Skip to content

Commit fadbfc1

Browse files
sennyeyasennyeya
authoredOct 29, 2022
fix(aws-events): restrict eventbus statementId to 64 characters (#22296)
Fixes #22120, #21808. Current setup does not allow deployment of the EventBus support stack due to StatementId being larger than 64 characters. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
·
v2.188.0v2.50.0
1 parent e06d2e6 commit fadbfc1

16 files changed

+1790
-3
lines changed
 

‎packages/@aws-cdk/aws-events/lib/rule.ts

+4-1
Original file line numberDiff line numberDiff line change
@@ -368,9 +368,12 @@ export class Rule extends Resource implements IRule {
368368
// Leaving it in for backwards compatibility.
369369
stackName: `${targetStack.stackName}-EventBusPolicy-support-${targetRegion}-${sourceAccount}`,
370370
});
371+
const statementPrefix = `Allow-account-${sourceAccount}-`;
371372
new CfnEventBusPolicy(eventBusPolicyStack, 'GivePermToOtherAccount', {
372373
action: 'events:PutEvents',
373-
statementId: `Allow-account-${sourceAccount}-${this.node.addr}`,
374+
statementId: statementPrefix + Names.uniqueResourceName(this, {
375+
maxLength: 64 - statementPrefix.length,
376+
}),
374377
principal: sourceAccount,
375378
});
376379
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/CrossAccountDeployDefaultTestDeployAssertB5328BEF.assets.json

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
{
2+
"version": "21.0.0",
3+
"files": {
4+
"2a53dc40a7dae81c8850e125ab49e5f55d80b7b8ceac86976f2a4119393cab72": {
5+
"source": {
6+
"path": "asset.2a53dc40a7dae81c8850e125ab49e5f55d80b7b8ceac86976f2a4119393cab72.bundle",
7+
"packaging": "zip"
8+
},
9+
"destinations": {
10+
"current_account-current_region": {
11+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12+
"objectKey": "2a53dc40a7dae81c8850e125ab49e5f55d80b7b8ceac86976f2a4119393cab72.zip",
13+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14+
}
15+
}
16+
},
17+
"06c797cad62334a220096d2292d9e1028ba01ed3582f081c5ddee52bc7e0c494": {
18+
"source": {
19+
"path": "CrossAccountDeployDefaultTestDeployAssertB5328BEF.template.json",
20+
"packaging": "file"
21+
},
22+
"destinations": {
23+
"current_account-current_region": {
24+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
25+
"objectKey": "06c797cad62334a220096d2292d9e1028ba01ed3582f081c5ddee52bc7e0c494.json",
26+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
27+
}
28+
}
29+
}
30+
},
31+
"dockerImages": {}
32+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/CrossAccountDeployDefaultTestDeployAssertB5328BEF.template.json

+156
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,156 @@
1+
{
2+
"Resources": {
3+
"AwsApiCallEventBridgedescribeEventBus": {
4+
"Type": "Custom::DeployAssert@SdkCallEventBridgedescribeEventBus",
5+
"Properties": {
6+
"ServiceToken": {
7+
"Fn::GetAtt": [
8+
"SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F",
9+
"Arn"
10+
]
11+
},
12+
"service": "EventBridge",
13+
"api": "describeEventBus",
14+
"flattenResponse": "true",
15+
"salt": "1666817700798"
16+
},
17+
"UpdateReplacePolicy": "Delete",
18+
"DeletionPolicy": "Delete"
19+
},
20+
"AwsApiCallEventBridgedescribeEventBusAssertEqualsEventBridgedescribeEventBusB063C036": {
21+
"Type": "Custom::DeployAssert@AssertEquals",
22+
"Properties": {
23+
"ServiceToken": {
24+
"Fn::GetAtt": [
25+
"SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F",
26+
"Arn"
27+
]
28+
},
29+
"actual": {
30+
"Fn::GetAtt": [
31+
"AwsApiCallEventBridgedescribeEventBus",
32+
"apiCallResponse.Policy"
33+
]
34+
},
35+
"expected": "{\"$ObjectLike\":{\"Statement\":{\"$ArrayWith\":[{\"$ObjectLike\":{\"Sid\":{\"$StringLike\":\"Allow-account-987654321\"},\"Principal\":{\"AWS\":\"arn:aws:iam::987654321:root\"},\"Resource\":{\"$StringLike\":\"arn:aws:events:us-east-1:12345678\"}}}]}}}",
36+
"salt": "1666817700798"
37+
},
38+
"UpdateReplacePolicy": "Delete",
39+
"DeletionPolicy": "Delete"
40+
},
41+
"SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73": {
42+
"Type": "AWS::IAM::Role",
43+
"Properties": {
44+
"AssumeRolePolicyDocument": {
45+
"Version": "2012-10-17",
46+
"Statement": [
47+
{
48+
"Action": "sts:AssumeRole",
49+
"Effect": "Allow",
50+
"Principal": {
51+
"Service": "lambda.amazonaws.com"
52+
}
53+
}
54+
]
55+
},
56+
"ManagedPolicyArns": [
57+
{
58+
"Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
59+
}
60+
],
61+
"Policies": [
62+
{
63+
"PolicyName": "Inline",
64+
"PolicyDocument": {
65+
"Version": "2012-10-17",
66+
"Statement": [
67+
{
68+
"Action": [
69+
"eventbridge:DescribeEventBus"
70+
],
71+
"Effect": "Allow",
72+
"Resource": [
73+
"*"
74+
]
75+
},
76+
{
77+
"Action": [
78+
"events:DescribeEventBus"
79+
],
80+
"Effect": "Allow",
81+
"Resource": [
82+
"*"
83+
]
84+
}
85+
]
86+
}
87+
}
88+
]
89+
}
90+
},
91+
"SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F": {
92+
"Type": "AWS::Lambda::Function",
93+
"Properties": {
94+
"Runtime": "nodejs14.x",
95+
"Code": {
96+
"S3Bucket": {
97+
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
98+
},
99+
"S3Key": "2a53dc40a7dae81c8850e125ab49e5f55d80b7b8ceac86976f2a4119393cab72.zip"
100+
},
101+
"Timeout": 120,
102+
"Handler": "index.handler",
103+
"Role": {
104+
"Fn::GetAtt": [
105+
"SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73",
106+
"Arn"
107+
]
108+
}
109+
}
110+
}
111+
},
112+
"Outputs": {
113+
"AssertionResultsAssertEqualsEventBridgedescribeEventBusfd3cf7d971587606ecf8442a4cb30f1b": {
114+
"Value": {
115+
"Fn::GetAtt": [
116+
"AwsApiCallEventBridgedescribeEventBusAssertEqualsEventBridgedescribeEventBusB063C036",
117+
"data"
118+
]
119+
}
120+
}
121+
},
122+
"Parameters": {
123+
"BootstrapVersion": {
124+
"Type": "AWS::SSM::Parameter::Value<String>",
125+
"Default": "/cdk-bootstrap/hnb659fds/version",
126+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
127+
}
128+
},
129+
"Rules": {
130+
"CheckBootstrapVersion": {
131+
"Assertions": [
132+
{
133+
"Assert": {
134+
"Fn::Not": [
135+
{
136+
"Fn::Contains": [
137+
[
138+
"1",
139+
"2",
140+
"3",
141+
"4",
142+
"5"
143+
],
144+
{
145+
"Ref": "BootstrapVersion"
146+
}
147+
]
148+
}
149+
]
150+
},
151+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
152+
}
153+
]
154+
}
155+
}
156+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/EventBusPolicy-987654321-test-region-12345678.assets.json

