Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-events): Support EventBridge cross region event routing #14635

Closed
1 of 2 tasks
stephenhibbert opened this issue May 11, 2021 · 3 comments
Closed
1 of 2 tasks

(aws-events): Support EventBridge cross region event routing #14635

stephenhibbert opened this issue May 11, 2021 · 3 comments
Labels
@aws-cdk/aws-events Related to CloudWatch Events effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1

Comments

@stephenhibbert
Copy link
Contributor

stephenhibbert commented May 11, 2021
edited
Loading

EventBridge now supports cross region events so this can now be supported in the CDK! Currently, you can route to any event bus in the three supported Regions. Cross-Region event buses can be in the same AWS account or different AWS accounts. The initial list of supported destination Regions is: US East (N. Virginia – us-east-1), US West (Oregon – us-west-2), and Europe (Ireland – eu-west-1).

https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/

Currently we get the following error when trying to put event across region:

node_modules/@aws-cdk/aws-events/lib/rule.ts:182
            action: 'events:PutEvents',
              ^
Error: Rule and target must be in the same region

Use Case

To support cross region events in a CDK application.

Proposed Solution

Remove error check for cross region in node_modules/@aws-cdk/aws-events/lib/rule.ts

from line 97

            if (targetRegion !== sourceRegion) {
                throw new Error('Rule and target must be in the same region');
            }

But not only that, we should extend the multi-account logic to support multi-region otherwise we impose the restriction that multi-region must also be multi-account. Note that multi-region events are implemented the same way as multi account events.

Update the docs: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-events-readme.html#cross-account-targets

"Note: while events can span multiple accounts, they cannot span different regions (that is an EventBridge, not CDK, limitation)."

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@stephenhibbert stephenhibbert added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels May 11, 2021
@github-actions github-actions bot added the @aws-cdk/aws-events Related to CloudWatch Events label May 11, 2021
@stephenhibbert stephenhibbert changed the title Support EventBridge cross region event routing (aws-events) Support EventBridge cross region event routing May 11, 2021
@stephenhibbert stephenhibbert changed the title (aws-events) Support EventBridge cross region event routing (aws-events): Support EventBridge cross region event routing May 11, 2021
@stephenhibbert
Copy link
Contributor Author

stephenhibbert commented May 13, 2021
edited
Loading

@rix0rrr - I've had a go at getting this working by doing the following:
https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-events/lib/rule.ts

  1. Removed the same region check in line 181-183
      if (targetRegion !== sourceRegion) {
        throw new Error('Rule and target must be in the same region');
      }
  1. Added a check for different region in line 184
if (targetAccount !== sourceAccount || targetRegion !== sourceRegion) {

However, I'm getting the following error when deploying:

 4/7 | 08:58:51 | CREATE_FAILED        | AWS::Events::Rule                      | BatchRuleus-east-1 (BatchRuleuseast1AE7EC07F) RoleArn is required for target arn:aws:events:us-east-1::event-bus/default. (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: ValidationException; Request ID: e2bd5bbe-7262-423a-a257-d83a7f3394fb; Proxy: null)

From the API docs below it seems we need to supply roleArn in the target but that works fine when targeting the cross-account target in the same region, just not for the cross account target in a different region...

Any thoughts?

AWS::Events::Rule
RoleArn
The Amazon Resource Name (ARN) of the role that is used for target invocation.

If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions in the Target structure, instead of here in this parameter.

AWS::Events::Rule Target
RoleArn
The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. If one rule triggers multiple targets, you can use a different IAM role for each target.

If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions here in this parameter.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html

stephenhibbert pushed a commit to stephenhibbert/aws-cdk that referenced this issue May 17, 2021
feat(aws-events): Multi-region support for event rules aws#14635
6921374
@stephenhibbert stephenhibbert mentioned this issue May 17, 2021
Merged
@rossng
Copy link

rossng commented May 20, 2021

This would be super useful for routing Chime events (which are always emitted in us-east-1) into the region where all my infrastructure sits.

@rix0rrr rix0rrr added effort/medium Medium work item – several days of effort p1 and removed needs-triage This issue or PR still needs to be triaged. labels Jun 4, 2021
@rix0rrr rix0rrr removed their assignment Jun 4, 2021
mergify bot pushed a commit that referenced this issue Jul 12, 2021
@stephenhibbert
feat(events): cross-region event rules (#14731)
c62afe9 
This pull request aims to extend the current support for cross-account event targets to also support limited cross-region event targets. Currently, the initial list of supported destination regions is: US East (N. Virginia – us-east-1), US West (Oregon – us-west-2), and Europe (Ireland – eu-west-1). The event can originate in any AWS region. 

The original feature request is described here: #14635 and the blog post describing this feature launch is here: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Aug 3, 2021
@stephenhibbert @TikiTDO
feat(events): cross-region event rules (aws#14731)
b37f543 
This pull request aims to extend the current support for cross-account event targets to also support limited cross-region event targets. Currently, the initial list of supported destination regions is: US East (N. Virginia – us-east-1), US West (Oregon – us-west-2), and Europe (Ireland – eu-west-1). The event can originate in any AWS region. 

The original feature request is described here: aws#14635 and the blog post describing this feature launch is here: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
hollanddd pushed a commit to hollanddd/aws-cdk that referenced this issue Aug 26, 2021
@stephenhibbert @hollanddd
feat(events): cross-region event rules (aws#14731)
c7c68de 
This pull request aims to extend the current support for cross-account event targets to also support limited cross-region event targets. Currently, the initial list of supported destination regions is: US East (N. Virginia – us-east-1), US West (Oregon – us-west-2), and Europe (Ireland – eu-west-1). The event can originate in any AWS region. 

The original feature request is described here: aws#14635 and the blog post describing this feature launch is here: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Jan 7, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-events Related to CloudWatch Events effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rix0rrr @rossng @stephenhibbert