'Attach Policy to EventBus using CDK and send cross-account events to Eventbus
What I am trying to do is send an event from a different AWS account to my account which contains the eventbus.
For that I am trying to attach a role/policy to EventBus but I am not able to. I tried to use grantPutEvents but no luck there too. How to do this? (add/attach a Policy)
Also if I attach policy with Principal as account ID of the other AWS account and resource as the ARN of the EventBus, Will this allow me to send events ? Or do I need to do something more?
amazon-web-servicesSolution 1:[1]
You need:
- sender account: an EventBridge rule for the sender event bus. rule's target is the event bus in the receiver account
- receiver account: update receiver event bus resource-based policy, to allow sender account to put events
this link https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross-account.html should help you.
Solution 2:[2]
I know this thread is pretty old and you probably meanwhile found a solution by yourself, but I just wanted to leave my solution for everyone else encountering this issue especially because I didnt find any other information about this on the internet.
I was able to add a "Resource-based policy" entry by using the base CfnEventBusPolicy class and referencing the corresponding bus by its name:
const defaultBus = event.EventBus.fromEventBusName(this, 'default-bus', 'default');
new event.CfnEventBusPolicy(this, 'xaccount-policy', {
statementId: 'AllowXAccountPushEvents',
action: 'events:PutEvents',
eventBusName: defaultBus.eventBusName,
principal: 'account-id-goes-here',
});
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Chris Chen |
| Solution 2 | Demli95 |