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
{
2+
"version": "21.0.0",
3+
"files": {
4+
"462c696e4c93ec0e97ebd5917666e8ded21f0a81055e38f6683a27853ca79fd4": {
5+
"source": {
6+
"path": "EventBusPolicy-987654321-test-region-12345678.template.json",
7+
"packaging": "file"
8+
},
9+
"destinations": {
10+
"12345678-test-region": {
11+
"bucketName": "cdk-hnb659fds-assets-12345678-test-region",
12+
"objectKey": "462c696e4c93ec0e97ebd5917666e8ded21f0a81055e38f6683a27853ca79fd4.json",
13+
"region": "test-region",
14+
"assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region"
15+
}
16+
}
17+
}
18+
},
19+
"dockerImages": {}
20+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/EventBusPolicy-987654321-test-region-12345678.template.json

+46
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
{
2+
"Resources": {
3+
"GivePermToOtherAccount": {
4+
"Type": "AWS::Events::EventBusPolicy",
5+
"Properties": {
6+
"StatementId": "Allow-account-987654321-FromCrossAccountRuleStackMyRule68A189ED",
7+
"Action": "events:PutEvents",
8+
"Principal": "987654321"
9+
}
10+
}
11+
},
12+
"Parameters": {
13+
"BootstrapVersion": {
14+
"Type": "AWS::SSM::Parameter::Value<String>",
15+
"Default": "/cdk-bootstrap/hnb659fds/version",
16+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
17+
}
18+
},
19+
"Rules": {
20+
"CheckBootstrapVersion": {
21+
"Assertions": [
22+
{
23+
"Assert": {
24+
"Fn::Not": [
25+
{
26+
"Fn::Contains": [
27+
[
28+
"1",
29+
"2",
30+
"3",
31+
"4",
32+
"5"
33+
],
34+
{
35+
"Ref": "BootstrapVersion"
36+
}
37+
]
38+
}
39+
]
40+
},
41+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
42+
}
43+
]
44+
}
45+
}
46+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/FromCrossAccountRuleStack.assets.json

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
{
2+
"version": "21.0.0",
3+
"files": {
4+
"c6101587e135a4563e666bf1dd45e671ba4c4bc60130f3b8167502cbc174aa70": {
5+
"source": {
6+
"path": "FromCrossAccountRuleStack.template.json",
7+
"packaging": "file"
8+
},
9+
"destinations": {
10+
"987654321-test-region": {
11+
"bucketName": "cdk-hnb659fds-assets-987654321-test-region",
12+
"objectKey": "c6101587e135a4563e666bf1dd45e671ba4c4bc60130f3b8167502cbc174aa70.json",
13+
"region": "test-region",
14+
"assumeRoleArn": "arn:${AWS::Partition}:iam::987654321:role/cdk-hnb659fds-file-publishing-role-987654321-test-region"
15+
}
16+
}
17+
}
18+
},
19+
"dockerImages": {}
20+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/FromCrossAccountRuleStack.template.json

