Eventarc
Eventarc is the event router that ties the rest of this chapter together. It turns events from 90+ Google Cloud sources — Cloud Storage object created, BigQuery job finished, a Cloud Audit Log entry, a Pub/Sub message on a topic — into invocations of your Cloud Run, Cloud Functions, GKE, or Cloud Workflows workloads. Under the hood Eventarc rides on Pub/Sub, but it abstracts away the per-source plumbing and delivers events in the standard CloudEvents format.
The case for Eventarc is the case for an event router in general: instead of every service writing custom code to subscribe to and parse every source it cares about, one trigger declares the source-destination wiring and the platform delivers the right events to the right handler. The reduction in glue code is large.
Event-Driven Architecture on GCP
Eventarc is the practical entry point for event-driven architecture on Google Cloud. A trigger has three parts: a source (which service produces the event), filters (which subset of events from that source qualify), and a destination (which service receives the matched event). Once a trigger is in place, the workload runs on every matching event automatically — no polling, no manual Pub/Sub subscription setup per source, no parsing of provider-specific event formats.
Trigger Sources and Destinations
Eventarc ships in two editions. Eventarc Standard — the trigger model this page describes — supports two source categories: direct sources (Cloud Storage, Firestore, BigQuery, Cloud Build, Pub/Sub, third-party SaaS providers, and a handful of others — each emits its own native events to Eventarc), and Cloud Audit Logs sources (any service that writes to audit logs — effectively all of Google Cloud — can trigger events on log entries matching specific service names and method names). Eventarc Advanced adds a central message bus with enrollments, pipelines, event transformation, and a Publish API for ingesting custom and third-party events.
Destinations: Cloud Run services (HTTP receivers, most common), Cloud Functions (one-function handlers), GKE workloads (via the GKE Eventarc add-on), and Cloud Workflows (kick off an orchestration on every matching event).
CloudEvents Format
Eventarc delivers events in the CloudEvents format — a CNCF specification that wraps every event in a standard envelope (type, source, time, id, subject) plus a data payload specific to the source. Handlers parse the envelope the same way regardless of which service produced the event; only the data payload varies. This is what makes one handler able to react to events from many sources without rewriting parsing logic for each.
Filtering and Routing
Triggers support filters on event attributes — bucket name for Cloud Storage events, dataset for BigQuery events, method name for audit log events. Apply filters as tightly as possible. Without them, the handler receives every event from the source, must check whether each one is relevant, and pays the runtime and cost for events it ultimately ignores. A trigger that fires on "object created in this specific bucket with this specific prefix" is almost always what you actually want.
Eventarc vs Direct Pub/Sub
If only one source is involved and that source already publishes to Pub/Sub directly (Cloud Build, Cloud Scheduler, Firestore in some modes), a plain Pub/Sub subscription is the lighter-weight choice. Eventarc earns its place when you have multiple sources, want the CloudEvents abstraction, need audit-log triggers, or want destinations other than Pub/Sub-subscribers. For a single-source single-destination wiring with no filter complexity, Pub/Sub is fine. For everything more complex, Eventarc.
- Custom code to parse Cloud Audit Logs in a worker, when the Eventarc audit log trigger would deliver matching entries directly as CloudEvents.
- No filters on the trigger. The handler receives every event from the source, filters in code, and pays runtime cost on events it ultimately drops.
- Handler not idempotent. Eventarc inherits Pub/Sub's at-least-once delivery; duplicate events under transient failure are normal.
- Reading only the data payload and ignoring the CloudEvents envelope. The envelope carries the event id (for deduplication), the source, and the type — losing them makes debugging harder.
- Direct Pub/Sub subscriptions per source when a single Eventarc trigger would unify the wiring and add audit-log capability for free.
- Trigger destination without a retry policy. A 5xx from the destination means the event is retried, but without limits the retries can outlast the relevance of the event.
- Use Eventarc as the default for multi-source or audit-log-driven event flows. Reserve direct Pub/Sub subscriptions for single-source simple cases.
- Apply trigger filters as tightly as possible. Handlers should receive only events they will act on.
- Make every destination handler idempotent. Treat duplicate delivery as normal, not exceptional.
- Read the CloudEvents envelope fields (id, type, source, subject, time) — they carry context the data payload does not.
- Trigger destinations on Cloud Run with retry on 5xx and a dead letter target. Without it, transient destination failures lose events.
- Monitor trigger delivery error rate via Cloud Monitoring; alert when it crosses a threshold.
Knowledge Check
What does Eventarc do?
- Persists every event from every GCP service in a durable store for replay and audit, much like a long-retention message log that you query after the fact
- Routes events from 90+ Google Cloud sources to Cloud Run, Cloud Functions, GKE, or Cloud Workflows destinations, in the standard CloudEvents format
- Replaces Pub/Sub for all messaging on GCP; Pub/Sub is now deprecated in favor of Eventarc
- Executes your event-handler code on its own built-in compute, with no separate runtime needed
Why apply trigger filters as tightly as possible?
- Eventarc bills per filter rule and looser filters incur additional cost
- Without tight filters the handler receives every event from the source and must filter in code, paying runtime and cost on events it ultimately drops
- Filters are required for Eventarc to deliver events in the CloudEvents format at all; a loose filter forces the trigger to fall back to a raw, unstructured payload instead
- Tight filters bypass the at-least-once delivery guarantee for matching events
Why must Eventarc destination handlers be idempotent?
- CloudEvents delivery is exactly-once; idempotency is required only as a defensive habit
- Eventarc inherits Pub/Sub's at-least-once delivery — duplicate events under transient failure are part of normal operation
- Eventarc explicitly delivers every matching event exactly twice for redundancy by design, so the receiver must deduplicate each one on its own
- Idempotency is required to use Cloud Workflows as a destination; other destinations are unaffected
When does a direct Pub/Sub subscription beat an Eventarc trigger?
- Always — Eventarc is more expensive than Pub/Sub at every workload size
- For a single-source, single-destination wiring with no audit-log dependency and no multi-source unification needed — Pub/Sub is the lighter-weight choice
- When the destination is Cloud Run; Eventarc cannot deliver to Cloud Run
- When events must arrive in the standard CloudEvents envelope, since a raw Pub/Sub subscription is the only delivery path that emits CloudEvents and Eventarc does not
What is the most common reason teams choose Eventarc audit-log triggers over hand-rolled audit-log parsing?
- Audit-log triggers bypass IAM altogether and let the handler read log entries even for resources the workload's own service account has no permission to access
- Eventarc delivers matching log entries directly as CloudEvents — no Pub/Sub sink, no custom parsing, no per-log-field filtering code to maintain
- Audit-log triggers retain matching events for longer than the underlying log retention window
- Eventarc rewrites audit log entries to mask sensitive fields, which manual parsing does not do
You got correct