PagerDuty Event Trigger


The PagerDuty Event trigger responds to various PagerDuty events, ensuring swift incident management and effective communication. When paired with an Action, it enables timely notifications and automated tasks to be run, streamlining incident resolution processes and optimizing team collaboration.

The trigger responds to PagerDuty events such as:

  • Incident acknowledged
  • Incident annotated
  • Incident assigned
  • Incident delegated
  • Incident resolved
  • Incident triggered
  • Incident unacknowledged

Before you begin

Before using the PagerDuty Event trigger, you must set up a PagerDuty Integration.

AWS account permissions

The PagerDuty Event trigger uses the following endpoints on AWS’s EventBridge API:

The GorillaStack cross-account role needs permission to use these endpoints.

Use of this trigger in a rule

The PagerDuty Event trigger will usually be used in a rule with the Notify on PagerDuty Event action, which generates formatted notifications based on selected events. However, it is possible to pair it with any action.


The trigger works by matching fields in a PagerDuty record event after it is received on the PagerDuty Event Bus.

The Match Expression is a JMESPath expression that will be evaluated against the event to determine if the trigger should fire. See the GorillaStack-maintained fork of the JMESPath specification for documentation.

The Match Expression is tested against any of the event fields, and it must evaluate to true in order to pass the evaluation. This means any value that is true when coerced to a boolean in JavaScript. For example:

  • null, undefined, empty string ('') and 0 are always converted to false
  • non-empty strings (including those with whitespace), empty arrays ([]), empty objects ({}) and non-zero numbers are converted to true

Use one of the example objects to get an idea of the event structure of a PagerDuty via PagerDuty event. Be aware that the PagerDuty event data is stored in the detail field of the PagerDuty event, and that the detail field must be specified in full to match against its fields.


Here are some example expressions that might be useful:

  • a PagerDuty incident was triggered

    detail.event == 'incident.trigger'

  • a PagerDuty incident affected a specific resource == 'name_of_resource'

  • a PagerDuty incident is critical

    detail.incident.status == 'critical'