+74
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
{
2+
"Resources": {
3+
"MyRuleA44AB831": {
4+
"Type": "AWS::Events::Rule",
5+
"Properties": {
6+
"EventPattern": {
7+
"detail": {
8+
"foo": [
9+
"bar"
10+
]
11+
},
12+
"detail-type": [
13+
"cdk-integ-custom-rule"
14+
],
15+
"source": [
16+
"cdk-integ"
17+
]
18+
},
19+
"State": "ENABLED",
20+
"Targets": [
21+
{
22+
"Arn": {
23+
"Fn::Join": [
24+
"",
25+
[
26+
"arn:",
27+
{
28+
"Ref": "AWS::Partition"
29+
},
30+
":events:test-region:12345678:event-bus/default"
31+
]
32+
]
33+
},
34+
"Id": "SQS"
35+
}
36+
]
37+
}
38+
}
39+
},
40+
"Parameters": {
41+
"BootstrapVersion": {
42+
"Type": "AWS::SSM::Parameter::Value<String>",
43+
"Default": "/cdk-bootstrap/hnb659fds/version",
44+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
45+
}
46+
},
47+
"Rules": {
48+
"CheckBootstrapVersion": {
49+
"Assertions": [
50+
{
51+
"Assert": {
52+
"Fn::Not": [
53+
{
54+
"Fn::Contains": [
55+
[
56+
"1",
57+
"2",
58+
"3",
59+
"4",
60+
"5"
61+
],
62+
{
63+
"Ref": "BootstrapVersion"
64+
}
65+
]
66+
}
67+
]
68+
},
69+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
70+
}
71+
]
72+
}
73+
}
74+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/ToCrossAccountRuleStack.assets.json

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
{
2+
"version": "21.0.0",
3+
"files": {
4+
"0d750187c0e1bc77f1edfc3af57e55036907d6dfaef463a7acfdc0c42325a18c": {
5+
"source": {
6+
"path": "ToCrossAccountRuleStack.template.json",
7+
"packaging": "file"
8+
},
9+
"destinations": {
10+
"12345678-test-region": {
11+
"bucketName": "cdk-hnb659fds-assets-12345678-test-region",
12+
"objectKey": "0d750187c0e1bc77f1edfc3af57e55036907d6dfaef463a7acfdc0c42325a18c.json",
13+
"region": "test-region",
14+
"assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region"
15+
}
16+
}
17+
}
18+
},
19+
"dockerImages": {}
20+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/ToCrossAccountRuleStack.template.json

+81
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
{
2+
"Resources": {
3+
"Queue": {
4+
"Type": "AWS::SQS::Queue",
5+
"Properties": {
6+
"QueueName": "IntegTestCrossEnvRule",
7+
"ReceiveMessageWaitTimeSeconds": 20
8+
}
9+
},
10+
"FromCrossAccountRuleStackMyRule68A189EDSQS1A422535": {
11+
"Type": "AWS::Events::Rule",
12+
"Properties": {
13+
"EventPattern": {
14+
"detail": {
15+
"foo": [
16+
"bar"
17+
]
18+
},
19+
"detail-type": [
20+
"cdk-integ-custom-rule"
21+
],
22+
"source": [
23+
"cdk-integ"
24+
]
25+
},
26+
"State": "ENABLED",
27+
"Targets": [
28+
{
29+
"Arn": {
30+
"Fn::Join": [
31+
"",
32+
[
33+
"arn:",
34+
{
35+
"Ref": "AWS::Partition"
36+
},
37+
":sqs:test-region:12345678:IntegTestCrossEnvRule"
38+
]
39+
]
40+
},
41+
"Id": "SQS"
42+
}
43+
]
44+
}
45+
}
46+
},
47+
"Parameters": {
48+
"BootstrapVersion": {
49+
"Type": "AWS::SSM::Parameter::Value<String>",
50+
"Default": "/cdk-bootstrap/hnb659fds/version",
51+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
52+
}
53+
},
54+
"Rules": {
55+
"CheckBootstrapVersion": {
56+
"Assertions": [
57+
{
58+
"Assert": {
59+
"Fn::Not": [
60+
{
61+
"Fn::Contains": [
62+
[
63+
"1",
64+
"2",
65+
"3",
66+
"4",
67+
"5"
68+
],
69+
{
70+
"Ref": "BootstrapVersion"
71+
}
72+
]
73+
}
74+
]
75+
},
76+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
77+
}
78+
]
79+
}
80+
}
81+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/asset.2a53dc40a7dae81c8850e125ab49e5f55d80b7b8ceac86976f2a4119393cab72.bundle/index.js

+611
Large diffs are not rendered by default.

