EventBridge encrypts all data at rest using AES-256 and KMS, and protects data in transit with TLS 1.2 — with no key management infrastructure required on your part.
Encryption at rest
EventBridge automatically encrypts all data and metadata stored in EventBridge at rest using 256-bit Advanced Encryption Standard (AES-256) and Key Management Service (KMS). Encryption is enabled by default, requires no configuration, and is free of charge. EventBridge manages the encryption keys through KMS, so you do not need to build or maintain your own key management infrastructure.
Encryption in transit
EventBridge uses server-side encryption to protect data during transmission. All traffic is encrypted using SSL and Transport Layer Security (TLS) 1.2, guarding against interception and tampering.
Whether TLS-encrypted transmission is applied depends on parameter values configured for specific triggers, such as the HTTP trigger and API destination trigger.