Question #646
A company is using an Amazon API Gateway REST API endpoint as a webhook to publish events from an on-premises monitoring system to Amazon EventBridge in a central AWS account. The company needs these events to be processed simultaneously in multiple receiver AWS accounts without modifying the monitoring system's configuration.
How can a developer meet these requirements?
Convert the API Gateway type to HTTP API and configure an Amazon SNS topic to distribute events to the receiver accounts.
Deploy the API Gateway REST API in each receiver account and update the monitoring system's webhook to send events to all API endpoints.
Grant the central account's EventBridge permission to send events to the receiver accounts' event buses and configure the EventBridge rule to target these buses.
Create an SQS queue in each receiver account, subscribe them to an SNS topic in the central account, and modify the EventBridge rule to publish to the SNS topic.
Explanation
Option C is correct because Amazon EventBridge supports cross-account event routing. By granting the central account's EventBridge permission to send events to the receiver accounts' event buses (via resource-based policies) and configuring the EventBridge rule to target these buses, events are automatically distributed to all receiver accounts. This approach avoids changes to the monitoring system (unlike Option A) and leverages EventBridge's native capabilities without introducing additional services like SNS/SQS (Options B/D).
Key Points:
1. EventBridge allows cross-account event delivery via resource policies.
2. Rules in the central account can target event buses in other accounts.
3. No changes to the existing API Gateway/webhook setup are required.
Why other options fail:
- A: Requires modifying the monitoring system's webhook configuration.
- B: Unnecessary API Gateway type change and introduces SNS.
- D: Adds complexity with SNS/SQS instead of using EventBridge's built-in cross-account features.
Answer
The correct answer is: C