Event Bus Targets
If you are building an event-driven application, EventBridge plays an important role in building loosely coupled architecture and integrating the event producers and consumers. EventBridge is the event bus service from AWS that allows seamless integration between different AWS services. It routes events from the event sources to the event targets. At the core of EventBridge:
-
Event Bus: EventBridge can be configured to send/receive events between multiple AWS accounts. This is especially helpful in cross-account event integration.
-
Rules: Rules in EventBridge determine the routing of events. They match incoming events and route them to one or more target functions or services.
-
Targets: Targets are the AWS services or resources that process the events. These can include AWS Lambda functions, Step Functions, SNS topics, SQS queues, and many more.
Amongst other AWS targets, event bus route other event bus as a target. The destination event bus can be in the
- same account/Region
- different account/region
Event Bus Cross Account Integration - Only Event Bus as target
The event bus can deliver events to the event bus in a different account.
- Receiver account: Create an event bus on the receiver account and configure the ** resource policy** to allow only the sender AWS account.
- Sender account: Create an event bridge rule on the sender account. Specify the event bridge filter pattern and specify the target as the arn of the event bus created in the receiver account.
- Receiver account: Create the event bridge rule on the event bus, specify the filter pattern and add the required AWS target/s.
Event Bus Cross Account Integration - Multiple Targets
This new event bridge feature allows you to deliver events from the event bus to a variety of AWS targets like SQS, SNS and AWS lambda functions.
- Receiver account : Create the target service where you want the event.
- Sender account: Create an event bus rule with the target that was created in the receiver account.The event bus rule in the sender account should have IAM role with execution role that allows to send events to the targets.
- Receiver account: each of the targets on the receiver account should have a resource access policy that allows the execution role that was attached to the IAM role.
Articles
https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-targets.html https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross-account.html https://aws.amazon.com/blogs/compute/introducing-cross-account-targets-for-amazon-eventbridge-event-buses/
- Greatly improves the latency due to the number of services it passes through.
- Simplifies the event driven architecture.
-
Higher degree of governance and control because IAM roles are created on the sender account and resource based policy on the receiver account.
- Allows you to filter by events
-
Allows you to decide on the
- Identity policy vs resource policy
- lambda targets - event sourcing
- kinesis data stream