Amazon CloudWatch Events Gains Cross-Account Event Delivery

| by Steffen Opel Follow 4 Followers on Jul 31, 2017. Estimated reading time: 2 minutes |

Amazon Web Services (AWS) recently added cross-account event delivery to Amazon CloudWatch Events to support use cases such as the tracking of events across an entire organization and the handling of events in separate accounts to implement advanced security schemes.

Amazon CloudWatch Events is part of Amazon CloudWatch (previous coverage) and delivers a "near real-time stream of events" that allows you to "track and respond to changes in your AWS resources" by using rules that route matching events to one or more targets. In his introductory blog post, Jeff Barr (Chief Evangelist AWS) qualified CloudWatch Events as "the central nervous system for your AWS environment". Accordingly, in addition to supporting read/write API call events for most services, the list of service specific event types and targets is frequently growing, with recent new entries such as AWS Step Functions, Amazon ECS, Amazon Kinesis Firehose, AWS CodeBuild, and AWS CodePipeline.

CloudWatch Events can now also send and receive events between AWS accounts to support advanced uses cases and topologies such as fan-in to handle events from multiple accounts in one place, or fan-out to route different types of events to separate accounts (events that originated in another account will not be sent to a third one to avoid infinite loops), for example:

  • Organizational rollup - tracking of events across several accounts or an entire organization managed via AWS Organizations (previous coverage)
  • Bounded security contexts - responding to security related events in dedicated and isolated accounts for separation of concerns

Amazon CloudWatch Events Event Buses Overview

Currently AWS supports a single event bus per account, with "plans to allow more in the future". An associated access policy specifies the set of additional AWS accounts that are allowed to send events to the receiving account's event bus. By default, rules in the receiving account will also match events that originated in other accounts. This can be prevented by specifying one or more AWS account IDs in the "account" field of a rules' event pattern, resulting in the following typical steps for cross-account event processing:

  • On the receiver account, authorize one or more (or all) AWS accounts to send events to its default event bus.
  • On the sender account, set up one or more rules that target the receiver account's default event bus.
  • On the receiver account, set up one or more rules that match events coming from one or more (or all) AWS accounts

In related news, Amazon CloudWatch Events meanwhile supports input transformations of events before sending them to targets so that "you can extract multiple key-value pairs from their event JSONs and transform the data to fit your needs". AWS has also just significantly increased the default CloudWatch Events limits. As with many other AWS service limits, users can request a limit increase beyond these new defaults via the AWS support center

The Amazon CloudWatch Events documentation features a user guide, including a getting started section, the AWS CLI reference, and the API reference. Support is provided via the Amazon CloudWatch forum. Usage of CloudWatch Events is free, except for the ingestion of custom events and events forwarded to another account, which are charged to the sending account as custom events and priced accordingly.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you