Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[aws-events-targets] add a target for a cross-account eventbus

See original GitHub issue

I would like a “CrossAccountEventBus” target in aws_events_targets that allows me to forward events to the default eventbus of a different account.

I did see https://docs.aws.amazon.com/cdk/api/latest/docs/aws-events-readme.html#cross-account-targets - but this seems to make changes in the target account which doesn’t work in my case.

Use Case

I have a target account where the default eventbus has already been configured with a policy accept forwarded events, I would like to create a rule that targets this cross-account eventbus.

Proposed Solution

A target in aws_events_targets (like https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-events-targets.SnsTopic.html) but that only has an ARN property.

Other

I’m opening this feature request as was recommended to another commenter here: #2850

I’m currently working around this by using the CfnRule, but this is a bit of a bummer as I can use the very handy .on_xxx methods.

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

State:
Created 3 years ago
Reactions:9
Comments:9 (4 by maintainers)

Top GitHub Comments

2reactions

hlascellescommented, Jan 20, 2021

I have implemented this as follows. It works well for me…

import { RuleTargetConfig } from "@aws-cdk/aws-events";
import { IRule } from "@aws-cdk/aws-events/lib/rule-ref";
import { Effect, PolicyStatement, Role, ServicePrincipal } from "@aws-cdk/aws-iam";
import { ServicePrincipals } from "cdk-constants";

const targetAccountId = "123456789009";
const targetAccountDefaultBus = `arn:aws:events:eu-west-1:${targetAccountId}:event-bus/default`;
const publishingRole = new Role(this, "PublishingRole", {
  assumedBy: new ServicePrincipal(ServicePrincipals.EVENTS)
});
publishingRole.addToPolicy(
  new PolicyStatement({
    effect: Effect.ALLOW,
    resources: [targetAccountDefaultBus],
    actions: [
      "events:PutEvents"
    ]
  })
);

// This rule captures authentication events and sends it to the 
// default EventBridge bus in the other account
const rule = new Rule(this, "EventRule", {
  description: "Captures events",
  ruleName: "EventRule",
  enabled: true,
  eventPattern: {
    source: ["aws.someservice"]
  }
});

rule.addTarget({
  bind(_rule: IRule, generatedTargetId: string): RuleTargetConfig {
    return {
      arn: targetAccountDefaultBus,
      id: generatedTargetId,
      role: publishingRole
    };
  }
});

Don’t forget to also log into the target account and set the default bus to permit submissions from the origin account (or Organisation as a whole).

Have a go, see if it works out for you. Be good to get a formal version though too…

1reaction

shaleenmundracommented, Feb 5, 2021

I used the below to send event to a different account’s default bus. I was setting up the event on step function status change to SUCCEEDED

import {CfnRule} from "@aws-cdk/aws-events";
import TargetProperty = CfnRule.TargetProperty;

const targetProperty: TargetProperty = {
            id: `CrossAccountTarget`,
            arn: `arn:aws:events:<region>:<targetAccountId>:event-bus/default`,
        }
const cfnRuleCrossAccount = new CfnRule(this, `CrossAccountRule`, {
            description: "Cross Account rule to send event to different AWS Account",
            state: "ENABLED",
            targets: [targetProperty],
            eventPattern: {
                "source": [
                    "aws.states"
                ],
                "detail-type": [
                    "Step Functions Execution Status Change"
                ],
                "detail": {
                    "status": [
                        "SUCCEEDED"
                    ]
                }
            }
        });

You just have to create a targetProperty and give the arn of target event bus. Then create a CfnRule and supply it the targetProperty as targets prop

Top Results From Across the Web

Sending and receiving Amazon EventBridge events between ...

You can send and receive events between event buses in AWS accounts within the same Region in all Regions and between accounts in...

AWS Cross-Account Messaging using EventBridge - Medium

Targets : Targets take care of the processing of an event routed to it. The events are received in JSON format. Targets can...

How to use EventBridge as a Cross-Account Event Backbone

With EventBridge, you can create a Rule with any other EventBridge bus as a target. This bus can be in a different account....

Amazon EventBridge targets - 亚马逊云科技

A target is a resource or endpoint that EventBridge sends an event to when the event matches the event pattern defined for a...

aws_cloudwatch_event_target | Resources | hashicorp/aws

Browse aws documentation. aws documentation. aws provider ... EventBridge was formerly known as CloudWatch Events. ... Cross-Account Event Bus target.