Cross-region and cross-project event routing with Eventarc and Pub/Sub
Mete Atamel
Cloud Developer Advocate
With event-driven architectures, it’s quite common to read events from a source in one region or project and route them to a destination in another region or another project. Let’s take a look at how you can implement cross-region and cross-project event routing in Google Cloud.
Cross-region event routing is straightforward in Google Cloud, whether you’re using Pub/Sub directly or Eventarc. Pub/Sub routes messages globally. When applications hosted in any region publish messages to a topic, subscribers from any region can pull from that topic. Eventarc enables you to route events across regions by creating a trigger in the region of the event’s source and specifying a destination in a different region. For more details, take a look at my previous blog post on Eventarc locations.
Cross-project event routing is also a non-issue in Pub/Sub. You can create a topic in one project and publish to that topic from another project. With Eventarc, on the other hand, you can only route events in a single project. However, it's possible to deliver events across projects in Eventarc by using Pub/Sub as the cross-project transport and Eventarc as the in-project transport.
To recap, Eventarc has three trigger types: Pub/Sub triggers, Cloud Storage triggers, and Cloud Audit Logs triggers to route corresponding events to Cloud Run. Let's look at how to route each event type across two projects with Eventarc.
Pub/Sub
To route Pub/Sub messages across projects with Eventarc, you need to set up the Pub/Sub topic in the destination project and connect that topic to a Cloud Run service with a Pub/Sub trigger. Then, external services or users in a source project can publish to that topic directly.
In this approach, Pub/Sub is used for cross-project transport and Eventarc is used for in-project transport.
Cloud Storage
Building on the same idea, you can route Cloud Storage events across projects with Pub/Sub in the middle. As before, you create a Pub/Sub topic and connect to a Cloud Run service with Eventarc in the destination project. Then, use the Pub/Sub notifications for Cloud Storage feature to set up object notifications from the bucket in the source project to the Pub/Sub topic in the destination project:
gsutil notification create -t projects/$PROJECT2/topics/$TOPIC -f json gs://$BUCKET
The setup is similar to the preceding example with Pub/Sub being used for cross-project transport.
Cloud Audit Logs
Cloud Audit Logs enables you to access 100+ services as event sources in Eventarc. With the logging sinks feature, you can route Audit Logs entries to a Pub/Sub topic in another project. In this setup, you still have a Pub/Sub topic in the destination project and configure the type of log entries to send to that topic from the source project.
For example, say you want to route new Compute Engine VM creation events that have log entries in the following format:
You can create a logging sink to capture those log entries and route them to the Pub/Sub topic in your destination project:
Conclusion
Cross-region event routing is simple due to Google Cloud’s inherently global network. Cross-project event routing is also straightforward due to Pub/Sub’s global nature. While Eventarc does not provide cross-project event routing out of the box, you can take advantage of Pub/Sub as the cross-project transport medium.
Check out our cross-project eventing tutorial on GitHub for more setup details and feel free to reach out to me on Twitter @meteatamel for any questions or feedback.