From 6c9063b027a5a1599126bc9f3f154d1b9a57b6ed Mon Sep 17 00:00:00 2001 From: Gavin Zhang Date: Wed, 6 Mar 2024 09:57:42 -0800 Subject: [PATCH 1/2] fix(events_targets): installing latest aws sdk fails in cn partition --- .../lib/log-group-resource-policy.ts | 5 +++ .../aws-events-targets/lib/log-group.ts | 9 +++++ .../test/logs/log-group.test.ts | 40 +++++++++++++++++++ 3 files changed, 54 insertions(+) diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts b/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts index 85a38024b9706..3185ce2752624 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts @@ -15,6 +15,10 @@ export interface LogGroupResourcePolicyProps { * The policy statements for the log group resource logs */ readonly policyStatements: [iam.PolicyStatement]; + /** + * Whether to install latest AWS SDK for the custom resource + */ + readonly installLatestAwsSdk?: boolean; } /** @@ -39,6 +43,7 @@ export class LogGroupResourcePolicy extends cr.AwsCustomResource { }, physicalResourceId: cr.PhysicalResourceId.of(id), }, + installLatestAwsSdk: props.installLatestAwsSdk, onDelete: { service: 'CloudWatchLogs', action: 'deleteResourcePolicy', diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts b/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts index 42ad45dae5204..3f421bc31697d 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts @@ -78,6 +78,14 @@ export interface LogGroupProps extends TargetBaseProps { * @default - the entire EventBridge event */ readonly logEvent?: LogGroupTargetInput; + + /** + * Whether the custom resource created wll default to + * install latest AWS SDK + * + * @default - install latest AWS SDK + */ + readonly installLatestAwsSdk?: boolean; } /** @@ -109,6 +117,7 @@ export class CloudWatchLogGroup implements events.IRuleTarget { if (!this.logGroup.node.tryFindChild(resourcePolicyId)) { new LogGroupResourcePolicy(logGroupStack, resourcePolicyId, { + installLatestAwsSdk: this.props.installLatestAwsSdk, policyStatements: [new iam.PolicyStatement({ effect: iam.Effect.ALLOW, actions: ['logs:PutLogEvents', 'logs:CreateLogStream'], diff --git a/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts index 37021be8db1c8..f2670af087148 100644 --- a/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts +++ b/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts @@ -158,6 +158,46 @@ test('logEvent with defaults', () => { }); }); +test('can set install latest AWS SDK value to false', () => { + // GIVEN + const stack = new cdk.Stack(); + const logGroup = new logs.LogGroup(stack, 'MyLogGroup', { + logGroupName: '/aws/events/MyLogGroup', + }); + const rule1 = new events.Rule(stack, 'Rule', { + schedule: events.Schedule.rate(cdk.Duration.minutes(1)), + }); + + // WHEN + rule1.addTarget(new targets.CloudWatchLogGroup(logGroup, { + installLatestAwsSdk: false, + })); + + // THEN + Template.fromStack(stack).hasResourceProperties('Custom::CloudwatchLogResourcePolicy', { + InstallLatestAwsSdk: false, + }); +}); + +test('default install latest AWS SDK is true', () => { + // GIVEN + const stack = new cdk.Stack(); + const logGroup = new logs.LogGroup(stack, 'MyLogGroup', { + logGroupName: '/aws/events/MyLogGroup', + }); + const rule1 = new events.Rule(stack, 'Rule', { + schedule: events.Schedule.rate(cdk.Duration.minutes(1)), + }); + + // WHEN + rule1.addTarget(new targets.CloudWatchLogGroup(logGroup)); + + // THEN + Template.fromStack(stack).hasResourceProperties('Custom::CloudwatchLogResourcePolicy', { + InstallLatestAwsSdk: true, + }); +}); + test('can use logEvent', () => { // GIVEN const stack = new cdk.Stack(); From 879f6b1e1fe80434f465b1f9ac930dad0452dcdb Mon Sep 17 00:00:00 2001 From: Gavin Zhang Date: Wed, 6 Mar 2024 10:30:07 -0800 Subject: [PATCH 2/2] add default documentation --- packages/aws-cdk-lib/aws-events-targets/README.md | 14 ++++++++++++++ .../lib/log-group-resource-policy.ts | 2 ++ 2 files changed, 16 insertions(+) diff --git a/packages/aws-cdk-lib/aws-events-targets/README.md b/packages/aws-cdk-lib/aws-events-targets/README.md index 781e257857cd4..41274bbe3b923 100644 --- a/packages/aws-cdk-lib/aws-events-targets/README.md +++ b/packages/aws-cdk-lib/aws-events-targets/README.md @@ -120,6 +120,20 @@ rule.addTarget(new targets.CloudWatchLogGroup(logGroup, { })); ``` +The cloudwatch log event target will create an AWS custom resource internally which will default +to set `installLatestAwsSdk` to `true`. This may be problematic for CN partition deployment. To +workaround this issue, set `installLatestAwsSdk` to `false`. + +```ts +import * as logs from 'aws-cdk-lib/aws-logs'; +declare const logGroup: logs.LogGroup; +declare const rule: events.Rule; + +rule.addTarget(new targets.CloudWatchLogGroup(logGroup, { + installLatestAwsSdk: false, +})); +``` + ## Start a CodeBuild build Use the `CodeBuildProject` target to trigger a CodeBuild project. diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts b/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts index 3185ce2752624..710cd70b6e207 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/log-group-resource-policy.ts @@ -17,6 +17,8 @@ export interface LogGroupResourcePolicyProps { readonly policyStatements: [iam.PolicyStatement]; /** * Whether to install latest AWS SDK for the custom resource + * + * @default - install latest AWS SDK */ readonly installLatestAwsSdk?: boolean; }