Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@aws-cdk/aws-scheduler-alpha
Advanced tools
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
Amazon EventBridge Scheduler is a feature from Amazon EventBridge that allows you to create, run, and manage scheduled tasks at scale. With EventBridge Scheduler, you can schedule one-time or recurrently tens of millions of tasks across many AWS services without provisioning or managing underlying infrastructure.
This module is part of the AWS Cloud Development Kit project. It allows you to define Event Bridge Schedules.
This module is in active development. Some features may not be implemented yet.
declare const fn: lambda.Function;
const target = new targets.LambdaInvoke(fn, {
input: ScheduleTargetInput.fromObject({
"payload": "useful",
}),
});
const schedule = new Schedule(this, 'Schedule', {
schedule: ScheduleExpression.rate(Duration.minutes(10)),
target,
description: 'This is a test schedule that invokes lambda function every 10 minutes.',
});
You can choose from three schedule types when configuring your schedule: rate-based, cron-based, and one-time schedules.
Both rate-based and cron-based schedules are recurring schedules. You can configure each recurring schedule type using a schedule expression. For cron-based schedule you can specify a time zone in which EventBridge Scheduler evaluates the expression.
declare const target: targets.LambdaInvoke;
const rateBasedSchedule = new Schedule(this, 'Schedule', {
schedule: ScheduleExpression.rate(Duration.minutes(10)),
target,
description: 'This is a test rate-based schedule',
});
const cronBasedSchedule = new Schedule(this, 'Schedule', {
schedule: ScheduleExpression.cron({
minute: '0',
hour: '23',
day: '20',
month: '11',
timeZone: TimeZone.AMERICA_NEW_YORK,
}),
target,
description: 'This is a test cron-based schedule that will run at 11:00 PM, on day 20 of the month, only in November in New York timezone',
});
A one-time schedule is a schedule that invokes a target only once. You configure a one-time schedule when by specifying the time of the day, date, and time zone in which EventBridge Scheduler evaluates the schedule.
declare const target: targets.LambdaInvoke;
const oneTimeSchedule = new Schedule(this, 'Schedule', {
schedule: ScheduleExpression.at(
new Date(2022, 10, 20, 19, 20, 23),
TimeZone.AMERICA_NEW_YORK,
),
target,
description: 'This is a one-time schedule in New York timezone',
});
Your AWS account comes with a default scheduler group. You can access default group in CDK with:
const defaultGroup = Group.fromDefaultGroup(this, "DefaultGroup");
If not specified a schedule is added to the default group. However, you can also add the schedule to a custom scheduling group managed by you:
declare const target: targets.LambdaInvoke;
const group = new Group(this, "Group", {
groupName: "MyGroup",
});
new Schedule(this, 'Schedule', {
schedule: ScheduleExpression.rate(Duration.minutes(10)),
target,
group,
});
By default, a schedule will be enabled. You can disable a schedule by setting the enabled
property to false:
declare const target: targets.LambdaInvoke;
new Schedule(this, 'Schedule', {
schedule: ScheduleExpression.rate(Duration.minutes(10)),
target: target,
enabled: false,
});
The @aws-cdk/aws-scheduler-targets-alpha
module includes classes that implement the IScheduleTarget
interface for
various AWS services. EventBridge Scheduler supports two types of targets: templated targets invoke common API
operations across a core groups of services, and customizeable universal targets that you can use to call more
than 6,000 operations across over 270 services. A list of supported targets can be found at @aws-cdk/aws-scheduler-targets-alpha
.
Target can be invoked with a custom input. Class ScheduleTargetInput
supports free form text input and JSON-formatted object input:
const input = ScheduleTargetInput.fromObject({
'QueueName': 'MyQueue'
});
You can include context attributes in your target payload. EventBridge Scheduler will replace each keyword with its respective value and deliver it to the target. See full list of supported context attributes:
ContextAttribute.scheduleArn()
– The ARN of the schedule.ContextAttribute.scheduledTime()
– The time you specified for the schedule to invoke its target, for example, 2022-03-22T18:59:43Z.ContextAttribute.executionId()
– The unique ID that EventBridge Scheduler assigns for each attempted invocation of a target, for example, d32c5kddcf5bb8c3.ContextAttribute.attemptNumber()
– A counter that identifies the attempt number for the current invocation, for example, 1.const text = `Attempt number: ${ContextAttribute.attemptNumber}`;
const input = ScheduleTargetInput.fromText(text);
An execution role is an IAM role that EventBridge Scheduler assumes in order to interact with other AWS services on your behalf.
