Trigger a workflow with events or Pub/Sub messages
Stay organized with collectionsSave and categorize content based on your preferences.
You can use an Eventarc trigger to execute a workflow as a
result of an event or a set of events. The events are routed from an event
provider to interested event receivers.
Eventarc delivers events to the event receiver in the CloudEvents
format through an HTTP request. The Workflows service converts the
event to a JSON object (following theCloudEvents specification)
and passes the event into the workflow execution as aworkflow runtime argument.
An execution of your workflow is triggered:
When anaudit log is createdthat matches the trigger's filter criteria.
For example, see this quickstart in which you trigger Workflows
withevents from BigQuery using Cloud Audit Logs.
In response todirect eventssuch as an update to a Cloud Storage
bucket or an update to a Firebase Remote Config template. For example, see
this quickstart in which you trigger Workflows withdirect
events from Cloud Storage.
Bymessages published to a Pub/Sub topic. For example, see this
quickstart in which you trigger Workflows withPub/Sub messages.
Note the following:
Events are considered delivered as soon as the workflow execution starts, and
the actual execution takes place asynchronously in the Workflows
services.
Executions triggered by events are not retried if the workflow execution
starts, but later fails. For more information, see theEvent retry policy.
The Workflows deduplication window to ensure exactly-once
processing of events is 24 hours.
When using Workflows as the destination for an
Eventarc trigger, events larger than the maximum
Workflows argument size will fail to trigger workflow executions.
For more information, seeQuotas and limits.
In projects protected by a service perimeter, when routing events to
Workflows destinations for which the Pub/Sub
push endpoint is set to a Workflows execution, you can only
create new Pub/Sub push subscriptions through
Eventarc. Note that the service account used for push
authentication for the Workflows endpoint must be included in
the service perimeter. For more information, seeSet up a service perimeter using VPC Service Controls.
Create a trigger using the Google Cloud CLI
You can create a trigger by running agcloud eventarc triggers createcommand
along with required and optional flags.
Select a project and then clickCreate service account.
In theService account namefield, enter a name that is between 6 and
30 characters.
It can contain lowercase alphanumeric characters and
dashes. After you create a service account, you cannot change its name.
ClickCreate and continue.
Grant your new service account theworkflows.invokerrole so that the
account has permission to trigger your workflow. In theSelect a rolelist, selectWorkflows>Workflows Invoker.
Select theService accountthat invokes your workflow.
This specifies the IAM service account to which you
previously granted theworkflows.invokerrole so that the account has
permission to trigger your workflow.
ClickSave trigger.
The Eventarc trigger is listed on theTriggerstab of theWorkflows Detailspage.
If you want to update or delete the trigger, you must edit the workflow:
On theWorkflow Detailspage, clickeditEdit.
In theTriggerssection, find the trigger you want to update or
delete.
ClickeditEdit resourceordeleteDelete resource.
Your workflow execution is now triggered by the events that match your trigger's
filter criteria.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Trigger a workflow with events or Pub/Sub messages\n\nYou can use an Eventarc trigger to execute a workflow as a\nresult of an event or a set of events. The events are routed from an event\nprovider to interested event receivers.\n\nEventarc delivers events to the event receiver in the CloudEvents\nformat through an HTTP request. The Workflows service converts the\nevent to a JSON object (following the\n[CloudEvents specification](/eventarc/docs/workflows/cloudevents))\nand passes the event into the workflow execution as a\n[workflow runtime argument](/workflows/docs/passing-runtime-arguments).\n\nAn execution of your workflow is triggered:\n\n- When an **audit log is created** that matches the trigger's filter criteria. For example, see this quickstart in which you trigger Workflows with [events from BigQuery using Cloud Audit Logs](/eventarc/docs/workflows/quickstart-cal).\n- In response to **direct events** such as an update to a Cloud Storage bucket or an update to a Firebase Remote Config template. For example, see this quickstart in which you trigger Workflows with [direct\n events from Cloud Storage](/eventarc/docs/workflows/quickstart-storage).\n- By **messages published to a Pub/Sub topic** . For example, see this quickstart in which you trigger Workflows with [Pub/Sub messages](/eventarc/docs/workflows/quickstart-pubsub).\n\nNote the following:\n\n- Events are considered delivered as soon as the workflow execution starts, and\n the actual execution takes place asynchronously in the Workflows\n services.\n\n- Executions triggered by events are not retried if the workflow execution\n starts, but later fails. For more information, see the\n [Event retry policy](/eventarc/docs/overview#event_retry_policy).