Problem with cross-region events

[jjmonsalveg]

Hi, when I created the central event bus in account B in us-east-1 and the event bus in account C in us-west-2.

I received the following error:

CREATE_FAILED     AWS::Events::Rule    InvoiceProcessingRule  

Cross-region API call is not allowed. (Service: AmazonCloudWatchEvents; Status  Code: 400; Error Code: ValidationException; Request    ID: XXXXXXXX; Proxy: null)    

to deploy I ran the commands from the readme

sam deploy --guided --region us-west-2

Sam version: SAM CLI, version 1.90.0

In the same region, all is good but I have these restrictions and I need to use different regions. Am I missing something?

[sliedig]

Hello @jjmonsalveg, thanks for raising this. I'm currently travelling but will look into this early next week.

[sliedig]

@jjmonsalveg apologies for the delay in response. Take a look at the cross region example and make sure that you have the assume role defined that allows the event bus in one account to an event bus in the other account and region.

  SourceToDestinationEventBusRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - events.amazonaws.com
            Action:
              - "sts:AssumeRole"
      Path: /
      Policies:
        - PolicyName: PutEventsOnDestinationEventBus
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: "events:PutEvents"
                Resource:
                  - !Ref SecurityEventBusArn