@aws-cdk/aws-events

Amazon CloudWatch Events Construct Library

Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in AWS resources. For example, an AWS CodePipeline emits the State Change event when the pipeline changes it's state.

• Events: An event indicates a change in your AWS environment. AWS resources can generate events when their state changes. For example, Amazon EC2 generates an event when the state of an EC2 instance changes from pending to running, and Amazon EC2 Auto Scaling generates events when it launches or terminates instances. AWS CloudTrail publishes events when you make API calls. You can generate custom application-level events and publish them to CloudWatch Events. You can also set up scheduled events that are generated on a periodic basis. For a list of services that generate events, and sample events from each service, see CloudWatch Events Event Examples From Each Supported Service.
• Targets: A target processes events. Targets can include Amazon EC2 instances, AWS Lambda functions, Kinesis streams, Amazon ECS tasks, Step Functions state machines, Amazon SNS topics, Amazon SQS queues, and built-in targets. A target receives events in JSON format.
• Rules: A rule matches incoming events and routes them to targets for processing. A single rule can route to multiple targets, all of which are processed in parallel. Rules are not processed in a particular order. This enables different parts of an organization to look for and process the events that are of interest to them. A rule can customize the JSON sent to the target, by passing only certain parts or by overwriting it with a constant.
• EventBuses: An event bus can receive events from your own custom applications or it can receive events from applications and services created by AWS SaaS partners. See Creating an Event Bus.

Rule

The Rule construct defines a CloudWatch events rule which monitors an event based on an event pattern and invoke event targets when the pattern is matched against a triggered event. Event targets are objects that implement the IRuleTarget interface.

Normally, you will use one of the source.onXxx(name[, target[, options]]) -> Rule methods on the event source to define an event rule associated with the specific activity. You can targets either via props, or add targets using rule.addTarget.

For example, to define an rule that triggers a CodeBuild project build when a commit is pushed to the "master" branch of a CodeCommit repository:

const onCommitRule = repo.onCommit('OnCommit', {
  target: new targets.CodeBuildProject(project),
  branches: ['master']
});

You can add additional targets, with optional input transformer using eventRule.addTarget(target[, input]). For example, we can add a SNS topic target which formats a human-readable message for the commit.

For example, this adds an SNS topic as a target:

onCommitRule.addTarget(new targets.SnsTopic(topic, {
  message: events.RuleTargetInput.fromText(
    `A commit was pushed to the repository ${codecommit.ReferenceEvent.repositoryName} on branch ${codecommit.ReferenceEvent.referenceName}`
  )
}));

Scheduling

You can configure a Rule to run on a schedule (cron or rate).

The following example runs a task every day at 4am:

import { Rule, Schedule } from '@aws-cdk/aws-events';
import { EcsTask } from '@aws-cdk/aws-events-targets';
...

const ecsTaskTarget = new EcsTask({ cluster, taskDefinition });

new Rule(this, 'ScheduleRule', {
 schedule: Schedule.cron({ minute: '0', hour: '4' }),
 targets: [ecsTaskTarget],
});

More details in ScheduledEvents documentation page.

Event Targets

The @aws-cdk/aws-events-targets module includes classes that implement the IRuleTarget interface for various AWS services.

The following targets are supported:

• targets.CodeBuildProject: Start an AWS CodeBuild build
• targets.CodePipeline: Start an AWS CodePipeline pipeline execution
• targets.EcsTask: Start a task on an Amazon ECS cluster
• targets.LambdaFunction: Invoke an AWS Lambda function
• targets.SnsTopic: Publish into an SNS topic
• targets.SqsQueue: Send a message to an Amazon SQS Queue
• targets.SfnStateMachine: Trigger an AWS Step Functions state machine
• targets.AwsApi: Make an AWS API call

Cross-account targets

It's possible to have the source of the event and a target in separate AWS accounts:

import { App, Stack } from '@aws-cdk/core';
import codebuild = require('@aws-cdk/aws-codebuild');
import codecommit = require('@aws-cdk/aws-codecommit');
import targets = require('@aws-cdk/aws-events-targets');

const app = new App();

const stack1 = new Stack(app, 'Stack1', { env: { account: account1, region: 'us-east-1' } });
const repo = new codecommit.Repository(stack1, 'Repository', {
  // ...
});

const stack2 = new Stack(app, 'Stack2', { env: { account: account2, region: 'us-east-1' } });
const project = new codebuild.Project(stack2, 'Project', {
  // ...
});

repo.onCommit('OnCommit', {
  target: new targets.CodeBuildProject(project),
});

In this situation, the CDK will wire the 2 accounts together:

• It will generate a rule in the source stack with the event bus of the target account as the target
• It will generate a rule in the target stack, with the provided target
• It will generate a separate stack that gives the source account permissions to publish events to the event bus of the target account in the given region, and make sure its deployed before the source stack

Note: while events can span multiple accounts, they cannot span different regions (that is a CloudWatch, not CDK, limitation).

