aidansteele · October 7, 2021 02:51
diff --git a/bus-account-a.yml b/bus-account-a.yml
 Resources:
  Bus:
    Type: AWS::Events::EventBus

  BusPolicy:
    Type: AWS::Events::EventBusPolicy
    Properties:
      EventBusName: !Ref Bus
      StatementId: AllowOrg
      Statement:
        Effect: Allow
        Principal: "*"
        Action: 
          - events:PutRule
          - events:DeleteRule
          - events:DescribeRule
          - events:DisableRule
          - events:EnableRule
          - events:PutTargets
          - events:RemoveTargets
        Resource: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${Bus}/*
        Condition:
          StringEquals:
            aws:PrincipalOrgID: o-yourorgid
          StringEqualsIfExists:
            events:creatorAccount: "${aws:PrincipalAccount}"

 Outputs:
  Bus:
    Value: !GetAtt Bus.Arn
diff --git a/rule-account-b.yml b/rule-account-b.yml
 Parameters:
  RemoteBusArn:
    Type: String
  LocalBusName:
    Type: String
    Default: default
    
 Resources:
  RemoteRule:
    Type: AWS::Events::Rule
    Properties:
      EventBusName: !Ref RemoteBusArn
      EventPattern:
        detail-type: [some-detail-type]
      Targets:
        - Id: localbus
          Arn: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${LocalBusName}
          RoleArn: !GetAtt CrossAccountEventBridgeRole.Arn

  CrossAccountEventBridgeRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: events.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: PutEventsOnLocalBus
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: events:PutEvents
                Resource: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${LocalBusName}

  LocalRule:
    Type: AWS::Events::Rule
    Properties:
      EventBusName: !Ref LocalBusName
      EventPattern:
        detail-type: [some-detail-type]
      Targets:
        - Id: queue
          Arn: some:sqs:queue:arn....
	Resources:
	Bus:
	Type: AWS::Events::EventBus

	BusPolicy:
	Type: AWS::Events::EventBusPolicy
	Properties:
	EventBusName: !Ref Bus
	StatementId: AllowOrg
	Statement:
	Effect: Allow
	Principal: "*"
	Action:
	- events:PutRule
	- events:DeleteRule
	- events:DescribeRule
	- events:DisableRule
	- events:EnableRule
	- events:PutTargets
	- events:RemoveTargets
	Resource: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${Bus}/*
	Condition:
	StringEquals:
	aws:PrincipalOrgID: o-yourorgid
	StringEqualsIfExists:
	events:creatorAccount: "${aws:PrincipalAccount}"

	Outputs:
	Bus:
	Value: !GetAtt Bus.Arn
	Parameters:
	RemoteBusArn:
	Type: String
	LocalBusName:
	Type: String
	Default: default

	Resources:
	RemoteRule:
	Type: AWS::Events::Rule
	Properties:
	EventBusName: !Ref RemoteBusArn
	EventPattern:
	detail-type: [some-detail-type]
	Targets:
	- Id: localbus
	Arn: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${LocalBusName}
	RoleArn: !GetAtt CrossAccountEventBridgeRole.Arn

	CrossAccountEventBridgeRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service: events.amazonaws.com
	Action: sts:AssumeRole
	Policies:
	- PolicyName: PutEventsOnLocalBus
	PolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Action: events:PutEvents
	Resource: !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${LocalBusName}

	LocalRule:
	Type: AWS::Events::Rule
	Properties:
	EventBusName: !Ref LocalBusName
	EventPattern:
	detail-type: [some-detail-type]
	Targets:
	- Id: queue
	Arn: some:sqs:queue:arn....