I am creating a custom bus in AWS EventBridge via CDK:
export class EventbridgeStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const targetCoreBus = new events.EventBus(this, 'TargetCoreBus', {
eventBusName: 'TargetCoreBus',
});
targetCoreBus.grantPutEventsTo(new iam.AccountPrincipal('1234567890'));
}
}
The bus is created fine, but I assumed the line
targetCoreBus.grantPutEventsTo(new iam.AccountPrincipal('1234567890'));
Would add policy to the bus that would allow specified account to put events into it. But it doesn't seem to do anything, nothing new is synthesized in the stack, no policy is added to the bus. Is it expected, am I doing something wrong?
grantPutEventsTo
adds an inline, identity-based policy to the Grantee. For instance,targetCoreBus.grantPutEventsTo(MyLambda)
would add aAWS::IAM::Policy
to the Lambda's execution role.You want to add the account principal to the Bus' resource-based policy. The CfnEventBusPolicy construct will do just that: