- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hi there,
At this point sending events cross-account is only supported via Event Buses which means that it is not possible to directly set a target of Lambda-in-AccountA to an EventBridge Rule Rule-in-AccountB. The supported flow would be as below:
Event-Bus-AccountB => Rule-in-AccountB => Event-Bus-AccountA as one of the Target => Rule-in-AccountA to match the events coming from AccountB and with a Target of Lambda-in-AccountA.
To help you further understand, here are some useful resources Sending and Receiving events between AWS Accounts and Simplifying cross-account access with Amazon EventBridge Resource policies
Hope this helps, and please let me know if you have any further questions
I don't think this is possible.
With EventBridge, it's possible to configure an event bus to receive events from different sources including sources from other AWS accounts. To invoke a lambda function - this would be done via Event Bus -> Rule -> Target (in this case, the target would be a lambda function). Currently, it seems that the Lambda function must be in the same account as the Rule.
If you're looking to do extra architecture, a couple solutions could be as follows:
- Event Bus (B) -> Rule (B) -> SQS (B) -> Lambda (A) https://aws.amazon.com/about-aws/whats-new/2021/09/aws-lambda-lambda-function-amazon-sqs-queue/ For this, you will need to configure cross-account access and the resource policies (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-basic-examples-of-sqs-policies.html#grant-cross-account-permissions-to-role-and-user-name)
- Event Bus (B) -> Rule (B) -> Lambda (B) -> Lambda (A) This could be done a few different ways. In theory, you would still need to do a cross-account access somehow, either through invocation (Lambda Permissions), or cross-account role assumption.
The flow Event-Bus-AccountB=>Rule-in-AccountB=>SQS-in-AccountB=>Lambda-in-AccountA looks to be supported now. As recently Lambda service announced the support of invocation from SQS Queue in a different AWS account. You can check the details from https://aws.amazon.com/about-aws/whats-new/2021/09/aws-lambda-lambda-function-amazon-sqs-queue/
In case it's not possible to use event bus in account A as a target. Any other options to invoke Lambda-in-AccountA when an event is published on Event-Bus-AccountB? Is Event-Bus-AccountB=>Rule-in-AccountB=>SQS-in-AccountB=>Lambda-in-AccountA a feasible alternative?