For more details on the implementation visit the accompanying AWS blog post
In this ecommerce example, there are multiple services distributed across different accounts. A web store publishes an event when a new order is created. The event is sent via a central event bus, which is in another account. The bus has two rules with target services in different AWS accounts.
The goal is to create fine-grained permissions that only allow:
- The web store to publish events for a specific detail-type and source.
- The invoice processing service to create and manage its own rules on the central bus.
To complete this walk through, you set up three accounts. For account A (Web Store), you deploy an AWS Lambda function that sends the newOrderCreated event directly to the central event bus in account B. The invoice processing Lambda function in account C creates a rule on the central event bus to process the event published by account A.
- AWS CLI already configured with Administrator permission
- AWS SAM CLI installed
-
Create 3 AWS accounts if you do not already have them and login.
-
Clone the repo onto your local development machine:
git clone https://github.com/aws-samples/amazon-eventbridge-resource-policy-samplesTo get started follow the instructions on deploying the central event bus to account B
The AWS Compute Blog series and video link at the top of this README file contains additional information about the application design and architecture.
If you have any questions, please contact the author or raise an issue in the GitHub repo.