# eb-event-management Part of **EB** # EventBridge Event Management Troubleshooting Guide ## Problem Index | Problem | Symptom | Severity | Solution Summary | |--------|--------|---------|------------------| | Unauthorized Operation (403) | `403: You are not authorized to perform the operation` | High | Assign required RAM policy or activate EventBridge service | | Invalid Event Bus Configuration (409) | `409: The event bus already exists` or `custom event bus cannot be named default` | Medium | Use unique name; avoid reserved names like "default" for custom buses | | Event Publishing Limits Exceeded (400) | `400: Maximum number of events in batch exceeded` or `event body too large` | Medium | Reduce batch size or event payload size per API limits | | Service Not Activated (403) | `403: You have not activated the EventBridge service` | High | Activate EventBridge in the console before use | | Request Throttling (429) | `429: Excessive requests trigger throttling. Try again later.` | Medium | Implement exponential backoff or reduce request rate | ## Problem Details ### Problem 1: Unauthorized Operation (HTTP 403) **Symptoms** - Error message: `403: You are not authorized to perform the operation` - Error message: `403: The RAM user is not authorized to perform the operation` - Error message: `403: You are not authorized to access the default event bus` - Behavior: API calls fail with 403 even with valid credentials - Context: Occurs during event publishing, rule creation, or target management **Root Cause** This error occurs when the calling identity (RAM user, role, or STS token) lacks the necessary permissions to perform the requested action on EventBridge resources. Common causes include: - Missing RAM policy granting EventBridge actions - Attempting to access the default event bus without proper permissions - Using an expired or invalid STS token - Trying to operate in a region where the account is restricted **Solution** 1. Verify that EventBridge is activated for your account in the target region via the console. 2. Attach a RAM policy that includes required EventBridge permissions. Example policy snippet: ```json { "Version": "1", "Statement": [ { "Effect": "Allow", "Action": "eventbridge:*", "Resource": "*" } ] } ``` 3. If using STS temporary credentials, ensure they are valid and not expired. 4. Confirm you are operating in a supported region by checking the [EventBridge region endpoints](https://www.alibabacloud.com/help/en/eventbridge/latest/regions-and-endpoints). **Verification** - Run a test API call such as listing event buses: ```bash aliyun eventbridge ListEventBuses --RegionId ``` - Expected result: Returns a list of event buses without error. ### Problem 2: Invalid Event Bus Configuration (HTTP 409) **Symptoms** - Error message: `409: The event bus already exists` - Error message: `409: The custom event bus cannot be named default` - Error message: `409: The name of the event bus is empty` - Behavior: CreateEventBus API fails during setup **Root Cause** Event bus names must adhere to strict naming rules: - Must be unique within the account and region - Cannot be "default" for custom event buses (reserved for system use) - Cannot be empty or contain invalid characters **Solution** 1. Choose a unique name that does not conflict with existing event buses. 2. Avoid using "default" as a name for custom event buses. 3. Ensure the name follows naming conventions (typically alphanumeric with hyphens/underscores, 1–64 characters). 4. Before creating, check existing buses: ```bash aliyun eventbridge ListEventBuses --RegionId ``` **Verification** - After choosing a valid name, retry the create operation: ```bash aliyun eventbridge CreateEventBus --EventBusName my-custom-bus --RegionId ``` - Expected result: Returns success with event bus ARN. ### Problem 3: Event Publishing Limits Exceeded (HTTP 400) **Symptoms** - Error message: `400: The maximum number of events that can be batch published has been reached` - Error message: `400: The maximum size of a single event body has been reached` - Error message: `400: The event input is empty` - Behavior: PutEvents API fails when sending multiple or large events **Root Cause** EventBridge enforces quotas on: - Maximum batch size: 10 events per PutEvents request - Maximum event size: 256 KB per event - Non-empty event content required These limits are defined in the service quotas documentation. **Solution** 1. Split large batches into chunks of ≤10 events. 2. Ensure each event is ≤256 KB in size (including headers and metadata). 3. Validate that event bodies are not empty and conform to CloudEvents 1.0 specification. 4. Example: Reduce batch size in code: ```python # Pseudocode: split events into batches of 10 for i in range(0, len(events), 10): batch = events[i:i+10] client.put_events(Entries=batch) ``` **Verification** - Monitor API responses for successful delivery (entries with `EventId`). - Use EventBridge monitoring or event tracking to confirm delivery. ### Problem 4: Service Not Activated (HTTP 403) **Symptoms** - Error message: `403: You have not activated the EventBridge service` - Error message: `403: The service is not activated` - Behavior: All EventBridge API calls fail with 403 on first use **Root Cause** EventBridge requires explicit activation before use, even if other Alibaba Cloud services are active. **Solution** 1. Log in to the Alibaba Cloud console. 2. Navigate to **EventBridge** > **Overview**. 3. Click **Activate Now** if prompted. 4. Wait for activation confirmation (usually immediate). **Verification** - After activation, run: ```bash aliyun eventbridge ListEventBuses --RegionId ``` - Expected result: Returns at least the "default" event bus. ### Problem 5: Request Throttling (HTTP 429) **Symptoms** - Error message: `429: Excessive requests trigger throttling. Try again later.` - Behavior: Intermittent API failures under high load **Root Cause** EventBridge enforces request rate limits per account per region. Exceeding these triggers automatic throttling. **Solution** 1. Implement retry logic with exponential backoff: ```python import time import random def put_events_with_backoff(events, max_retries=5): for attempt in range(max_retries): try: return client.put_events(Entries=events) except ThrottlingException: delay = (2 ** attempt) + random.uniform(0, 1) time.sleep(delay) raise Exception("Max retries exceeded") ``` 2. Reduce request frequency or distribute load across time. 3. Monitor usage against quotas in the console. **Verification** - Observe reduced error rates after implementing backoff. - Check CloudMonitor metrics for `ThrottledRequests`. ## FAQ **Q: How do I check if EventBridge is activated for my account?** A: Go to the EventBridge console. If you see an "Activate Now" button or receive a 403 error stating the service is not activated, you need to activate it first. Once activated, you’ll see the default event bus listed. **Q: What RAM permissions are required to publish events to the default event bus?** A: You need the `eventbridge:PutEvents` permission. A minimal policy includes: ```json { "Version": "1", "Statement": [{ "Effect": "Allow", "Action": "eventbridge:PutEvents", "Resource": "acs:eventbridge:*:*:eventbus/default" }] } ``` **Q: How can I debug why an event isn’t matching a rule?** A: Use the **Event Tracking** feature in the EventBridge console. It shows the event processing path, including whether it matched any rules, which targets were selected, and delivery status. Ensure your event’s `source`, `type`, and data fields match the rule’s filter pattern exactly. **Q: What are the common causes of 400 errors when creating event rules?** A: Common causes include: empty rule name, invalid event pattern syntax, missing event source or target, unsupported event type, or exceeding the maximum number of rules per event bus (check service limits). Always validate rule parameters before submission. **Q: How do I enable detailed logging for EventBridge operations?** A: EventBridge integrates with ActionTrail for audit logging. Enable ActionTrail in your region to log all API calls. Additionally, use **Event Tracing** to monitor event flow and delivery status in real time through the console.