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/cdk.out

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
{"version":"21.0.0"}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/integ.json

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
{
2+
"version": "21.0.0",
3+
"testCases": {
4+
"CrossAccountDeploy/DefaultTest": {
5+
"stacks": [
6+
"ToCrossAccountRuleStack"
7+
],
8+
"assertionStack": "CrossAccountDeploy/DefaultTest/DeployAssert",
9+
"assertionStackName": "CrossAccountDeployDefaultTestDeployAssertB5328BEF"
10+
}
11+
}
12+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/manifest.json

+257
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,257 @@
1+
{
2+
"version": "21.0.0",
3+
"artifacts": {
4+
"Tree": {
5+
"type": "cdk:tree",
6+
"properties": {
7+
"file": "tree.json"
8+
}
9+
},
10+
"FromCrossAccountRuleStack.assets": {
11+
"type": "cdk:asset-manifest",
12+
"properties": {
13+
"file": "FromCrossAccountRuleStack.assets.json",
14+
"requiresBootstrapStackVersion": 6,
15+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
16+
}
17+
},
18+
"FromCrossAccountRuleStack": {
19+
"type": "aws:cloudformation:stack",
20+
"environment": "aws://987654321/test-region",
21+
"properties": {
22+
"templateFile": "FromCrossAccountRuleStack.template.json",
23+
"validateOnSynth": false,
24+
"assumeRoleArn": "arn:${AWS::Partition}:iam::987654321:role/cdk-hnb659fds-deploy-role-987654321-test-region",
25+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::987654321:role/cdk-hnb659fds-cfn-exec-role-987654321-test-region",
26+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-987654321-test-region/c6101587e135a4563e666bf1dd45e671ba4c4bc60130f3b8167502cbc174aa70.json",
27+
"requiresBootstrapStackVersion": 6,
28+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
29+
"additionalDependencies": [
30+
"FromCrossAccountRuleStack.assets"
31+
],
32+
"lookupRole": {
33+
"arn": "arn:${AWS::Partition}:iam::987654321:role/cdk-hnb659fds-lookup-role-987654321-test-region",
34+
"requiresBootstrapStackVersion": 8,
35+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
36+
}
37+
},
38+
"dependencies": [
39+
"EventBusPolicy-987654321-test-region-12345678",
40+
"FromCrossAccountRuleStack.assets"
41+
],
42+
"metadata": {
43+
"/FromCrossAccountRuleStack/MyRule/Resource": [
44+
{
45+
"type": "aws:cdk:logicalId",
46+
"data": "MyRuleA44AB831"
47+
}
48+
],
49+
"/FromCrossAccountRuleStack/BootstrapVersion": [
50+
{
51+
"type": "aws:cdk:logicalId",
52+
"data": "BootstrapVersion"
53+
}
54+
],
55+
"/FromCrossAccountRuleStack/CheckBootstrapVersion": [
56+
{
57+
"type": "aws:cdk:logicalId",
58+
"data": "CheckBootstrapVersion"
59+
}
60+
]
61+
},
62+
"displayName": "FromCrossAccountRuleStack"
63+
},
64+
"ToCrossAccountRuleStack.assets": {
65+
"type": "cdk:asset-manifest",
66+
"properties": {
67+
"file": "ToCrossAccountRuleStack.assets.json",
68+
"requiresBootstrapStackVersion": 6,
69+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
70+
}
71+
},
72+
"ToCrossAccountRuleStack": {
73+
"type": "aws:cloudformation:stack",
74+
"environment": "aws://12345678/test-region",
75+
"properties": {
76+
"templateFile": "ToCrossAccountRuleStack.template.json",
77+
"validateOnSynth": false,
78+
"assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region",
79+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region",
80+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-test-region/0d750187c0e1bc77f1edfc3af57e55036907d6dfaef463a7acfdc0c42325a18c.json",
81+
"requiresBootstrapStackVersion": 6,
82+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
83+
"additionalDependencies": [
84+
"ToCrossAccountRuleStack.assets"
85+
],
86+
"lookupRole": {
87+
"arn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region",
88+
"requiresBootstrapStackVersion": 8,
89+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
90+
}
91+
},
92+
"dependencies": [
93+
"FromCrossAccountRuleStack",
94+
"ToCrossAccountRuleStack.assets"
95+
],
96+
"metadata": {
97+
"/ToCrossAccountRuleStack/Queue": [
98+
{
99+
"type": "aws:cdk:logicalId",
100+
"data": "Queue"
101+
}
102+
],
103+
"/ToCrossAccountRuleStack/FromCrossAccountRuleStackMyRule68A189ED-SQS/Resource": [
104+
{
105+
"type": "aws:cdk:logicalId",
106+
"data": "FromCrossAccountRuleStackMyRule68A189EDSQS1A422535"
107+
}
108+
],
109+
"/ToCrossAccountRuleStack/BootstrapVersion": [
110+
{
111+
"type": "aws:cdk:logicalId",
112+
"data": "BootstrapVersion"
113+
}
114+
],
115+
"/ToCrossAccountRuleStack/CheckBootstrapVersion": [
116+
{
117+
"type": "aws:cdk:logicalId",
118+
"data": "CheckBootstrapVersion"
119+
}
120+
]
121+
},
122+
"displayName": "ToCrossAccountRuleStack"
123+
},
124+
"EventBusPolicy-987654321-test-region-12345678.assets": {
125+
"type": "cdk:asset-manifest",
126+
"properties": {
127+
"file": "EventBusPolicy-987654321-test-region-12345678.assets.json",
128+
"requiresBootstrapStackVersion": 6,
129+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
130+
}
131+
},
132+
"EventBusPolicy-987654321-test-region-12345678": {
133+
"type": "aws:cloudformation:stack",
134+
"environment": "aws://12345678/test-region",
135+
"properties": {
136+
"templateFile": "EventBusPolicy-987654321-test-region-12345678.template.json",
137+
"validateOnSynth": false,
138+
"assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region",
139+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-test-region",
140+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-test-region/462c696e4c93ec0e97ebd5917666e8ded21f0a81055e38f6683a27853ca79fd4.json",
141+
"requiresBootstrapStackVersion": 6,
142+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
143+
"additionalDependencies": [
144+
"EventBusPolicy-987654321-test-region-12345678.assets"
145+
],
146+
"lookupRole": {
147+
"arn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-test-region",
148+
"requiresBootstrapStackVersion": 8,
149+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
150+
},
151+
"stackName": "ToCrossAccountRuleStack-EventBusPolicy-support-test-region-987654321"
152+
},
153+
"dependencies": [
154+
"EventBusPolicy-987654321-test-region-12345678.assets"
155+
],
156+
"metadata": {
157+
"/EventBusPolicy-987654321-test-region-12345678/GivePermToOtherAccount": [
158+
{
159+
"type": "aws:cdk:logicalId",
160+
"data": "GivePermToOtherAccount"
161+
}
162+
],
163+
"/EventBusPolicy-987654321-test-region-12345678/BootstrapVersion": [
164+
{
165+
"type": "aws:cdk:logicalId",
166+
"data": "BootstrapVersion"
167+
}
168+
],
169+
"/EventBusPolicy-987654321-test-region-12345678/CheckBootstrapVersion": [
170+
{
171+
"type": "aws:cdk:logicalId",
172+
"data": "CheckBootstrapVersion"
173+
}
174+
]
175+
},
176+
"displayName": "EventBusPolicy-987654321-test-region-12345678"
177+
},
178+
"CrossAccountDeployDefaultTestDeployAssertB5328BEF.assets": {
179+
"type": "cdk:asset-manifest",
180+
"properties": {
181+
"file": "CrossAccountDeployDefaultTestDeployAssertB5328BEF.assets.json",
182+
"requiresBootstrapStackVersion": 6,
183+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
184+
}
185+
},
186+
"CrossAccountDeployDefaultTestDeployAssertB5328BEF": {
187+
"type": "aws:cloudformation:stack",
188+
"environment": "aws://unknown-account/unknown-region",
189+
"properties": {
190+
"templateFile": "CrossAccountDeployDefaultTestDeployAssertB5328BEF.template.json",
191+
"validateOnSynth": false,
192+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
193+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
194+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/06c797cad62334a220096d2292d9e1028ba01ed3582f081c5ddee52bc7e0c494.json",
195+
"requiresBootstrapStackVersion": 6,
196+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
197+
"additionalDependencies": [
198+
"CrossAccountDeployDefaultTestDeployAssertB5328BEF.assets"
199+
],
200+
"lookupRole": {
201+
"arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
202+
"requiresBootstrapStackVersion": 8,
203+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
204+
}
205+
},
206+
"dependencies": [
207+
"ToCrossAccountRuleStack",
208+
"CrossAccountDeployDefaultTestDeployAssertB5328BEF.assets"
209+
],
210+
"metadata": {
211+
"/CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/Default/Default": [
212+
{
213+
"type": "aws:cdk:logicalId",
214+
"data": "AwsApiCallEventBridgedescribeEventBus"
215+
}
216+
],
217+
"/CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus/Default/Default": [
218+
{
219+
"type": "aws:cdk:logicalId",
220+
"data": "AwsApiCallEventBridgedescribeEventBusAssertEqualsEventBridgedescribeEventBusB063C036"
221+
}
222+
],
223+
"/CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus/AssertionResults": [
224+
{
225+
"type": "aws:cdk:logicalId",
226+
"data": "AssertionResultsAssertEqualsEventBridgedescribeEventBusfd3cf7d971587606ecf8442a4cb30f1b"
227+
}
228+
],
229+
"/CrossAccountDeploy/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role": [
230+
{
231+
"type": "aws:cdk:logicalId",
232+
"data": "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73"
233+
}
234+
],
235+
"/CrossAccountDeploy/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler": [
236+
{
237+
"type": "aws:cdk:logicalId",
238+
"data": "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F"
239+
}
240+
],
241+
"/CrossAccountDeploy/DefaultTest/DeployAssert/BootstrapVersion": [
242+
{
243+
"type": "aws:cdk:logicalId",
244+
"data": "BootstrapVersion"
245+
}
246+
],
247+
"/CrossAccountDeploy/DefaultTest/DeployAssert/CheckBootstrapVersion": [
248+
{
249+
"type": "aws:cdk:logicalId",
250+
"data": "CheckBootstrapVersion"
251+
}
252+
]
253+
},
254+
"displayName": "CrossAccountDeploy/DefaultTest/DeployAssert"
255+
}
256+
}
257+
}

