Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

aws-events: Unable to create CfnEventBusPolicy - Invalid Relative ID

See original GitHub issue

We are trying to create EventBus and corresponding EventBusPolicy using CDK. The CfnEventBus is created successfully. But when we try to create CfnEventBusPolicy, we get below error.

The relative-id "event-bus/my-custom-eventbus" is invalid for ARN "arn:aws:events:ap-southeast-2:123456789012:event-bus/my-custom-eventbus" (Service: AWSEvents; Status Code: 400; Error Code: ValidationException; Request ID: 0aef0c95-e415-441f-82bb-f3a6fdfc343d; Proxy: null)

Environment

CDK CLI Version: 1.100.0 (build d996c6d)
Module Version: 1.100.0
Node.js Version: v15.13.0
OS: macOS & Amazon Linux
Language (Version): Typescript 4.2.4

Other information

Stack

// Custom Event Bus
    const bus = new CfnEventBus(this, 'bus', { name: 'my-custom-eventbus });

    // Event Bus policy
    const busPolicy = new CfnEventBusPolicy(this, 'busPolicy', {
      statementId: 'crossAccountAccess',
      statement: {
        Effect: 'Allow',
        Principal: { AWS:["arn:aws:iam::123456789012:root", "arn:aws:iam::123456789013:root"] },
        Action: ['events:PutEvents'],
        Resource: bus.attrArn,
      },
    });
    busPolicy.node.addDependency(bus);

Issue Analytics

State:
Created 2 years ago
Comments:10 (4 by maintainers)

Top GitHub Comments

4reactions

peterwoodworthcommented, Apr 29, 2021

Hey @kheriox-technologies I actually found the issue here.

Cloudformation requires that the EventBusName property on CfnEventBusPolicy be defined when using the Statement property, as the default value for this is default.

Here’s my stack which successfully deploys:

    const bus = new events.CfnEventBus(this, 'bus', { name: 'my-custom-eventbus' });

    const busPolicy = new events.CfnEventBusPolicy(this, 'busPolicy', {
      statementId: 'crossAccountAccess',
      eventBusName: 'my-custom-eventbus',
      statement: {
        Effect: 'Allow',
        Principal: { AWS:["arn:aws:iam::123456789012:root", "arn:aws:iam::123456789013:root"]},
        Action: 'events:PutEvents',
        Resource: bus.attrArn,
      },
    });

0reactions

trademark18commented, Sep 6, 2022

Cloudformation requires that the EventBusName property on CfnEventBusPolicy be defined when using the Statement property, as the default value for this is default.

@peterwoodworth Thank you! This solution also is required for CloudFormation, in case anyone is wondering.

In short, if you’re using Statement you also need to specify EventBusName which is NOT documented by AWS. Here’s an example of a valid CloudFormation implementation:

MyCustomEventBus:
    Type: AWS::Events::EventBus
    Properties:
      Name: "MyCustomEventBus"
  
MyCustomEventBusPolicy:
  Type: AWS::Events::EventBusPolicy
  Properties:
    StatementId: ExternalAccountPutEventsPolicy
    EventBusName: !GetAtt MyCustomEventBus.Name # You need this...
    Statement: 
      Effect: Allow
      Principal:
        AWS: !Split [ ',', !Ref CommaDelimitedAccountList ]
      Action:
        - events:PutEvents
      Resource: !GetAtt MyCustomEventBus.Arn # if you have this.