Profile Applicability:

  • Level 2

Description:
Amazon EventBridge provides a globally distributed event bus service that enables applications to respond to events in real time. For scenarios where you want to replicate events across AWS regions, EventBridge global endpoints provide a highly available event bus that allows you to ingest events in one AWS region and replicate those events to other regions. This is particularly useful for multi-region applications and disaster recovery scenarios.

Event replication allows you to send events from one EventBridge event bus to another across regions, ensuring that events are available and can be processed in multiple regions. It is important to ensure that event replication is enabled for EventBridge global endpoints to allow events to be replicated efficiently and consistently.

Rationale:
 Enabling event replication for EventBridge global endpoints provides the following benefits:

  • Disaster recovery: Ensures that events are replicated to multiple regions, increasing the reliability and availability of event-driven applications.

  • High availability: By replicating events across multiple regions, you increase the fault tolerance and reduce the risk of event loss.

  • Global consistency: Allows your event-driven systems to be consistent and up-to-date across different AWS regions.

Impact:
 Pros:

  • Improved reliability: Ensures that events are available across regions, improving the overall system reliability.

  • Disaster recovery: Replicated events can be used to recover from regional failures or outages.

  • Enhanced availability: Event-driven applications can process events in any region where the event bus is replicated.

Cons:

  • Cost: Replicating events across regions incurs additional data transfer costs.

  • Latency: There might be some latency introduced in the event replication process depending on the geographical distance between regions.

  • Operational complexity: Requires careful management of event buses, permissions, and replication settings to ensure that event replication is functioning as expected.

Default Value:
 By default, event replication is not enabled for EventBridge global endpoints. You need to configure replication settings to ensure events are replicated across regions.

Pre-requisites:

  • AWS IAM permissions to manage EventBridge global endpoints:

    • events:DescribeEventBus

    • events:CreateEventBus

    • events:PutEvents

  • Understanding of the regions that should participate in event replication.

Remediation:

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon EventBridge under Services.

  3. Select Event Buses from the navigation pane.

  4. Find and select the global endpoint you want to verify.

  5. In the Event Bus Settings, check if event replication is enabled.

  6. If event replication is not enabled, you will need to configure the replication settings by selecting the regions to replicate events to.

  7. Save the configuration and verify that replication is set up correctly.

Using AWS CLI:

  1. List the event buses to check if event replication is configured:

    aws events describe-event-bus --name <EVENT_BUS_NAME> --region <REGION>

  2. If event replication is not enabled, enable it by configuring replication settings:

    aws events put-event-bus --name <EVENT_BUS_NAME> --region <REGION> --replication <REP_STATUS>

  3. Verify if event replication has been enabled:

    aws events describe-event-bus --name <EVENT_BUS_NAME> --region <REGION>

Implementation Plan:

Using AWS Console:

  1. Open the AWS Management Console and navigate to Amazon EventBridge.

  2. Select the global endpoint event bus for which you want to check the replication settings.

  3. Verify if event replication is enabled in the Event Bus Settings section.

  4. If replication is not enabled, modify the settings to enable replication to the desired regions.

  5. Save the configuration and confirm that replication is enabled.

Using AWS CLI:

  1. To enable event replication for a global endpoint, run the following command:

    aws events put-event-bus --name <EVENT_BUS_NAME> --region <REGION> --replication enabled

  2. Verify the updated settings:

    aws events describe-event-bus --name <EVENT_BUS_NAME> --region <REGION>

Backout Plan:

Using AWS Console:

  1. If enabling event replication causes issues, sign in to the AWS Management Console.

  2. Navigate to EventBridge, select the event bus, and go to Event Bus Settings.

  3. Disable event replication by modifying the replication settings.

  4. Save the changes and verify that replication is no longer active.

Using AWS CLI:

  1. To disable event replication, use the following command:

    aws events put-event-bus --name <EVENT_BUS_NAME> --region <REGION> --replication disabled

  2. Verify that event replication is disabled:

    aws events describe-event-bus --name <EVENT_BUS_NAME> --region <REGION>

Reference:

CIS Controls:

Version

Control ID

Control Description

7.1

3.1

Ensure EventBridge global endpoints have event replication enabled to ensure high availability and disaster recovery across regions.

7.1

8.1

Enable event replication for EventBridge event buses to improve reliability and data consistency across multiple AWS regions.