By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I set up centralized bus-to-bus routing with EventBridge?

4 minute read
0

I want to route events from across AWS Regions to a centralized event bus. Or, I want to route events from my different AWS accounts to a centralized event bus.

Short description

Amazon EventBridge has two types of routing:

  • Cross-Region events: The event bus in the source Region sends events to an event bus in the destination Region in the same account.
  • Cross-account events: The event bus in the source account sends events to an event bus in a destination account.

Resolution

Route cross-Region events

Configure the event bus ARN as a target for an event rule in the source Region. Then, configure your destination Region to receive events from the source Region.

Configure the source Region

To send events to an event bus in the destination Region, complete the following steps in your source Region:

1.    Define the rule and build the event pattern.

2.    For Target type, choose EventBridge event bus. Then, choose Event bus in a different account or Region.

3.    Enter the ARN of the event bus from the destination Region.

4.    For Execution role, choose Create a new role for this specific resource or Use existing role.

5.    Attach the following policies to the new or existing AWS Identity and Access Management (IAM) role:

Example IAM permissions policy

{  
    "Version": "2012-10-17",  
    "Statement": [{  
        "Effect": "Allow",  
        "Action": [  
            "events:PutEvents"  
        ],  
        "Resource": [  
            "arn:aws:events:<destination-region>:<accountid>:event-bus/bus-name"  
        ]  
    }]  
}

Note: In the preceding policy, the ARN that you specify is the ARN of the event bus from the destination Region.

Example trust relationship policy

{  
    "Version": "2012-10-17",  
    "Statement": [{  
        "Effect": "Allow",  
        "Principal": {  
            "Service": "events.amazonaws.com"  
        },  
        "Action": "sts:AssumeRole"  
    }]  
}

6.    (Optional) Configure tags.

7.    Review the details for the new rule, and then choose Create rule.

Configure the destination Region

Complete the following steps in your destination Region:

  1. Define the rule and build the event pattern.
  2. For Target type, choose API destination or AWS service.
  3. (Optional) For Additional settings, specify settings for your target type. For more information, see step 3 in Select targets.
  4. (Optional) Configure tags.
  5. Review the details for the new rule, and then choose Create rule.

Any events that match the event rule now route from the source Region to the event bus on the destination Region.

Route cross-account events

Configure the event bus ARN as a target on the destination account for the event rule on the source account.

Configure the source account

To send events to an event bus on the destination account, complete the following steps in your source account:

1.    Define the rule and build the event pattern.

2.    For Target type, choose EventBridge event bus, and then choose Event bus in a different account or Region.

3.    Enter the ARN of the event bus from the destination account.

4.    For Execution role, choose Create a new role for this specific resource or Use existing role.

5.    Attach the following policies to the new or existing IAM role:

Example IAM permission policy

{  
    "Version": "2012-10-17",  
    "Statement": [{  
        "Effect": "Allow",  
        "Action": [  
            "events:PutEvents"  
        ],  
        "Resource": [  
            "arn:aws:events:<region>:<destination-accountid>:event-bus/bus-name"  
        ]  
    }]  
}

Note: In the preceding policy, the ARN that you specify is the ARN of the event bus from the destination account.

Example trust relationship policy

{  
    "Version": "2012-10-17",  
    "Statement": [{  
        "Effect": "Allow",  
        "Principal": {  
            "Service": "events.amazonaws.com"  
        },  
        "Action": "sts:AssumeRole"  
    }]  
}

6.    (Optional) Configure tags.

7.    Review the details for the new rule, and then choose Create rule.

Configure the destination account

Complete the following steps in your destination account:

1.    Open the Amazon EventBridge console.

2.    In the navigation pane, choose Event Buses.

3.    Choose the name of the event bus, and then choose Manage permissions.

4.    Enter the following example policy:

Note: For AWS and Resource, include your ARN.

{  
    "Version": "2012-10-17",  
    "Statement": [{  
        "Sid": "AllowAccountToPutEvents",  
        "Effect": "Allow",  
        "Principal": {  
            "AWS": "arn:aws:iam::<source-accountid>:root"  
        },  
        "Action": "events:PutEvents",  
        "Resource": "arn:aws:events:<region>:<destination-accountid>:event-bus/bus-name"  
    }]  
}

Note: To use a template for the policy, choose Load template, and then modify the policy.

5.    Choose Update.

Any events that match the event rule now route from the source account to the event bus on the destination account.

Related information

Sending and receiving Amazon EventBridge events between AWS Regions

Sending and receiving Amazon EventBridge events between AWS accounts

Permissions for Amazon EventBridge event buses

Topics
ServerlessApplication Integration
Tags
Amazon EventBridge
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated 6 months ago
No comments

Relevant content