Well the title says it all. What I am trying to achieve:
- Have a Cloudwatch event rule checking for PutObject event in a Bucket from AWS Account X
- When the objects are stored in the S3 bucket, the state machine in AWS Account Y needs to be triggered
But it is not working. As far as I know, buckets are worldwide and not account wide, and accordingly the AWS documentation here https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-cloudwatch-events-s3.html we should only give the bucket name in the request parameters.
The bucket already contains a policy to give full access to this account where the Step Function state machine is, because the jobs I am running consist in getting data from that bucket, and that works fine. Only the trigger is not working.
My event pattern looks like this:
{
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"PutObject"
],
"requestParameters": {
"bucketName": [
"my-bucket-name"
]
}
}
}
Do I need some extra configuration?
NEW INFO:
I was forgetting something so I followed this tutorial: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html#WritingRulesThatMatchEventsFromAnotherAccount
- Added Cloudwatch event bus in account Y to give permissions to account X
- Modified the Cloudwatch event rule pattern in account Y to add this
"account": ["account X number"]
- In account X, I created a Cloudwatch event rule with the same pattern (matching the other account) but with a different target: Event bus in another AWS account. And there I put the account Y number.
But for some reason the step function in account Y is not being triggered...
