Seeking Guidance on Automating Event Source Association with AWS EventBridge

Seeking Guidance on Automating Event Source Association with AWS EventBridge

will_kasel
Shopify Partner
3 1 2

Hello Shopify Developer Community,

I am in the process of enhancing our Shopify application's infrastructure to automate as much of the setup as possible, particularly focusing on the integration with Amazon EventBridge. We are looking to replicate a setup similar to what we have successfully implemented with Rudderstack, where we programmatically associated an AWS IAM role with Rudderstack's AWS account, allowing them to securely put events into our EventBridge bus without manual intervention.

Here's an excerpt from our infrastructure code where we set this up for Rudderstack:

 
import { StackContext, EventBus, Queue, Function, Role, AccountPrincipal, PolicyStatement } from "sst/constructs";

const RUDDERSTACK_ACCOUNT_ID = "422074288268"; // Rudderstack provides this for integration.
const RUDDERSTACK_EXTERNAL_ID = "XXXXXXXXX";

export function EventStreamStack({ stack }: StackContext) {
  // Setup for EventBridge, Queue, and Lambda Functions omitted for brevity

  // Create an IAM role for RudderStack with specific permissions
  const rudderStackRole = new Role(stack, "RudderStackRole", {
    assumedBy: new AccountPrincipal(RUDDERSTACK_ACCOUNT_ID),
    externalIds: [RUDDERSTACK_EXTERNAL_ID],
    description: "Allows RudderStack to put events to the EventBridge",
  });

  rudderStackRole.addToPolicy(new PolicyStatement({
    actions: ["events:PutEvents"],
    resources: [bus.eventBusArn],
  }));

}

In this setup, we create an IAM role that Rudderstack assumes to publish events to our EventBridge. This approach has streamlined our event ingestion process significantly.

We are now looking to achieve a similar level of automation with Shopify, ideally avoiding the need to manually configure the event source in the Shopify admin and associate it with our AWS EventBridge bus. From what I understand, this might require knowing Shopify's AWS account ID to grant permission to an IAM role, similar to our Rudderstack integration.

Here are my questions:

  1. Is it possible to automate the association of a Shopify partner event source with an AWS EventBridge event bus in a manner similar to our Rudderstack setup? If so, could you guide us on the necessary steps or provide documentation on this process?
  2. Specifically, would Shopify be able to provide an AWS account ID for setting up a trust relationship, or is there an alternative approach that Shopify recommends for this type of automation?
  3. If full automation isn't feasible, are there any best practices or partial automation strategies that Shopify recommends to streamline the setup process for devs?

Any insights or guidance on this matter would be greatly appreciated.


Thank you in advance for your support and advice.

 

Reply 1 (1)

pradeeps
Visitor
1 0 0

Hi @will_kasel , were you able to figure out solution to the issue?

For RudderStack related questions, you can ask questions in RudderStack slack community