon EventBridge monitoring and debugging Documentation</a>.</li></ul><p>Get started with Amazon EventBridge logging capability by visiting the <a href="https://console.aws.amazon.com/events/?trk=c4ea046f-18ad-4d23-a1ac-cdd1267f942c&amp;amp;sc_channel=el&quot;&gt;EventBridge console</a> and enabling logging on your event buses.</p><p>Happy building!<br />— <a href="https://www.linkedin.com/in/donnieprakoso&quot;&gt;Donnie&lt;/a&gt; </p></section><aside id="Comments" class="blog-comments"><div data-lb-comp="aws-blog:cosmic-comments" data-env="prod" data-content-id="5847430d-23c0-4723-93e1-b67a80938578" data-title="Monitor and debug event-driven applications with new Amazon EventBridge logging" data-url="https://aws.amazon.com/blogs/aws/monitor-and-debug-event-driven-applications-with-new-amazon-eventbridge-logging/&quot;&gt;&lt;p data-failed-message="Comments cannot be loaded… Please refresh and try again.">Loading comments…</p></div></aside>