Receive and Match Events from AWS Account B
Question
You are working in a Cloud Security team and your team owns an AWS account A (111111111111) that uses Amazon EventBridge to collect the events happening in other AWS accounts and check if there are security breaches.
A new AWS account B (222222222222) has been recently configured to send events to account A.
You need to create a rule in your account A to receive and match the events only from account B.
How would you set up the rule in Amazon EventBridge?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer : A.
Option A is CORRECT because this is the correct way to filter the events from another account.
The following is an example:
Option B is incorrect because account B may use the default event bus instead of a custom event bus.
The custom event bus may also be used by other AWS accounts.
It is improper to use this method to match the events from AWS account.
B.Option C is incorrect because there is no "pre-defined pattern by AWS account"
Instead, you can choose a predefined pattern based on AWS services or third-party service partners.
Option D is incorrect because it is not suitable to choose “All Events” without filtering it.
You can match the events by the account ID added in the event pattern of the rule.
Reference:
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html![Define pattern
Build or customize an Event Pattern or set a Schedule to invoke Targets.
© Event pattern info
Build a pattern to match events
Event matching pattern
You can use pre-defined pattern provided by a service or create a
custom pattern
(© Pre-defined pattern by service
© Custom pattern
Schedule Info
Invoke your targets on a schedule
Event pattern
{
"account": [
"222222222222"
]
}](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/AWS-Certified-DevOps-Engineer-Professional/answer/imgfMvuPIyBoJoFyG0VgScIQOyiUfu20lkOyVLAiOm_Az9eR8O9o0TuaO2HmPJp4InU3o8OFazH39VoaPuAhWS-DRcVxHOr4fzzfPZ5HZwbFTyrCISS4PxWOx2Ej0kIGXD_sFhr-R5w)
To set up a rule in Amazon EventBridge to receive and match events only from a specific AWS account B (222222222222), we can follow the below steps:
- Go to the AWS Management Console and navigate to the EventBridge service.
- In the left navigation pane, click on "Rules" and then click on "Create rule".
- In the "Create rule" page, enter a name and description for the rule.
- Under "Define pattern", select the "Custom pattern" option.
- In the "Event pattern" section, we can create a pattern to match events from the specific AWS account B. We can add the following to match the events that are sent by AWS account B: { "account": [ "222222222222" ], ... }
The "account" field is part of the event's JSON structure, and the value should be the AWS account ID that we want to match. By adding this filter, the rule will only match events that originate from AWS account B.
Under "Select event bus", choose the custom event bus that is used by AWS account A. If AWS account A is using the default event bus, we can select "Default event bus".
Under "Select targets", we can configure one or more targets for the rule. For example, we can configure a Lambda function as the target and filter the events based on the JSON-formatted input in the Lambda function.
Click on "Create" to create the rule.
After creating the rule, it will be enabled automatically and start matching events from the specified AWS account B. We can also edit the rule later to modify the pattern or targets.
Therefore, the correct answer is A: Edit the event pattern in the new rule and add the following to match the events that are sent by AWS account B: { "account": [ "222222222222" ], ... }