Stream Logs to Amazon EventBridge
Amazon EventBridge is a serverless event bus that acts as an intermediary allowing you to send data from your applications to Amazon Web Services (AWS). You can create an event-driven workflow using EventBridge to send your Auth0 tenant logs to the targets of your choice, such as AWS EC2 instances, Lambda functions, Kinesis streams, and ECS tasks.
To send Auth0 events to Amazon EventBridge, you will need to:
Configure the Auth0 event stream.
Configure an EventBridge partner event bus that matches incoming events with the routes to which they should be targeted.
Create a rule to route incoming events to your choice of AWS service.
Configure the Auth0 event stream
Go to Dashboard > Monitoring > Streams and click Create Stream.
Select Amazon EventBridge and enter a unique name for your new stream.
Configure the event source by providing your AWS Account ID and AWS Region. Note that the region you select must match the region in which your AWS EventBridge resides.
Click Save. Auth0 provides an Event Source Name. Copy and save it to provide to AWS to complete the configuration.
Configure event bus in AWS
Go to the Amazon EventBridge partners tab in your AWS account, and make sure you are in the AWS Region where the event source was created.
Paste the Event Source Name in the event source search box to find the newly-created Event Source, and click on it to associate it with an Event Bus. The Event Source will remain in a pending state until it gets associated with an Event Bus, and all the events sent to that Event Source will be dropped.
Once you click on the Event Source, click Associate with Event Bus.
Name the Event Bus the same name as the Event Source. At this point, you can specify permissions for this Event Bus or simply associate it.
Create EventBridge rules
At this point, the events that you send are available on your event bus. However, before you can use the data you send to AWS services, you must create rules that map those events to specific targets.
Amazon EventBridge uses rules, which specify how you want incoming events routed to the desired targets. Targets are the services, such as AWS EC2 instances, Lambda functions, Kinesis streams, or ECS tasks, that process the event-driven data that they receive. Data received by targets are JSON-formatted.
A single rule can route to one or more targets (if there are more than one, AWS processes all in parallel).
Go to the EventBridge page, and click Create rule.
Provide the name of the Event Bus, and specify your targets.
As soon as Auth0 writes the next tenant log, you should see a copy of the log Auth0 has written in JSON format at the target you defined in your EventBridge rule. To learn more, read Check Log Stream Health.
Delivery attempts and retries
Auth0 events are delivered to AWS via a streaming mechanism that sends each event as it is triggered in our system. If EventBridge is unable to receive the event, we will retry up to 3 times to deliver the event; otherwise, we will log the failure, and you will see the failure in the Health tab for your log stream.