(aws-events): Imported Event Bus is not account aware.

[thantos]

When importing an event bus via the fromEventBusArn method, the resource.env is the importing stack's account and not the account of the ARN being imported.

This is important because the integration pattern for a construct consuming a bus could be different for a same account vs cross account bus.

For example, a same account bus cannot be the target of another rule, but a cross account bus MUST be the target of a rule before consuming events in the other account.

Reproduction Steps

const bus = EventBus.fromEventBusArn(scope, 'myEventBus', 'cross account arn');

What did you expect to happen?

const bus = EventBus.fromEventBusArn(scope, 'myEventBus', 'cross account arn');

const compare = Token.compareStrings(Stack.of(this).account, bus.env.account);

// compare == TokenComparison.DIFFERENT;

What actually happened?

const bus = EventBus.fromEventBusArn(scope, 'myEventBus', 'cross account arn');

const compare = Token.compareStrings(Stack.of(this).account, bus.env.account);

// compare == TokenComparison.SAME;

Environment

• Framework Version: monocdk 1.86
• Node.js Version: 12
• OS : WSL2 - Ubuntu
• Language (Version) Typescript (3.6):

Other

I suspect that event bus should take the account and region from the arn.

aws-cdk/packages/@aws-cdk/aws-events/lib/event-bus.ts

Lines 285 to 291 in 465cd9c

	super(scope, id);
	this.eventBusArn = attrs.eventBusArn;
	this.eventBusName = attrs.eventBusName;
	this.eventBusPolicy = attrs.eventBusPolicy;
	this.eventSourceName = attrs.eventSourceName;
	}

const parsedArn = Arn.parse(attrs.eventBusArn);
super(scope, id, {
    account: parsedArn.account, //falls back to stack account
    region: parsedArn.region
});

Or it should accept account and region like s3 does.

aws-cdk/packages/@aws-cdk/aws-s3/lib/bucket.ts

Lines 345 to 357 in a67d85f

	/**
	* The account this existing bucket belongs to.
	*
	* @default - it's assumed the bucket belongs to the same account as the scope it's being imported into
	*/
	readonly account?: string;
	/**
	* The region this existing bucket is in.
	*
	* @default - it's assumed the bucket is in the same region as the scope it's being imported into
	*/
	readonly region?: string;

---

This is 🐛 Bug Report

[thantos]

My work around (it doesn't expose the archive method in the base bus object).

/**
 * An Imported event bus that is aware of the account it is imported from.
 */
export class AccountAwareImportedEventBus extends Resource implements IEventBus {
  constructor(scope: Construct, id: string, eventBusArn: string) {
    const parsedArn = Arn.parse(eventBusArn);
    super(scope, id, {
      account: parsedArn.account,
      region: parsedArn.region
    });

    this.eventBusArn = eventBusArn;
    this.eventBusName = parsedArn.resourceName || '';
    this.eventBusPolicy = '';
  }

  eventBusName: string;
  eventBusArn: string;
  eventBusPolicy: string;
  eventSourceName?: string | undefined;
}

Use

const compareAccount = Token.compareStrings(Stack.of(this).account, eventBus.env.account); // eventBus could be an imported or same account bus.
const sameAccount = compareAccount === TokenComparison.SAME || compareAccount === TokenComparison.BOTH_UNRESOLVED;

// For cross account, we write from the target account bus to a bus provided by this account.
if (!sameAccount) {
  if (!props.eventBus) {
     throw new Error('For a cross account listener, an event bus must be provided.');
  }
  // Create rule policy to write across account
  const coreRule = new Rule().target(/*...cross account bus...*/) // a rule which forwards events from cross account to current account's props.eventbus
}

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.