Cannot grant permission to EventBridge bus

Question

Cannot grant permission to EventBridge bus

1.4k views Asked by Yuriy Galanter At 16 September 2024 at 14:17

I am creating a custom bus in AWS EventBridge via CDK:

    export class EventbridgeStack extends Stack {
      constructor(scope: Construct, id: string, props?: StackProps) {
        super(scope, id, props);
    
        const targetCoreBus = new events.EventBus(this, 'TargetCoreBus', {
          eventBusName: 'TargetCoreBus',
        });
    
        targetCoreBus.grantPutEventsTo(new iam.AccountPrincipal('1234567890'));
    
      }
    }

The bus is created fine, but I assumed the line

    targetCoreBus.grantPutEventsTo(new iam.AccountPrincipal('1234567890'));

Would add policy to the bus that would allow specified account to put events into it. But it doesn't seem to do anything, nothing new is synthesized in the stack, no policy is added to the bus. Is it expected, am I doing something wrong?

Original Q&A

There are 1 answers

**fedonev** · Accepted Answer · 2022-05-09 19:39:40

grantPutEventsTo adds an inline, identity-based policy to the Grantee. For instance, targetCoreBus.grantPutEventsTo(MyLambda) would add a AWS::IAM::Policy to the Lambda's execution role.

You want to add the account principal to the Bus' resource-based policy. The CfnEventBusPolicy construct will do just that:

new events.CfnEventBusPolicy(this, 'CustomBusResoucePolicy', {
  statementId: 'Cross-Account-Bus-20220509',
  action: 'events:PutEvents',
  principal: '123456789012',
  eventBusName: targetCoreBus.eventBusName,
  condition: {...},
});

TechQA.

Cannot grant permission to EventBridge bus

There are 1 answers

Related Questions in AMAZON-IAM

Related Questions in AWS-CDK

Related Questions in AWS-EVENT-BRIDGE

Related Questions in USERPRINCIPAL

Popular Questions

Popular Tags

Trending Questions