diff --git a/packages/aws-cdk-lib/aws-events-targets/README.md b/packages/aws-cdk-lib/aws-events-targets/README.md index 781e257857cd4..41274bbe3b923 100644 --- a/packages/aws-cdk-lib/aws-events-targets/README.md +++ b/packages/aws-cdk-lib/aws-events-targets/README.md @@ -120,6 +120,20 @@ rule.addTarget(new targets.CloudWatchLogGroup(logGroup, { })); ``` +The cloudwatch log event target will create an AWS custom resource internally which will default +to set `installLatestAwsSdk` to `true`. This may be problematic for CN partition deployment. To +workaround this issue, set `installLatestAwsSdk` to `false`. + +```ts +import * as logs from 'aws-cdk-lib/aws-logs'; +declare const logGroup: logs.LogGroup; +declare const rule: events.Rule; + +rule.addTarget(new targets.CloudWatchLogGroup(logGroup, { + installLatestAwsSdk: false, +})); +``` + ## Start a CodeBuild build Use the `CodeBuildProject` target to trigger a CodeBuild project. diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts b/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts index 85a38024b9706..710cd70b6e207 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts @@ -15,6 +15,12 @@ export interface LogGroupResourcePolicyProps { * The policy statements for the log group resource logs */ readonly policyStatements: [iam.PolicyStatement]; + /** + * Whether to install latest AWS SDK for the custom resource + * + * @default - install latest AWS SDK + */ + readonly installLatestAwsSdk?: boolean; } /** @@ -39,6 +45,7 @@ export class LogGroupResourcePolicy extends cr.AwsCustomResource { }, physicalResourceId: cr.PhysicalResourceId.of(id), }, + installLatestAwsSdk: props.installLatestAwsSdk, onDelete: { service: 'CloudWatchLogs', action: 'deleteResourcePolicy', diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts b/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts index 42ad45dae5204..3f421bc31697d 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts @@ -78,6 +78,14 @@ export interface LogGroupProps extends TargetBaseProps { * @default - the entire EventBridge event */ readonly logEvent?: LogGroupTargetInput; + + /** + * Whether the custom resource created wll default to + * install latest AWS SDK + * + * @default - install latest AWS SDK + */ + readonly installLatestAwsSdk?: boolean; } /** @@ -109,6 +117,7 @@ export class CloudWatchLogGroup implements events.IRuleTarget { if (!this.logGroup.node.tryFindChild(resourcePolicyId)) { new LogGroupResourcePolicy(logGroupStack, resourcePolicyId, { + installLatestAwsSdk: this.props.installLatestAwsSdk, policyStatements: [new iam.PolicyStatement({ effect: iam.Effect.ALLOW, actions: ['logs:PutLogEvents', 'logs:CreateLogStream'], diff --git a/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts index 37021be8db1c8..f2670af087148 100644 --- a/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts +++ b/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts @@ -158,6 +158,46 @@ test('logEvent with defaults', () => { }); }); +test('can set install latest AWS SDK value to false', () => { + // GIVEN + const stack = new cdk.Stack(); + const logGroup = new logs.LogGroup(stack, 'MyLogGroup', { + logGroupName: '/aws/events/MyLogGroup', + }); + const rule1 = new events.Rule(stack, 'Rule', { + schedule: events.Schedule.rate(cdk.Duration.minutes(1)), + }); + + // WHEN + rule1.addTarget(new targets.CloudWatchLogGroup(logGroup, { + installLatestAwsSdk: false, + })); + + // THEN + Template.fromStack(stack).hasResourceProperties('Custom::CloudwatchLogResourcePolicy', { + InstallLatestAwsSdk: false, + }); +}); + +test('default install latest AWS SDK is true', () => { + // GIVEN + const stack = new cdk.Stack(); + const logGroup = new logs.LogGroup(stack, 'MyLogGroup', { + logGroupName: '/aws/events/MyLogGroup', + }); + const rule1 = new events.Rule(stack, 'Rule', { + schedule: events.Schedule.rate(cdk.Duration.minutes(1)), + }); + + // WHEN + rule1.addTarget(new targets.CloudWatchLogGroup(logGroup)); + + // THEN + Template.fromStack(stack).hasResourceProperties('Custom::CloudwatchLogResourcePolicy', { + InstallLatestAwsSdk: true, + }); +}); + test('can use logEvent', () => { // GIVEN const stack = new cdk.Stack();