\n\n- The Workflows deduplication window to ensure exactly-once\n processing of events is 24 hours.\n\n- When using Workflows as the destination for an\n Eventarc trigger, events larger than the maximum\n Workflows argument size will fail to trigger workflow executions.\n For more information, see [Quotas and limits](/workflows/quotas).\n\n- In projects protected by a service perimeter, when routing events to\n Workflows destinations for which the Pub/Sub\n push endpoint is set to a Workflows execution, you can only\n create new Pub/Sub push subscriptions through\n Eventarc. Note that the service account used for push\n authentication for the Workflows endpoint must be included in\n the service perimeter. For more information, see\n [Set up a service perimeter using VPC Service Controls](/eventarc/docs/using-vpc-service-controls).\n\nCreate a trigger using the Google Cloud CLI\n-------------------------------------------\n\nYou can create a trigger by running a `gcloud eventarc triggers create` command\nalong with required and optional flags.\n\nFor more information, see the **gcloud** instructions in the \"Create a\ntrigger\" section when\n[creating a trigger for a specific provider, event type, and Workflows destination](/eventarc/docs/targets#triggers).\n\nCreate a trigger using the console\n----------------------------------\n\nThe following steps show you how to create a trigger on the\n**Workflows** page in the Google Cloud console.\n\n### Before you begin\n\n1.\n\n\n Enable the Eventarc and Pub/Sub APIs.\n\n\n [Enable the APIs](https://console.cloud.google.com/flows/enableapi?apiid=eventarc.googleapis.com,pubsub.googleapis.com)\n2. Create a [service account](/workflows/docs/authentication)\n so that Eventarc can make requests to the Workflows API:\n\n 1. In the Google Cloud console, go to the **Service Accounts** page.\n\n\n [Go to Service Accounts](https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts)\n\n \u003cbr /\u003e\n\n 2. Select a project and then click **Create service account**.\n\n 3. In the **Service account name** field, enter a name that is between 6 and\n 30 characters.\n\n It can contain lowercase alphanumeric characters and\n dashes. After you create a service account, you cannot change its name.\n 4. Click **Create and continue**.\n\n 5. Grant your new service account the\n [workflows.invoker](/workflows/docs/access-control#roles) role so that the\n account has permission to trigger your workflow. In the **Select a role**\n list, select **Workflows \\\u003e Workflows Invoker**.\n\n If you are developing a production app, always grant the least permissive roles\n possible. For more information, see\n [Manage access to projects, folders, and organizations](/iam/docs/granting-roles-to-service-accounts).\n 6. Click **Done**.\n\n3. To allow the principal that will run your Eventarc\n commands the ability to act as an Identity and Access Management (IAM) service\n account,\n [grant a role that allows the principal to impersonate the service account](/iam/docs/service-account-permissions#roles).\n\n### Configure the trigger\n\n1. If you don't already have a workflow that you want to trigger,\n [create and deploy one](/workflows/docs/creating-updating-workflow#creating_a_workflow).\n\n2. In the Google Cloud console, go to the **Workflows** page:\n\n\n [Go to Workflows](https://console.cloud.google.com/workflows)\n\n \u003cbr /\u003e\n\n3. On the Workflows page, select a workflow to go to its details\n page.\n\n4. On the **Workflow Details** page, click\n *edit* **Edit**.\n\n5. On the **Edit workflow** page, select **Add new trigger \\\u003e\n Eventarc**.\n\n The **Eventarc trigger** pane opens.\n6. Follow the instructions to\n [create a trigger for a specific provider, event type, and\n Workflows destination](/eventarc/standard/docs/event-providers-targets#triggers)\n and refer to the **Console** instructions in the \"Create a trigger\" section.\n\n7. Select the **Service account** that invokes your workflow.\n\n This specifies the IAM service account to which you\n previously granted the `workflows.invoker` role so that the account has\n permission to trigger your workflow.\n8. Click **Save trigger**.\n\n | **Note:** If you are updating an existing workflow, you do *not* need to redeploy the workflow. However, if you are creating a new workflow, you must also deploy the workflow.\n\n The Eventarc trigger is listed on the **Triggers**\n tab of the **Workflows Details** page.\n9. If you want to update or delete the trigger, you must edit the workflow:\n\n 1. On the **Workflow Details** page, click *edit* **Edit**.\n 2. In the **Triggers** section, find the trigger you want to update or delete.\n 3. Click *edit* **Edit resource** or *delete* **Delete resource**.\n\nYour workflow execution is now triggered by the events that match your trigger's\nfilter criteria.\n\nCreate a trigger using Terraform\n--------------------------------\n\nYou can create a trigger for a workflow using Terraform. For details, see\n[Trigger a workflow using Eventarc and Terraform](/eventarc/docs/creating-triggers-terraform).\n\nWhat's next\n-----------\n\n- [Learn more about Eventarc](/eventarc/docs/overview)"]]
