Can an AWS EventBridge Rule target a Kinesis Firehose Delivery Stream in another account?

Question

Imagine that there are two AWS accounts - Account-A and Account-B. Account-A has an EventBridge Event Bus and Account-B has a Kinesis Data Firehose.

Is it possible for the event bus in Account-A to have a rule that targets the firehose in Account-B?

Answer 1

Firehose Stream can now be a target of an EventBus rule.

Answer 2

At this time, no, the only type of cross-account resource you can target in an EventBridge Rule is another EventBridge bus. This is not really clearly stated anywhere I found while investigating the same question, but you can infer it from the PutTargets docs (since Event bus is the only target listed as supported in another account), or if you try it through CloudFormation you'll get an error "Only EventBus targets are allowed on cross-account PutTargets calls").

So currently they intend for you to set up another EventBridge bus in Account-B, and then attach a rule on it to target your firehose. Since there's no charge to receive events (the sender pays), this seems perfectly reasonable.

This could all change of course as AWS routinely enhances their services.

There's a nice diagram of this sort of cross-account event forwarding on Simplifying cross-account access with Amazon EventBridge resource policies: