feat(scheduler-targets): add support for universal target #32341
Conversation
github-actions
bot
added
effort/small
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #32341 +/- ##
=======================================
Coverage 80.64% 80.64%
=======================================
Files 107 107
Lines 6996 6996
Branches 1290 1290
=======================================
Hits 5642 5642
Misses 1175 1175
Partials 179 179
Flags with carried forward coverage won't be shown. Click here to find out more.
|
…heduler-universal-target
aws-cdk-automation
added
the
pr/needs-community-review
| /** | ||
| * Send an event to an AWS EventBridge by AWS EventBridge Scheduler. | ||
| */ | ||
| export class AwsApi extends ScheduleTargetBase implements IScheduleTarget { |
There was a problem hiding this comment.
A class name of Universal might be nice to match the RFC and userguide:
https://github.com/aws/aws-cdk-rfcs/blob/main/text/0474-event-bridge-scheduler-l2.md
Universal target automatically create an IAM role if you do not specify your own IAM role. However, in comparison with templated targets, for universal targets you must grant the required IAM permissions yourself.
const target = new targets.Universal('sqs', 'CreateQueue', { input: input });https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html
A universal target is a customizable set of parameters that allow you to invoke a wider set of API operation for many AWS services.
There was a problem hiding this comment.
I missed the RFC document.
Changed construct name to Universal.
319ae62#diff-e0a0ad08b68d00bc54d5c89f36ff0a08cb03f762ddd7768cae6ff2ea4edebcc5
| actions: [this.props.iamAction ?? awsSdkToIamAction(this.props.service, this.props.action)], | ||
| resources: this.props.iamResources ?? ['*'], |
There was a problem hiding this comment.
Are there any cases where more than one action is required?
For example: S3 put with KMS key.
There was a problem hiding this comment.
There may be cases where conditions are also needed...?
There was a problem hiding this comment.
We can also pass an array of PolicyStatement to props.
There was a problem hiding this comment.
Yes, that could be the case.
Added an array of PolicyStatemants to the props.
universal.tsREADMEuniversal.test.ts- https://github.com/aws/aws-cdk/pull/32341/files#diff-c31e42f8a40d12362ce178dd94c954bfaecf687a64895b50dbdf4ca97b126690R604
- The IAM Policy granted to the Role of the Scheduler when policyStatements are not specified is covered by other test cases
- https://github.com/aws/aws-cdk/pull/32341/files#diff-c31e42f8a40d12362ce178dd94c954bfaecf687a64895b50dbdf4ca97b126690R604
| * You cannot use read-only API actions such as common GET operations. | ||
| * For more information, see the {@link https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html}. | ||
| * | ||
| * ALso, This must be in camelCase. |
There was a problem hiding this comment.
| * ALso, This must be in camelCase. | |
| * Also, This must be in camelCase. |
| }); | ||
| ``` | ||
|
|
||
| The `service` is must be in lower case and the `action` is must be in camelCase. |
There was a problem hiding this comment.
| The `service` is must be in lower case and the `action` is must be in camelCase. | |
| The `service` must be in lower case and the `action` is must be in camelCase. |
There was a problem hiding this comment.
My bad, fixed.
209f6ea
aws-cdk-automation
removed
the
pr/needs-community-review
…heduler-universal-target
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
@go-to-k |
Issue # (if applicable)
Closes #32328
Reason for this change
EventBridge Scheduler has a mechanism called Universal Target that calls a wide range of AWS APIs.
Supporting this mechanism in L2 Construct will make it easier to configure EventBridge Scheduler.
https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html
Description of changes
Added AwsAPI constructs targeting AWS APIs.
Users can execute any AWS API by passing service and action to Props.
According to the following documentation, the service must be lowercase, and the action must be camelCase, so that you can validate it.
arn:aws:scheduler:::aws-sdk:service:apiActionhttps://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html#:~:text=schedule%20to%20target.-,Arn,-%E2%80%93%20The%20complete%20service
Description of how you validated changes
Added unit tests and integration tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license