For more information, see the AWS documentation on cross-account events.

Changelog

1.20.0 (2020-01-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• autoscaling: AutoScalingGroups without desiredCapacity are now initially scaled to their minimum capacity (instead of their maximum capaciety).
• rds: addRotationSingleUser(id: string, options: SecretRotationOptions) is now addRotationSingleUser(automaticallyAfter?: Duration)
• glue: InputFormat. TEXT_INPUT_FORMAT has been renamed to TEXT. OutputFormat. HIVE_IGNORE_KEY_TEXT_OUTPUT_FORMAT has been renamed to HIVE_IGNORE_KEY_TEXT

Features

• apigateway: lambda token authorizer (#5197) (5c16744), closes #5584
• aws-stepfunctions: support StateMachineType (#5398) (ea095f0), closes #5397
• cli: support custom CA certificate bundles (ac748c1), closes #5294
• cloudformation: update cloudformation spec to v10.2.0 (#5542) (cb65da3)
• cloudwatch: make Metric objects region-aware (212687c)
• cloudwatch: support for metric math (#5582) (a7f189e), closes #1077 #5449 #5261 #4716
• codebuild: add 2X_Large compute type option (#5429) (1291ef6), closes #5401
• core: add support for the ref intrinsic function (#5468) (#5470) (cad5bc1)
• custom-resource: Allow custom ResourceTypes on CustomResources (#5248) (c605ceb)
• custom-resources: getDataString for AwsCustomResource (#5578) (faa368d), closes #5570
• custom-resources: ignore DELETE after failed CREATE (#5525) (9ab989e), closes #5524
• custom-resources: use latest SDK in AwsCustomResource (#5442) (a111cdd), closes #2689 #5063
• dynamodb: Implement importing existing dynamodb table. (#5280) (8d9b58b), closes #3895
• ec2: add privateIpAddress to Instance (a00906d), closes #4004
• ec2: support block devices for Instance (#5567) (1085a27), closes #4773 #4781
• ecr-assets: custom docker files (#5652) (1b25a4b)
• ecs-patterns: higher-level constructs for ECS service with multiple target groups (#5083) (c0a7192)
• eks: EKS-Optimized AMI with GPU support for G4 instance (#5479) (7b34d56)
• eks: helm chart support (#5390) (394313e)
• glue: add support for more DataFormats (#5246) (ca535d0)
• lambda: configuration for async invocations (#5299) (746ba32)
• logs: import a LogGroup from its name (#5580) (9cbbaea)
• rds: more extensive secret rotation support (#5281) (b700b77), closes #5194
• codebuild: add Secrets Manager to CodeBuild environment variable types (#5464) (ff1fa68)

Bug Fixes

• autoscaling: every deployment resets capacity (#5507) (0adf6c7), closes #5215 #5208
• aws-cdk: upgrade canaries lambda node version (#5674) (96b802b)
• codebuild: ARM images have the wrong type and compute kind (#5541) (6999baf), closes #5517
• codebuild: cannot use immutable roles for Project (6103180), closes #1408
• codebuild: rename CodeBuild VPC policy to be unique (#5385) (16a1200)
• core: nested Fn.join with token fails (#5679) (24ded60), closes #5655
• cli: java sample-app init template does not have a src/ directory (#5546) (71947b5)
• core: nested stacks does not report missing context #5594 (#5638) (9472e09)
• core: tags not working for cognito user pools (#4225) (a67f0ef), closes #3882
• custom-resources: default timeout of 2 minutes for AwsCustomResource (#5658) (e0c41d4)
• ec2: allow ingress to VPC interface endpoints (#4938) (d5ed97a), closes #4937
• eks: aws-auth username not set by default (#5649) (87befa6), closes #5263
• eks: default capacity uses desiredCapacity which is an anti-pattern (#5651) (a883fed), closes #5215 #5507 #5650
• eks: failures when creating or updating clusters (#5540) (a13cfe6), closes #5544 #4087 #4695 #5259 #5501
• eks: generated cluster name can exceed 100 characters (#5597) (3256a41), closes #5596
• eks: kubernetes cannot create external load balancers (#5448) (384d22d), closes #5443
• iam: policy added to resource for immutable Role (#5568) (950a5f7)
• java: resolve Java class naming error (#5602) (e9ede13)
• rds: do not allow aurora engines when using DatabaseInstance (#5367) (03b3b7a), closes #5345
• s3n: s3n lambda destination works with function by arn (#5599) (7ceee6d), closes #5592
• stepfunctions: permission race condition on state machine deletion (#5466) (c3ac965), closes #5336
• tests: flaky integration tests in release pipeline (#5485) (01800cf)
• increase IAM wait timeout in integ test (#5504) (f10b3e6)