AWS EventBridge 规则能否以另一个账户中的 Kinesis Firehose 传输流为目标？

Question

Imagine that there are two AWS accounts - Account-A and Account-B. Account-A has an EventBridge Event Bus and Account-B has a Kinesis Data Firehose.

Is it possible for the event bus in Account-A to have a rule that targets the firehose in Account-B?

Answer 1

Could you please suggest me how I can pass AWS::KinesisFirehose::DeliveryStream into AWS::Events::Rule

I have 2 Target one is for LogGroup and Another one is KinesisFirehose.

I have tried KinesisParameters but didn't get success.

Type: AWS::Events::Rule
    Properties:
      Name: !Ref 'EventBusRuleName'
      Description: Lead Assigned Rule
      EventBusName: !Ref FseEventBus
      RoleArn: !GetAtt LeadAuditFirehoseIAMRole.Arn
      EventPattern:
        source:
          - "FMS"
        detail-type: 
          - "LeadAssigned"
      State: "ENABLED"
      Targets:
        - Arn: !GetAtt FseLogGroup.Arn
          Id: "LogGroupTarget"
    DependsOn: FseEventBus

Answer 2

At this time, no, the only type of cross-account resource you can target in an EventBridge Rule is another EventBridge bus. This is not really clearly stated anywhere I found while investigating the same question, but you can infer it from the PutTargets docs (since Event bus is the only target listed as supported in another account), or if you try it through CloudFormation you'll get an error "Only EventBus targets are allowed on cross-account PutTargets calls").

So currently they intend for you to set up another EventBridge bus in Account-B, and then attach a rule on it to target your firehose. Since there's no charge to receive events (the sender pays), this seems perfectly reasonable.

This could all change of course as AWS routinely enhances their services.

There's a nice diagram of this sort of cross-account event forwarding on Simplifying cross-account access with Amazon EventBridge resource policies :