0

We heavily rely on AWS EventBridge in our (cross-accounts) organization to connect pieces of our infrastructure, we recently noticed that our events were not being shared across accounts starting on Tuesday's 6th of April.

After troubleshooting this issue, we realized that the issue did not come from us but most likely from AWS. Each of our accounts has an EventBridge bus with a Resource-based policy with a set of rules and conditions, one of the conditions we used was the following:

"Condition": {
   "StringEqualsIfExists": {
      "events:source": "com.domain.*"
   }
}

We have had to change the "StringEqualsIfExists" by "StringLike" and our connectivity issue appears to be resolved now.

Can anybody confirm whether this change was planned/announced?

I can't imagine the impact this might have had on our infrastructure if we used this condition for production-critical flows.

Q: Why have you used StringEqualsIfExists rather than StringLike?

A: We used the following official documentation

JBernales
  • 129
  • 1
  • 5
  • If it was "deprecated" it would still work, but the documentation would tell you to stop using it. I think you are asking if it was "removed". I still see it in the documentation, and I don't see any mention in the docs about it being deprecated. You should file a ticket with AWS support, or at least post on the AWS forums where an Amazon employee may be able to give a better answer. – Mark B Apr 07 '21 at 15:25
  • I recommend that you look in CloudTrail for some example events, both before and after the problem occurred, to verify that the field has indeed changed. I'll also note that, if you are in fact using `PutEvents`, _you_ are responsible for populating the `source` field. So if the field value has changed, I would first look for any code changes that you've pushed out. – Parsifal Apr 07 '21 at 16:30
  • Thanks for your comments, we will get in touch with AWS in order to be sure that we have correctly understood the root cause of the issue. I can confirm that we have not changed anything on our side regarding the type of events that we've passed or the resource-based policy of our EventBridges (CloudFormation templates). I will let you know if anything comes out of discussions with AWS. Thanks again! – JBernales Apr 07 '21 at 18:27

0 Answers0