feat(scheduler-targets): add support for universal target

packages/@aws-cdk/aws-scheduler-targets-alpha/README.md

@@ -34,6 +34,7 @@ The following targets are supported:
 9. `targets.KinesisDataFirehosePutRecord`: [Put a record to a Kinesis Data Firehose](#put-a-record-to-a-kinesis-data-firehose)
 10. `targets.CodePipelineStartPipelineExecution`: [Start a CodePipeline execution](#start-a-codepipeline-execution)
 11. `targets.SageMakerStartPipelineExecution`: [Start a SageMaker pipeline execution](#start-a-sagemaker-pipeline-execution)
+12. `targets.AwsApi`: [Invoke a wider set of AWS API](#invoke-a-wider-set-of-aws-api)
 
 ## Invoke a Lambda function
 
@@ -312,3 +313,42 @@ new Schedule(this, 'Schedule', {
   }),
 });
 ```
+
+## Invoke a wider set of AWS API
+
+Use the `AwsApi` target to invoke AWS API.
+
+The code snippet below creates an event rule with AWS API as the target which is
+called at midnight every day by EventBridge Scheduler.
+
+```ts
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.cron({
+    minute: '0',
+    hour: '0',
+  }),
+  target: new targets.AwsApi({
+    service: 'rds',
+    action: 'stopDBCluster',
+    input: ScheduleTargetInput.fromObject({
+      DbClusterIdentifier: 'my-db',
+    }),
+  }),
+});
+```
+
+The `service` is must be in lower case and the `action` is must be in camelCase.
+
+You can also set any Action and Resource in the EventBridge Scheduler's IAM Policy by specifying `iamAction` and `iamResources`.
+
+```ts
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.rate(Duration.minutes(60)),
+  target: new targets.AwsApi({
+    service: 'lambda',
+    action: 'invoke',
+    iamAction: 'lambda:InvokeFunction',
+    iamResources: ['arn:aws:lambda:us-east-1:111111111111:function:my-function'],
+  }),
+});
+```

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/aws-api.ts

@@ -0,0 +1,111 @@
+import { IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
+import { Aws, Token } from 'aws-cdk-lib';
+import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { awsSdkToIamAction } from 'aws-cdk-lib/custom-resources/lib/helpers-internal';
+import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
+
+/**
+ * AWS read-only API action name prefixes that are not supported by EventBridge Scheduler.
+ *
+ * @see https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html
+ */
+const NOT_SUPPORTED_ACTION_PREFIX = [
+  'get',
+  'describe',
+  'list',
+  'poll',
+  'receive',
+  'search',
+  'scan',
+  'query',
+  'select',
+  'read',
+  'lookup',
+  'discover',
+  'validate',
+  'batchGet',
+  'batchDescribe',
+  'batchRead',
+  'transactGet',
+  'adminGet',
+  'adminList',
+  'testMigration',
+  'retrieve',
+  'testConnection',
+  'translateDocument',
+  'isAuthorized',
+  'invokeModel',
+];
+
+/**
+ * Properties for a AWS API Target
+ */
+export interface AwsApiProps extends ScheduleTargetBaseProps {
+  /**
+   * The AWS service to call.
+   *
+   * This must be in lowercase.
+   */
+  readonly service: string;
+
+  /**
+   * The API action to call.
+   *
+   * You cannot use read-only API actions such as common GET operations.
+   * For more information, see the {@link https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html}.
+   *
+   * ALso, This must be in camelCase.
+   */
+  readonly action: string;
+
+  /**
+   * The resource ARNs for the IAM statement that will be added to
+   * the execution role's policy to allow the scheduler to make the API call.
+   *
+   * @default - ['*']
+   */
+  readonly iamResources?: string[];
+
+  /**
+   * The action for the IAM statement that will be added to
+   * the execution role's policy to allow the scheduler to make the API call.
+   *
+   * Use in the case where the IAM action name does not match with the
+   * API service/action name, e.g. `s3:listObjectV2` requires `s3:ListBucket`.
+   *
+   * @default - service:action
+   */
+  readonly iamAction?: string;
+}
+
+/**
+ * Send an event to an AWS EventBridge by AWS EventBridge Scheduler.
+ */
+export class AwsApi extends ScheduleTargetBase implements IScheduleTarget {
+  constructor(
+    private readonly props: AwsApiProps,
+  ) {
+    const service = props.service;
+    const action = props.action;
+
+    if (!Token.isUnresolved(service) && service !== service.toLowerCase()) {
+      throw new Error(`API service must be lowercase, got: ${service}`);
+    }
+    if (!Token.isUnresolved(action) && !action.startsWith(action[0]?.toLowerCase())) {
+      throw new Error(`API action must be camelCase, got: ${action}`);
+    }
+    if (!Token.isUnresolved(action) && NOT_SUPPORTED_ACTION_PREFIX.some(prefix => action.startsWith(prefix))) {
+      throw new Error(`Read-only API action is not supported by EventBridge Scheduler: ${service}:${action}`);
+    }
+
+    const arn = `arn:${Aws.PARTITION}:scheduler:::aws-sdk:${service}:${action}`;
+    super(props, arn);
+  }
+
+  protected addTargetActionToRole(role: IRole): void {
+    role.addToPrincipalPolicy(new PolicyStatement({
+      actions: [this.props.iamAction ?? awsSdkToIamAction(this.props.service, this.props.action)],
+      resources: this.props.iamResources ?? ['*'],
+    }));
+  }
+}

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts

@@ -10,3 +10,4 @@ export * from './sns-publish';
 export * from './sqs-send-message';
 export * from './stepfunctions-start-execution';
 export * from './target';
+export * from './aws-api';