AWS EventBridge is a serverless event bus service that simplifies event-driven architectures. In this guide, we’ll explore how to leverage EventBridge with a cross-region event bus to overcome the regional limitations associated with IAM (Identity and Access Management) events. This setup will enable you to capture and respond to IAM events seamlessly across AWS regions. AWS CloudWatch Events are powerful, but they are region-specific, posing challenges when attempting to capture IAM events. It’s essential to note that IAM is a global service, and the IAM events are only available in the CloudWatch Events are limited to the region in which they are created. IAM events are only available in the Utilize AWS EventBridge with a cross-region event bus for seamless IAM event notifications across regions. AWS Account: Ensure you have an AWS account and the necessary permissions to set up EventBridge, Lambda functions, and SNS topics. Lambda Function: Create a Lambda function that will be triggered by EventBridge and will be responsible for sending SNS email notifications. SNS Topic: Set up an SNS topic that will be used to send email notifications. CloudTrail: The CloudTrail must be enabled in Create a Lambda function at any region that you want. For this example, the Lambda function is deployed in NOTE: You can refer to this page to use the same Lambda code used in this article. Create an SNS Topic at the same region where the Lambda function is deployed. You must also create an email subscription and confirm the email address endpoint that will receive the notification: For the event pattern, make sure that it is for the intended event only. In this case, we are only triggering the rule when there is an API call for the CreateUser IAM event. Select Create an event rule to the same region as your Lambda or, in this case, ap-southeast-1. On the target page, select the Lambda created from step 1. Create a test IAM user and confirm if an email about the event is received. By utilizing AWS EventBridge with a cross-region event bus, you’ve successfully established a scalable solution for cross-region IAM event notifications. This approach allows you to capture and respond to IAM events seamlessly across different AWS regions, providing flexibility and centralized management. Send a notification when an IAM user is created – AWS Prescriptive Guidance Sending and receiving Amazon EventBridge events between AWS Regions – Amazon EventBridgeUse Case: Cross-Region IAM Event Notifications with AWS EventBridge
us-east-1 region. By using AWS EventBridge with a cross-region event bus, we can create a scalable and efficient solution for cross-region IAM event notifications.Challenge:
us-east-1 region, posing challenges for cross-region event management.Solution:
Prerequisites
us-east-1 region.Step 1: Create a Lambda Function
ap-southeast-1. This Lambda will invoke an SNS topic at the same region to notify through email.
Step 2: Create an SNS Topic
Step 3: Set Up EventBridge Rule in N. Virginia
Event bus in a different account or Region on the target page. Paste the ARN of the event bus. In this solution, we are using the default event bus of the ap-southeast-1 region.
Step 4: Set up the EventBridge rule invoking the Lambda
Step 5: Test the Setup
Conclusion
References:
Get any AWS Specialty Mock Test for FREE when you Buy 2 AWS Pro-Level Practice Tests – as LOW as $10.49 USD each ONLY!
Learn AWS with our PlayCloud Hands-On Labs
Tutorials Dojo Exam Study Guide eBooks
FREE AWS Exam Readiness Digital Courses
Subscribe to our YouTube Channel
FREE AWS, Azure, GCP Practice Test Samplers
Follow Us On Linkedin
Written by: Bill Junidez Liad
