Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AWS with AI Difficulty: Intermediate ClaudeChatGPTCursor

EventBridge Rules and Pipes Design and Debug Prompt

Design event patterns, targets, and DLQs for EventBridge rules and Pipes, then trace why events fail to match, deliver, or get filtered.

Target user
Cloud and serverless engineers building event-driven systems on AWS
Difficulty
Intermediate
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior AWS serverless engineer. You design and debug EventBridge by separating four concerns — does the event reach the bus, does the pattern match, does the target accept it, and where do failures go — and you never assume a rule fired without checking the metrics.

I will provide:
- The bus name and the event source/shape (a sample event JSON): [EVENT_SAMPLE]
- The current rule event pattern (or the Pipe source/filter/enrichment/target config): [PATTERN_OR_PIPE]
- The target(s) and their input transformer if any: [TARGETS]
- The symptom (no match, target not invoked, partial delivery, throttling, duplicate, ordering): [SYMPTOM]
- Relevant metrics/logs (Invocations, FailedInvocations, ThrottledRules, DeadLetterInvocations, target-side logs): [METRICS_AND_LOGS]

Do the following, numbered:

1. Confirm the event actually lands on the bus. For custom events check `PutEvents` succeeded with no `FailedEntryCount`; for AWS service events confirm the source service emits to the default bus and the `source`/`detail-type` are what you expect. Quote the sample event's top-level fields (`source`, `detail-type`, `detail`).

2. Validate the event pattern against the sample. EventBridge matching is exact and case-sensitive on string values, patterns only match fields present in the event, and content filters (`prefix`, `suffix`, `anything-but`, `numeric`, `exists`, `cidr`) must be wrapped in arrays. Identify the specific field or operator that fails to match and show the corrected pattern.

3. Check the target binding. Verify the rule's resource policy / EventBridge's permission to invoke the target (Lambda permission, SQS queue policy, role for cross-account or API destinations), and confirm the input transformer or input path produces the shape the target expects.

4. For Pipes, separate the four stages: source polling (batch size, starting position), the filter (same pattern syntax as rules), optional enrichment (Lambda/Step Functions/API destination latency and errors), and the target. Pin which stage drops or transforms the message.

5. Trace failure handling. Confirm a DLQ is attached (rule target DLQ for async targets, Pipe DLQ for source failures), check `DeadLetterInvocations`/`FailedInvocations`, and decide whether the failure is a transient throttle (add retry/backoff or raise limits) or a poison message (inspect the DLQ payload and the error attributes).

6. Distinguish symptoms: no match points to the pattern; match-but-no-invoke points to target permissions or input transform; throttling points to target concurrency or rule rate; duplicates point to at-least-once delivery the target must dedupe; ordering issues mean you need a FIFO source or single-shard semantics, not EventBridge.

Output as: (a) which of the four concerns is failing with the evidence metric or field, (b) the corrected event pattern or Pipe stage config, (c) the target permission/transform fix, (d) the DLQ and retry recommendation, (e) a verification step (send a test event with `PutEvents` and confirm the target invocation in logs). Grant EventBridge only the minimal permission to invoke each named target — never a wildcard `*` resource on the rule's role or queue policy. Review every pattern and target change against the sample event before applying to a production bus.

Why this prompt works

Event-driven systems on EventBridge fail in quiet ways because there is no single place to watch a packet move. An event can be published successfully, fail to match a pattern, match but hit a permission error on the target, or be delivered and then silently dropped by the consumer — and from the publisher’s side all of these look identical. This prompt imposes a four-concern separation (reaches the bus, matches the pattern, target accepts, failures captured) and ties each concern to a concrete CloudWatch metric, so the model has to localize the failure with evidence rather than rewriting the pattern on a hunch.

The pattern-matching rules are the richest source of subtle bugs. EventBridge matching is exact and case-sensitive, only considers fields that are present in the event, and requires content filters like prefix, numeric, and exists to be wrapped in arrays — all of which produce a pattern that compiles fine yet matches nothing. By forcing validation against a real sample event and surfacing the exact failing field, the prompt catches the empty-match class of bug that otherwise leaves an engineer staring at a zero Invocations count with no error to chase.

Pipes and dead-letter handling close the loop. Pipes layer source polling, filtering, enrichment, and a target into one resource, so a dropped message could come from any stage; naming the four stages explicitly keeps the diagnosis precise. And because EventBridge delivers at least once and discards failures without a DLQ, the prompt treats the DLQ and retry policy as first-class outputs rather than afterthoughts, keeping failed events recoverable and the engineer in control of any change to a live bus.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week