feat(scheduler-targets-alpha): KinesisDataFirehosePutRecord Target (#…

…27842) This PR adds KinesisDataFirehosePutRecord as a target for an EventBridge scheduler. Closes #27450. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Dec 5, 2023 · 46f3a00 · 46f3a00
1 parent 24cbb51
commit 46f3a00
Show file tree

Hide file tree

Showing 14 changed files with 36,292 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md b/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md
@@ -32,6 +32,7 @@ The following targets are supported:
 6. `targets.EventBridgePutEvents`: [Put Events on EventBridge](#send-events-to-an-eventbridge-event-bus)
 7. `targets.InspectorStartAssessmentRun`: [Start an Amazon Inspector assessment run](#start-an-amazon-inspector-assessment-run)
 8. `targets.KinesisStreamPutRecord`: [Put a record to an Amazon Kinesis Data Streams](#put-a-record-to-an-amazon-kinesis-data-streams)
+9. `targets.KinesisDataFirehosePutRecord`: [Put a record to a Kinesis Data Firehose](#put-a-record-to-a-kinesis-data-firehose)
 
 ## Invoke a Lambda function
 
@@ -246,3 +247,26 @@ new Schedule(this, 'Schedule', {
   }),
 });
 ```
+
+## Put a record to a Kinesis Data Firehose
+
+Use the `KinesisDataFirehosePutRecord` target to put a record to a Kinesis Data Firehose delivery stream.
+
+The code snippet below creates an event rule with a delivery stream as a target
+called every hour by Event Bridge Scheduler with a custom payload.
+
+```ts
+import * as firehose from 'aws-cdk-lib/aws-kinesisfirehose';
+declare const deliveryStream: firehose.CfnDeliveryStream;
+
+const payload = {
+  Data: "record",
+};
+
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.rate(Duration.minutes(60)),
+  target: new targets.KinesisDataFirehosePutRecord(deliveryStream, {
+    input: ScheduleTargetInput.fromObject(payload),
+  }),
+});
+```
diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts
@@ -1,6 +1,7 @@
 export * from './codebuild-start-build';
 export * from './event-bridge-put-events';
 export * from './inspector-start-assessment-run';
+export * from './kinesis-data-firehose-put-record';
 export * from './kinesis-stream-put-record';
 export * from './lambda-invoke';
 export * from './sns-publish';

diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/kinesis-data-firehose-put-record.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/kinesis-data-firehose-put-record.ts
@@ -0,0 +1,37 @@
+import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
+import { Names } from 'aws-cdk-lib';
+import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { CfnDeliveryStream } from 'aws-cdk-lib/aws-kinesisfirehose';
+import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
+import { sameEnvDimension } from './util';
+
+/**
+ * Use an Amazon Kinesis Data Firehose as a target for AWS EventBridge Scheduler.
+ */
+export class KinesisDataFirehosePutRecord extends ScheduleTargetBase implements IScheduleTarget {
+  constructor(
+    private readonly deliveryStream: CfnDeliveryStream,
+    private readonly props: ScheduleTargetBaseProps = {},
+  ) {
+    super(props, deliveryStream.attrArn);
+  }
+
+  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
+    if (!sameEnvDimension(this.deliveryStream.stack.region, schedule.env.region)) {
+      throw new Error(`Cannot assign the Firehose delivery stream in region ${this.deliveryStream.stack.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the Firehose delivery stream must be in the same region.`);
+    }
+
+    if (!sameEnvDimension(this.deliveryStream.stack.account, schedule.env.account)) {
+      throw new Error(`Cannot assign the Firehose delivery stream in account ${this.deliveryStream.stack.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the Firehose delivery stream must be in the same account.`);
+    }
+
+    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.deliveryStream.stack.account)) {
+      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.deliveryStream.node)} in account ${this.deliveryStream.stack.account}. Both the target and the execution role must be in the same account.`);
+    }
+
+    role.addToPrincipalPolicy(new PolicyStatement({
+      actions: ['firehose:PutRecord'],
+      resources: [this.deliveryStream.attrArn],
+    }));
+  }
+}