‎packages/@aws-cdk/aws-events/test/cross-account-rule.integ.snapshot/tree.json

+355
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,355 @@
1+
{
2+
"version": "tree-0.1",
3+
"tree": {
4+
"id": "App",
5+
"path": "",
6+
"children": {
7+
"Tree": {
8+
"id": "Tree",
9+
"path": "Tree",
10+
"constructInfo": {
11+
"fqn": "constructs.Construct",
12+
"version": "10.1.102"
13+
}
14+
},
15+
"FromCrossAccountRuleStack": {
16+
"id": "FromCrossAccountRuleStack",
17+
"path": "FromCrossAccountRuleStack",
18+
"children": {
19+
"MyRule": {
20+
"id": "MyRule",
21+
"path": "FromCrossAccountRuleStack/MyRule",
22+
"children": {
23+
"Resource": {
24+
"id": "Resource",
25+
"path": "FromCrossAccountRuleStack/MyRule/Resource",
26+
"attributes": {
27+
"aws:cdk:cloudformation:type": "AWS::Events::Rule",
28+
"aws:cdk:cloudformation:props": {
29+
"eventPattern": {
30+
"detail": {
31+
"foo": [
32+
"bar"
33+
]
34+
},
35+
"detail-type": [
36+
"cdk-integ-custom-rule"
37+
],
38+
"source": [
39+
"cdk-integ"
40+
]
41+
},
42+
"state": "ENABLED",
43+
"targets": [
44+
{
45+
"id": "SQS",
46+
"arn": {
47+
"Fn::Join": [
48+
"",
49+
[
50+
"arn:",
51+
{
52+
"Ref": "AWS::Partition"
53+
},
54+
":events:test-region:12345678:event-bus/default"
55+
]
56+
]
57+
}
58+
}
59+
]
60+
}
61+
},
62+
"constructInfo": {
63+
"fqn": "@aws-cdk/aws-events.CfnRule",
64+
"version": "0.0.0"
65+
}
66+
}
67+
},
68+
"constructInfo": {
69+
"fqn": "@aws-cdk/aws-events.Rule",
70+
"version": "0.0.0"
71+
}
72+
}
73+
},
74+
"constructInfo": {
75+
"fqn": "@aws-cdk/core.Stack",
76+
"version": "0.0.0"
77+
}
78+
},
79+
"ToCrossAccountRuleStack": {
80+
"id": "ToCrossAccountRuleStack",
81+
"path": "ToCrossAccountRuleStack",
82+
"children": {
83+
"Queue": {
84+
"id": "Queue",
85+
"path": "ToCrossAccountRuleStack/Queue",
86+
"constructInfo": {
87+
"fqn": "@aws-cdk/core.CfnResource",
88+
"version": "0.0.0"
89+
}
90+
},
91+
"FromCrossAccountRuleStackMyRule68A189ED-SQS": {
92+
"id": "FromCrossAccountRuleStackMyRule68A189ED-SQS",
93+
"path": "ToCrossAccountRuleStack/FromCrossAccountRuleStackMyRule68A189ED-SQS",
94+
"children": {
95+
"Resource": {
96+
"id": "Resource",
97+
"path": "ToCrossAccountRuleStack/FromCrossAccountRuleStackMyRule68A189ED-SQS/Resource",
98+
"attributes": {
99+
"aws:cdk:cloudformation:type": "AWS::Events::Rule",
100+
"aws:cdk:cloudformation:props": {
101+
"eventPattern": {
102+
"detail": {
103+
"foo": [
104+
"bar"
105+
]
106+
},
107+
"detail-type": [
108+
"cdk-integ-custom-rule"
109+
],
110+
"source": [
111+
"cdk-integ"
112+
]
113+
},
114+
"state": "ENABLED",
115+
"targets": [
116+
{
117+
"id": "SQS",
118+
"arn": {
119+
"Fn::Join": [
120+
"",
121+
[
122+
"arn:",
123+
{
124+
"Ref": "AWS::Partition"
125+
},
126+
":sqs:test-region:12345678:IntegTestCrossEnvRule"
127+
]
128+
]
129+
}
130+
}
131+
]
132+
}
133+
},
134+
"constructInfo": {
135+
"fqn": "@aws-cdk/aws-events.CfnRule",
136+
"version": "0.0.0"
137+
}
138+
}
139+
},
140+
"constructInfo": {
141+
"fqn": "@aws-cdk/aws-events.Rule",
142+
"version": "0.0.0"
143+
}
144+
}
145+
},
146+
"constructInfo": {
147+
"fqn": "@aws-cdk/core.Stack",
148+
"version": "0.0.0"
149+
}
150+
},
151+
"EventBusPolicy-987654321-test-region-12345678": {
152+
"id": "EventBusPolicy-987654321-test-region-12345678",
153+
"path": "EventBusPolicy-987654321-test-region-12345678",
154+
"children": {
155+
"GivePermToOtherAccount": {
156+
"id": "GivePermToOtherAccount",
157+
"path": "EventBusPolicy-987654321-test-region-12345678/GivePermToOtherAccount",
158+
"attributes": {
159+
"aws:cdk:cloudformation:type": "AWS::Events::EventBusPolicy",
160+
"aws:cdk:cloudformation:props": {
161+
"statementId": "Allow-account-987654321-FromCrossAccountRuleStackMyRule68A189ED",
162+
"action": "events:PutEvents",
163+
"principal": "987654321"
164+
}
165+
},
166+
"constructInfo": {
167+
"fqn": "@aws-cdk/aws-events.CfnEventBusPolicy",
168+
"version": "0.0.0"
169+
}
170+
}
171+
},
172+
"constructInfo": {
173+
"fqn": "@aws-cdk/core.Stack",
174+
"version": "0.0.0"
175+
}
176+
},
177+
"CrossAccountDeploy": {
178+
"id": "CrossAccountDeploy",
179+
"path": "CrossAccountDeploy",
180+
"children": {
181+
"DefaultTest": {
182+
"id": "DefaultTest",
183+
"path": "CrossAccountDeploy/DefaultTest",
184+
"children": {
185+
"Default": {
186+
"id": "Default",
187+
"path": "CrossAccountDeploy/DefaultTest/Default",
188+
"constructInfo": {
189+
"fqn": "constructs.Construct",
190+
"version": "10.1.102"
191+
}
192+
},
193+
"DeployAssert": {
