3

What I am trying to do is send an event from a different AWS account to my account which contains the eventbus.

For that I am trying to attach a role/policy to EventBus but I am not able to. I tried to use grantPutEvents but no luck there too. How to do this? (add/attach a Policy)

Also if I attach policy with Principal as account ID of the other AWS account and resource as the ARN of the EventBus, Will this allow me to send events ? Or do I need to do something more?

Samarth Desai
  • 31
  • 2

2 Answers2

6

I know this thread is pretty old and you probably meanwhile found a solution by yourself, but I just wanted to leave my solution for everyone else encountering this issue especially because I didnt find any other information about this on the internet.

I was able to add a "Resource-based policy" entry by using the base CfnEventBusPolicy class and referencing the corresponding bus by its name:

const defaultBus = event.EventBus.fromEventBusName(this, 'default-bus', 'default');
new event.CfnEventBusPolicy(this, 'xaccount-policy', {
        statementId: 'AllowXAccountPushEvents',
        action: 'events:PutEvents',
        eventBusName: defaultBus.eventBusName,
        principal: 'account-id-goes-here',
});
Demli95
  • 136
  • 1
  • 12
-1

You need:

  • sender account: an EventBridge rule for the sender event bus. rule's target is the event bus in the receiver account
  • receiver account: update receiver event bus resource-based policy, to allow sender account to put events

this link https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross-account.html should help you.

Chris Chen
  • 5,307
  • 4
  • 45
  • 49