software.amazon.awscdk.services.events

Class CfnEventBusPolicy

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.events.CfnEventBusPolicy

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-03-22T19:35:41.107Z")
public class CfnEventBusPolicy
extends CfnResource
implements IInspectable

A CloudFormation `AWS::Events::EventBusPolicy`.

Running PutPermission permits the specified AWS account or AWS organization to put events to the specified event bus . Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.

For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.

To enable multiple AWS accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run PutPermission once specifying Principal as "*" and specifying the AWS organization ID in Condition , to grant permissions to all accounts in that organization.

If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide .

The permission policy on the event bus cannot exceed 10 KB in size.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.events.*;
 Object statement;
 CfnEventBusPolicy cfnEventBusPolicy = CfnEventBusPolicy.Builder.create(this, "MyCfnEventBusPolicy")
         .statementId("statementId")
         // the properties below are optional
         .action("action")
         .condition(ConditionProperty.builder()
                 .key("key")
                 .type("type")
                 .value("value")
                 .build())
         .eventBusName("eventBusName")
         .principal("principal")
         .statement(statement)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnEventBusPolicy.Builder A fluent builder for CfnEventBusPolicy.
static interface	CfnEventBusPolicy.ConditionProperty A JSON string which you can use to limit the event bus permissions you are granting to only accounts that fulfill the condition.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnEventBusPolicy(Construct scope, java.lang.String id, CfnEventBusPolicyProps props) Create a new `AWS::Events::EventBusPolicy`.
protected	CfnEventBusPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnEventBusPolicy(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAction() The action that you are enabling the other account to perform.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.Object	getCondition() This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization.
java.lang.String	getEventBusName() The name of the event bus associated with the rule.
java.lang.String	getPrincipal() The 12-digit AWS account ID that you are permitting to put events to your default event bus.
java.lang.Object	getStatement() A JSON string that describes the permission policy statement.
java.lang.String	getStatementId() An identifier string for the external account that you are granting permissions to.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setAction(java.lang.String value) The action that you are enabling the other account to perform.
void	setCondition(CfnEventBusPolicy.ConditionProperty value) This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization.
void	setCondition(IResolvable value) This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization.
void	setEventBusName(java.lang.String value) The name of the event bus associated with the rule.
void	setPrincipal(java.lang.String value) The 12-digit AWS account ID that you are permitting to put events to your default event bus.
void	setStatement(java.lang.Object value) A JSON string that describes the permission policy statement.
void	setStatementId(java.lang.String value) An identifier string for the external account that you are granting permissions to.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnEventBusPolicy

protected CfnEventBusPolicy(software.amazon.jsii.JsiiObjectRef objRef)

CfnEventBusPolicy

protected CfnEventBusPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnEventBusPolicy

public CfnEventBusPolicy(Construct scope,
                         java.lang.String id,
                         CfnEventBusPolicyProps props)

Create a new `AWS::Events::EventBusPolicy`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getStatement

public java.lang.Object getStatement()

A JSON string that describes the permission policy statement.

You can include a Policy parameter in the request instead of using the StatementId , Action , Principal , or Condition parameters.

setStatement

public void setStatement(java.lang.Object value)

A JSON string that describes the permission policy statement.

You can include a Policy parameter in the request instead of using the StatementId , Action , Principal , or Condition parameters.

getStatementId

public java.lang.String getStatementId()

An identifier string for the external account that you are granting permissions to.

If you later want to revoke the permission for this external account, specify this StatementId when you run RemovePermission .

Each StatementId must be unique.

setStatementId

public void setStatementId(java.lang.String value)

An identifier string for the external account that you are granting permissions to.

If you later want to revoke the permission for this external account, specify this StatementId when you run RemovePermission .

Each StatementId must be unique.

getAction

public java.lang.String getAction()

The action that you are enabling the other account to perform.

setAction

public void setAction(java.lang.String value)

The action that you are enabling the other account to perform.

getCondition

public java.lang.Object getCondition()

This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization.

For more information about AWS Organizations, see What Is AWS Organizations in the AWS Organizations User Guide .

If you specify Condition with an AWS organization ID, and specify "*" as the value for Principal , you grant permission to all the accounts in the named organization.

The Condition is a JSON string which must contain Type , Key , and Value fields.

setCondition

public void setCondition(IResolvable value)

This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization.

For more information about AWS Organizations, see What Is AWS Organizations in the AWS Organizations User Guide .

If you specify Condition with an AWS organization ID, and specify "*" as the value for Principal , you grant permission to all the accounts in the named organization.

The Condition is a JSON string which must contain Type , Key , and Value fields.

setCondition

public void setCondition(CfnEventBusPolicy.ConditionProperty value)

This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization.

For more information about AWS Organizations, see What Is AWS Organizations in the AWS Organizations User Guide .

If you specify Condition with an AWS organization ID, and specify "*" as the value for Principal , you grant permission to all the accounts in the named organization.

The Condition is a JSON string which must contain Type , Key , and Value fields.

getEventBusName

public java.lang.String getEventBusName()

The name of the event bus associated with the rule.

If you omit this, the default event bus is used.

setEventBusName

public void setEventBusName(java.lang.String value)

The name of the event bus associated with the rule.

If you omit this, the default event bus is used.

getPrincipal

public java.lang.String getPrincipal()

The 12-digit AWS account ID that you are permitting to put events to your default event bus.

Specify "*" to permit any account to put events to your default event bus.

If you specify "*" without specifying Condition , avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an account field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.

setPrincipal

public void setPrincipal(java.lang.String value)

The 12-digit AWS account ID that you are permitting to put events to your default event bus.

Specify "*" to permit any account to put events to your default event bus.

If you specify "*" without specifying Condition , avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an account field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.