194+
"id": "DeployAssert",
195+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert",
196+
"children": {
197+
"AwsApiCallEventBridgedescribeEventBus": {
198+
"id": "AwsApiCallEventBridgedescribeEventBus",
199+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus",
200+
"children": {
201+
"SdkProvider": {
202+
"id": "SdkProvider",
203+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/SdkProvider",
204+
"children": {
205+
"AssertionsProvider": {
206+
"id": "AssertionsProvider",
207+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/SdkProvider/AssertionsProvider",
208+
"constructInfo": {
209+
"fqn": "constructs.Construct",
210+
"version": "10.1.102"
211+
}
212+
}
213+
},
214+
"constructInfo": {
215+
"fqn": "@aws-cdk/integ-tests.AssertionsProvider",
216+
"version": "0.0.0"
217+
}
218+
},
219+
"Default": {
220+
"id": "Default",
221+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/Default",
222+
"children": {
223+
"Default": {
224+
"id": "Default",
225+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/Default/Default",
226+
"constructInfo": {
227+
"fqn": "@aws-cdk/core.CfnResource",
228+
"version": "0.0.0"
229+
}
230+
}
231+
},
232+
"constructInfo": {
233+
"fqn": "@aws-cdk/core.CustomResource",
234+
"version": "0.0.0"
235+
}
236+
},
237+
"AssertEqualsEventBridgedescribeEventBus": {
238+
"id": "AssertEqualsEventBridgedescribeEventBus",
239+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus",
240+
"children": {
241+
"AssertionProvider": {
242+
"id": "AssertionProvider",
243+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus/AssertionProvider",
244+
"children": {
245+
"AssertionsProvider": {
246+
"id": "AssertionsProvider",
247+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus/AssertionProvider/AssertionsProvider",
248+
"constructInfo": {
249+
"fqn": "constructs.Construct",
250+
"version": "10.1.102"
251+
}
252+
}
253+
},
254+
"constructInfo": {
255+
"fqn": "@aws-cdk/integ-tests.AssertionsProvider",
256+
"version": "0.0.0"
257+
}
258+
},
259+
"Default": {
260+
"id": "Default",
261+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus/Default",
262+
"children": {
263+
"Default": {
264+
"id": "Default",
265+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus/Default/Default",
266+
"constructInfo": {
267+
"fqn": "@aws-cdk/core.CfnResource",
268+
"version": "0.0.0"
269+
}
270+
}
271+
},
272+
"constructInfo": {
273+
"fqn": "@aws-cdk/core.CustomResource",
274+
"version": "0.0.0"
275+
}
276+
},
277+
"AssertionResults": {
278+
"id": "AssertionResults",
279+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/AwsApiCallEventBridgedescribeEventBus/AssertEqualsEventBridgedescribeEventBus/AssertionResults",
280+
"constructInfo": {
281+
"fqn": "@aws-cdk/core.CfnOutput",
282+
"version": "0.0.0"
283+
}
284+
}
285+
},
286+
"constructInfo": {
287+
"fqn": "@aws-cdk/integ-tests.EqualsAssertion",
288+
"version": "0.0.0"
289+
}
290+
}
291+
},
292+
"constructInfo": {
293+
"fqn": "@aws-cdk/integ-tests.AwsApiCall",
294+
"version": "0.0.0"
295+
}
296+
},
297+
"SingletonFunction1488541a7b23466481b69b4408076b81": {
298+
"id": "SingletonFunction1488541a7b23466481b69b4408076b81",
299+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81",
300+
"children": {
301+
"Staging": {
302+
"id": "Staging",
303+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Staging",
304+
"constructInfo": {
305+
"fqn": "@aws-cdk/core.AssetStaging",
306+
"version": "0.0.0"
307+
}
308+
},
309+
"Role": {
310+
"id": "Role",
311+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role",
312+
"constructInfo": {
313+
"fqn": "@aws-cdk/core.CfnResource",
314+
"version": "0.0.0"
315+
}
316+
},
317+
"Handler": {
318+
"id": "Handler",
319+
"path": "CrossAccountDeploy/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler",
320+
"constructInfo": {
321+
"fqn": "@aws-cdk/core.CfnResource",
322+
"version": "0.0.0"
323+
}
324+
}
325+
},
326+
"constructInfo": {
327+
"fqn": "constructs.Construct",
328+
"version": "10.1.102"
329+
}
330+
}
331+
},
332+
"constructInfo": {
333+
"fqn": "@aws-cdk/core.Stack",
334+
"version": "0.0.0"
335+
}
336+
}
337+
},
338+
"constructInfo": {
339+
"fqn": "@aws-cdk/integ-tests.IntegTestCase",
340+
"version": "0.0.0"
341+
}
342+
}
343+
},
344+
"constructInfo": {
345+
"fqn": "@aws-cdk/integ-tests.IntegTest",
346+
"version": "0.0.0"
347+
}
348+
}
349+
},
350+
"constructInfo": {
351+
"fqn": "@aws-cdk/core.App",
352+
"version": "0.0.0"
353+
}
354+
}
355+
}

