CCM-14961: Allow cross domain bus to put event on DL bus

simonlabarere · simonlabarere · commit 6bfd999e518e · 2026-03-17T14:16:52.000Z
diff --git a/infrastructure/terraform/components/dl/cloudwatch_event_bus.tf b/infrastructure/terraform/components/dl/cloudwatch_event_bus.tf
@@ -34,8 +34,8 @@ data "aws_iam_policy_document" "main_event_bus_document" {
     effect = "Allow"
 
     principals {
-      type        = "Service"
-      identifiers = ["events.amazonaws.com"]
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::${var.eventbus_account_id}:root"]
     }
 
     actions = [
@@ -49,7 +49,9 @@ data "aws_iam_policy_document" "main_event_bus_document" {
     condition {
       test     = "ArnLike"
       variable = "aws:SourceArn"
-      values   = ["arn:aws:events:${var.region}:${var.eventbus_account_id}:rule/*-data-plane/*"]
+      values = [
+        "arn:aws:events:${var.region}:${var.eventbus_account_id}:rule/*-data-plane*"
+      ]
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -34,8 +34,8 @@ data "aws_iam_policy_document" "main_event_bus_document" {`
`34`	`34`	`effect = "Allow"`
`35`	`35`
`36`	`36`	`principals {`
`37`		`- type = "Service"`
`38`		`- identifiers = ["events.amazonaws.com"]`
	`37`	`+ type = "AWS"`
	`38`	`+ identifiers = ["arn:aws:iam::${var.eventbus_account_id}:root"]`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`actions = [`
`@@ -49,7 +49,9 @@ data "aws_iam_policy_document" "main_event_bus_document" {`
`49`	`49`	`condition {`
`50`	`50`	`test = "ArnLike"`
`51`	`51`	`variable = "aws:SourceArn"`
`52`		`- values = ["arn:aws:events:${var.region}:${var.eventbus_account_id}:rule/-data-plane/"]`
	`52`	`+ values = [`
	`53`	`+ "arn:aws:events:${var.region}:${var.eventbus_account_id}:rule/-data-plane"`
	`54`	`+ ]`
`53`	`55`	`}`
`54`	`56`	`}`
`55`	`57`	`}`