Why does my EventBridge rule for IAM events only trigger in the us-east-1 Region?

2 minute read
0

I want to know why the Amazon EventBridge rule that receives events from global services doesn’t work in Regions outside us-east-1 Region.

Short description

AWS global services such as AWS Identity and Asset Management (IAM) and Amazon Route 53 are available only in the us-east-1 Region. The default event bus for this Region receives all the events that are generated from these services.

Resolution

If you already set up the EventBridge resources in the us-east-2 Region, invoke the targets for global services as follows:

Recreate the EventBridge rule and the targets in the us-east-1 Region

If your EventBridge targets are in us-east-1 Region, then follow these steps:

  1. Delete the EventBridge resources in the us-east-2 Region.
  2. Recreate the same rule, pattern, and targets in the us-east-1 Region.
    Important: If your targets are located outside the us-east-1 Region, follow the option listed in the next section.

Route events from the us-east-1 Region to the us-east-2 Region event bus (console)

With cross-Region routing capabilities, you can now route the events from the us-east-1 Region to an event bus in then us-east-2 Region. This allows events originating in the us-east-1 Region to invoke targets in the us-east-2 Region.

  1. Open the EventBridge console in the us-east-1 Region.
  2. From the left panel, choose Buses. Then, select Rules from the dropdown list.
  3. Choose Create rule. Copy and paste the same pattern that was used in the us-east-2 Region.
  4. For Target types, choose EventBridge event bus. Then, select Event bus in a different account or Region.
  5. For Event bus, enter the Amazon Resource Name (ARN) of the default event bus in the us-east-2 Region.
  6. Keep the default option Create a new role for this specific resource. This creates the necessary AWS Identity and Access Management (IAM) permissions that allow the rule to put events on the target bus.
  7. Choose Next. Then, choose Update rule.

Note: Don't delete the EventBridge rule in the us-east-2 Region because the rules must coexist in both Regions for the cross-Region routing to work.

In your new configuration, all the events from the us-east-1 Region are routed to the event bus in the us-east-2 Region. An event triggers your existing rule in then us-east-2 Region. This then invokes your targets in the same Region.

AWS OFFICIAL
AWS OFFICIALUpdated 7 months ago