AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Orange service app for for multi-bus, multi-account-pattern # More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst Globals: Function: Timeout: 3 Handler: app.lambda_handler Runtime: python3.9 Tags: pattern: multi-bus-multi-account-pattern Parameters: EventBusName: Description: Name of the orange service app event bus Type: String Default: orange-service-event-bus-multi-bus BlueServiceAccountNo: Description: Account Id Blue service event bus to add rules Type: String PurpleServiceAccountNo: Description: Account Id Purple service event bus to add rules Type: String Resources: # Event bus for orange service. OrangeServiceEventBus: Type: AWS::Events::EventBus Properties: Name: !Ref EventBusName # Resource policy for Orange service event bus OrangeServicePublishStatement: Type: AWS::Events::EventBusPolicy Properties: EventBusName: !Ref OrangeServiceEventBus StatementId: "OrangeServicePublish" Statement: Effect: "Allow" Principal: AWS: - !Sub arn:aws:iam::${AWS::AccountId}:root Action: "events:PutEvents" Resource: !GetAtt OrangeServiceEventBus.Arn Condition: StringEquals: "events:source": ["com.exampleCorp.OrangeService"] OrangeEventBusRuleCreationStatement: Type: AWS::Events::EventBusPolicy Properties: EventBusName: !Ref OrangeServiceEventBus StatementId: "AllServiceRuleCreation" Statement: Effect: "Allow" Principal: AWS: - !Sub arn:aws:iam::${BlueServiceAccountNo}:root - !Sub arn:aws:iam::${PurpleServiceAccountNo}:root Action: - "events:PutRule" - "events:DeleteRule" - "events:DescribeRule" - "events:DisableRule" - "events:EnableRule" - "events:PutTargets" - "events:RemoveTargets" Resource: - !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${OrangeServiceEventBus.Name}/* Condition: StringEqualsIfExists: "events:creatorAccount": "${aws:PrincipalAccount}" "events:source": ["com.exampleCorp.OrangeService"] OrangeServicePublisherE3: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: orange_p_e3/ Policies: - Version: '2012-10-17' Statement: - Effect: Allow Action: - events:PutEvents Resource: "*" Environment: Variables: EVENT_BUS_ARN: !Ref OrangeServiceEventBus OrangeServiceSubscriberE2: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: orange_s_e2/ Events: OrangeE2Rule: Type: EventBridgeRule Properties: EventBusName: !Ref OrangeServiceEventBus Pattern: source: - com.exampleCorp.PurpleService detail-type: - Event2 # Orange service event bus targe DLQ OrangeServiceEventBusDlq: Type: AWS::SQS::Queue Outputs: OrangeServiceEventBusArn: Description: The ARN of the Orange event bus Value: !GetAtt OrangeServiceEventBus.Arn OrangeServicePublisherE3: Description: Lambda function name for Orange service publishing event 3 Value: !Ref OrangeServicePublisherE3 OrangeServiceSubscriberE2: Description: Lambda function name for orange service subscriber to event 2 Value: !Ref OrangeServiceSubscriberE2 OrangeServiceEventBusDlqUrl: Description: URL of the SQS Queue for rules DeadLetterConfig Value: !Ref OrangeServiceEventBusDlq OrangeServiceEventBusDlqArn: Description: ARN of the SQS Queue for rules DeadLetterConfig Value: !GetAtt OrangeServiceEventBusDlq.Arn