Retail Bus Service (RBS)

Status: implemented (owner-only event subscriptions to customer SQS queues).

Purpose

Provide a secure, owner-controlled event delivery plane for orgs that want targeted updates pushed to their own queues.

Owners register interest in event types with filters (service/action/channel/facility).
Events are delivered to customer-managed SQS queues.
Verification ensures queue ownership before activation.

RBS does not own domain records. It delivers events emitted by domain systems.
Subscription records are the system of record for delivery configuration and status.
Delivery failures are tracked independently from upstream events.

Subscription register: create a subscription with filters and queue credentials; queue verification is required.
Queue verification: owner receives a verification token on the queue and activates the subscription.
Status control: pause, resume, or revoke subscriptions.
Test delivery: send a test payload to confirm connectivity.
Delivery retry: failed deliveries are retried with backoff and capped attempts.

Request context is required for all write operations (owner-only).
Subscriptions store filter scopes and queue metadata; secrets are encrypted.
Delivery auth defaults to assume-role with external ID; static access keys are supported.
Queue ownership is verified via SQS attribute checks and a verification token.
Delivered payloads include the original event envelope plus delivery metadata.
Usage telemetry is emitted per subscription activity and delivery for org/cost attribution.