24. @jimmydahlqvist
Our Design
◦ Twist on the Single account -
multiple buses pattern
◦ Multiple Buses
▫ Use case oriented
◦ We run in a single account
Talk about 2 types of patterns, centralized and de-centralized (Single / Mulyi Bus)
Single and Multi Account
All the patterns allow us to decouple the publisher from the subscriber. The service that publish doesn’t really need to know who is listening in the other end.
Look at centralized advantnages and disadvantages
Advantagesallow you to manage all routiing, security and polciies in one place, single deployment)
All routing centralized, concentrating all communication to a single event bus (
Enables central management of resources
Allows you to easy integrate applications with few changes.
Disadvantages
As number of intregrations grow so does the complexity and resource utlilization. Can become a Single point of failure.
All routing is centralized….
Prevents autonomy
Single point of failure
Caresteristics……
In all of our patterns we have three services…….
Events flow though a central bus.
Handle by an infrastructure team (or similar)
Easy to manage, easy to get started and easy to integrate new services.
But as said before, when ## of integrations grow so does the complexity.
Can hinder autonomy since there is a central managed resource, probably managed by infra team.
Caresteristics……
Not a big fan of this.
This is a pattern that I’m not that big of fan of.
It doesn’t look that differente from the Single account? So what is wrong with it?
Well it doesn’t work like this…..
We can’t call targets, like lambda, in a different account. That is not possible.
We can only target an EB in a different account.
We must therefor have an EB in each account that is the target for the central bus and then have rules on each bus in each account-
This quickly can become a mess and all the advantages from a Single Account Single Bus is according to me gone!
In a decentralized approach routing is spread across multiple event buses and the publisher often becomes the logical owner of that bus.
The service owns the mechanism to distribute the events.
Even if more buses are more work from a operational approach it enables autonomy and doesn’t become a single point of failure
On the other hand, designing distributed systems, managing all resources, can become a huge challenge if not done properly from the start. Applying this as an afterthought is almost impossible.
So the time to get started might be longer, integration of new services and applications require more change and take more time.
Caresteristics……
Now each service own its own bus and publishes to that.
Interested services can now subscribe for events in each service that they are interested in.
Since we are in single account we can target resources in each service, cross service boundries. No need for extra busses,
One thing that can become a problem is thar since there is no central bus, each service need to know about other services buses. This can quickly become a complex integration and onboarding new services can take time.
Imagine in a system with10, 20, 100 services that you are interested in events from
A different approach to the pattern would be to have multiple central buses and separate on data flows instead of services.
This is a pattern we have adopted or invented. It come with pros and cons, but let’s talk about that later…..
Caresteristics……
Highly autonomus
Distributed systems always comes with challenges. More complex to onboard new services etc.
Resource policy support all API Actions, except for PutPermissions. That would be really bad…
Easy to reference and call PutRule, PutEvent, etc in a different account
Support for tags and organisations in Resource Policy, using ABAC attribute based access control)
Back with very clear boundries and separation of duty.
Even if this would introduce more complexity with cross account access, than the Single Account multi bus I still like it more.
We get a very nice separation with account boundries.
Due to the need for cross account resource policies I think that handling multi busses can be come easier as it forces teams to talk to each others.
And running large services, consisting of several micro services, in different accounts are a good idea.
That is a great question!
I would say there is no easy answer, it’s a classic “It depends”
You need to look at your service structure, data flows, do have an infra team.
You need to logically start breaking down your architecture to find the pattern that best fits your use case.
I normally recommend that you create subscriptions, so each service that is interested in an event creates its own rule,
One Rule One target.
Yes there is support for 5 targets
That would create coupling on filter and not event!
NOOOOOOOO!!!!
Neveer ever use the default bus. Leave that for AWS owned events!
It become very messy very quickliy! My recommendation is to ALWAYS use custom buses!
Real world use case! With our Client AssaAbloy.
Connecting doors to the cloud…. Big ass doors….
Data from doors are events….. Open, close,….
Perfect match for EventBridge….
We live in a single account
We use multiple busses
Twist of SA-MB patter
Each bus has a clear purpose
Separate Ingress / Egress data do create separation of business logic
Internal service communication
We wanted a centralized approach
Wanted to separate data and duty….
Becomes very clear what flow where and who can / shell subscribe to what bus.
This is a simplified image……
Thank you!
You can follow me on twitter or connect on linked in.