Answer-first summary for fast verification
Answer: The resource-based policy on the target event bus must be modified to allow PutEvents API calls from the sender accounts.
To route events across AWS accounts using Amazon EventBridge, the receiving account's event bus must have a resource-based policy that allows the sending account to perform the `events:PutEvents` API call. Without this policy, events sent from the sender account will be rejected by the receiving account's event bus.
Author: Ritesh Yadav
Ultimate access to all questions.
Question #74 A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company needs to send specific events from all the accounts in the organization to a new receiver account so an AWS Lambda function can process the events. A CloudOps engineer needs to configure Amazon EventBridge to route the events to a target event bus in the us-west-2 Region in the new receiver account. The CloudOps engineer creates rules in the sender accounts and the receiver account that match the specified events. The rules do not specify an account parameter in the event pattern. The CloudOps engineer creates IAM roles in the sender accounts to allow PutEvents actions on the target event bus. The first test events that originate from the us-east-1 Region are not being processed by the Lambda function in the receiving account. What is the likely reason the events are not processed?
A
Interface VPC endpoints for EventBridge are required in the sender accounts and receiver accounts.
B
The target Lambda function is in a different AWS Region, which is not supported by EventBridge.
C
The resource-based policy on the target event bus must be modified to allow PutEvents API calls from the sender accounts.
D
The rule in the receiving account must specify {"account": "<sender-account-id>"} in its event pattern and must include the receiving account ID.
No comments yet.