‎packages/@aws-cdk/aws-events/test/integ.cross-account-rule.ts

+99
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
/// !cdk-integ *
2+
import { App, Arn, CfnResource, Stack } from '@aws-cdk/core';
3+
import { ExpectedResult, IntegTest, Match } from '@aws-cdk/integ-tests';
4+
import { Rule, IRuleTarget } from '../lib';
5+
6+
/**
7+
* Basic idea for this test is to create an EventBridge that "connects"
8+
* an SQS queue in one account to another account. Nothing is sent on the
9+
* queue, it's just used to set up the condition where aws-events creates
10+
* a support stack.
11+
*/
12+
13+
const app = new App();
14+
15+
const account = process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT;
16+
17+
// As the integ-runner doesnt provide a default cross account, we make our own.
18+
const crossAccount = process.env.CDK_INTEG_CROSS_ACCOUNT || '987654321';
19+
const region = process.env.CDK_INTEG_REGION || process.env.CDK_DEFAULT_REGION;
20+
21+
const fromCrossAccountStack = new Stack(app, 'FromCrossAccountRuleStack', {
22+
env: {
23+
account: crossAccount,
24+
region,
25+
},
26+
});
27+
28+
/**
29+
* To make this testable, we need to have the stack that stores the event bridge be in
30+
* the same account that the IntegTest stack is deployed into. Otherwise, we have no
31+
* access to the IAM policy that the EventBusPolicy-account-region support stack creates.
32+
*/
33+
const toCrossAccountStack = new Stack(app, 'ToCrossAccountRuleStack', {
34+
env: {
35+
account,
36+
region,
37+
},
38+
});
39+
const queueName = 'IntegTestCrossEnvRule';
40+
41+
const queue = new CfnResource(toCrossAccountStack, 'Queue', {
42+
type: 'AWS::SQS::Queue',
43+
properties: {
44+
QueueName: queueName,
45+
ReceiveMessageWaitTimeSeconds: 20,
46+
},
47+
});
48+
49+
const target: IRuleTarget = {
50+
bind: () => ({
51+
id: 'SQS',
52+
arn: Arn.format({
53+
resource: queueName,
54+
service: 'sqs',
55+
}, toCrossAccountStack),
56+
targetResource: queue,
57+
}),
58+
};
59+
60+
new Rule(fromCrossAccountStack, 'MyRule', {
61+
eventPattern: {
62+
detail: {
63+
foo: ['bar'],
64+
},
65+
detailType: ['cdk-integ-custom-rule'],
66+
source: ['cdk-integ'],
67+
},
68+
targets: [target],
69+
});
70+
71+
toCrossAccountStack.addDependency(fromCrossAccountStack);
72+
73+
const integ = new IntegTest(app, 'CrossAccountDeploy', {
74+
testCases: [
75+
toCrossAccountStack,
76+
],
77+
});
78+
79+
// We are using the default event bus, don't need to define any parameters for this call.
80+
const eventVerification = integ.assertions.awsApiCall('EventBridge', 'describeEventBus');
81+
82+
integ.node.addDependency(toCrossAccountStack);
83+
84+
eventVerification.provider.addPolicyStatementFromSdkCall('events', 'DescribeEventBus');
85+
86+
// IAM policy will be created by the support stack, assert that everything created as expected.
87+
eventVerification.assertAtPath('Policy', ExpectedResult.objectLike({
88+
Statement: Match.arrayWith(
89+
[Match.objectLike({
90+
Sid: Match.stringLikeRegexp(`Allow-account-${crossAccount}`),
91+
Principal: {
92+
AWS: `arn:aws:iam::${crossAccount}:root`,
93+
},
94+
Resource: Match.stringLikeRegexp(`arn:aws:events:us-east-1:${account}`),
95+
})],
96+
),
97+
}));
98+
99+
app.synth();

‎packages/@aws-cdk/aws-events/test/rule.test.ts

+2-2
Original file line numberDiff line numberDiff line change
@@ -933,7 +933,7 @@ describe('rule', () => {
933933
const app = new cdk.App();
934934

935935
const sourceAccount = '123456789012';
936-
const nodeAddr = 'c810f4680339b01edf1f157c4fd07da73469742773';
936+
const uniqueName = 'SourceStackRuleD6962A13';
937937
const sourceStack = new cdk.Stack(app, 'SourceStack', {
938938
env: {
939939
account: sourceAccount,
@@ -1015,7 +1015,7 @@ describe('rule', () => {
10151015
const eventBusPolicyStack = app.node.findChild(`EventBusPolicy-${sourceAccount}-us-west-2-${targetAccount}`) as cdk.Stack;
10161016
Template.fromStack(eventBusPolicyStack).hasResourceProperties('AWS::Events::EventBusPolicy', {
10171017
'Action': 'events:PutEvents',
1018-
'StatementId': `Allow-account-${sourceAccount}-${nodeAddr}`,
1018+
'StatementId': `Allow-account-${sourceAccount}-${uniqueName}`,
10191019
'Principal': sourceAccount,
10201020
});
10211021
});

0 commit comments

Comments
 (0)
Please sign in to comment.