The classes for templated schedule targets automatically create an IAM role with all the minimum necessary
permissions to interact with the templated target. If you wish you may specify your own IAM role, then the templated targets
will grant minimal required permissions. For example: for invoking Lambda function target LambdaInvoke
will grant
execution IAM role permission to lambda:InvokeFunction
.
declare const fn: lambda.Function;
const role = new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('scheduler.amazonaws.com'),
});
const target = new targets.LambdaInvoke(fn, {
input: ScheduleTargetInput.fromObject({
"payload": "useful"
}),
role,
});
Executing cross-account and cross-region targets are not supported yet.
EventBridge Scheduler integrates with AWS Key Management Service (AWS KMS) to encrypt and decrypt your data using an AWS KMS key. EventBridge Scheduler supports two types of KMS keys: AWS owned keys, and customer managed keys.
By default, all events in Scheduler are encrypted with a key that AWS owns and manages.
If you wish you can also provide a customer managed key to encrypt and decrypt the payload that your schedule delivers to its target using the key
property.
Target classes will automatically add AWS KMS Decrypt permission to your schedule's execution role permissions policy.
declare const key: kms.Key;
declare const fn: lambda.Function;
const target = new targets.LambdaInvoke(fn, {
input: ScheduleTargetInput.fromObject({
payload: 'useful',
}),
});
const schedule = new Schedule(this, 'Schedule', {
schedule: ScheduleExpression.rate(Duration.minutes(10)),
target,
key,
});
Visit Data protection in Amazon EventBridge Scheduler for more details.
You can configure how your schedule handles failures, when EventBridge Scheduler is unable to deliver an event successfully to a target, by using two primary mechanisms: a retry policy, and a dead-letter queue (DLQ).
A retry policy determines the number of times EventBridge Scheduler must retry a failed event, and how long to keep an unprocessed event.
A DLQ is a standard Amazon SQS queue EventBridge Scheduler uses to deliver failed events to, after the retry policy has been exhausted. You can use a DLQ to troubleshoot issues with your schedule or its downstream target. If you've configured a retry policy for your schedule, EventBridge Scheduler delivers the dead-letter event after exhausting the maximum number of retries you set in the retry policy.
declare const fn: lambda.Function;
const dlq = new sqs.Queue(this, "DLQ", {
queueName: 'MyDLQ',
});
const target = new targets.LambdaInvoke(fn, {
deadLetterQueue: dlq,
maxEventAge: Duration.minutes(1),
retryAttempts: 3
});
TODO: Not yet implemented. See section in L2 Event Bridge Scheduler RFC
You can monitor Amazon EventBridge Scheduler using CloudWatch, which collects raw data and processes it into readable, near real-time metrics. EventBridge Scheduler emits a set of metrics for all schedules, and an additional set of metrics for schedules that have an associated dead-letter queue (DLQ). If you configure a DLQ for your schedule, EventBridge Scheduler publishes additional metrics when your schedule exhausts its retry policy.
Class Schedule
provides static methods for accessing all schedules metrics with default configuration,
such as metricAllErrors
for viewing errors when executing targets.
new cloudwatch.Alarm(this, 'SchedulesErrorAlarm', {
metric: Schedule.metricAllErrors(),
threshold: 0,
evaluationPeriods: 1,
});
To view metrics for a specific group you can use methods on class Group
:
const group = new Group(this, "Group", {
groupName: "MyGroup",
});
new cloudwatch.Alarm(this, 'MyGroupErrorAlarm', {
metric: group.metricTargetErrors(),
evaluationPeriods: 1,
threshold: 0
});
// Or use default group
const defaultGroup = Group.fromDefaultGroup(this, "DefaultGroup");
new cloudwatch.Alarm(this, 'DefaultGroupErrorAlarm', {
metric: defaultGroup.metricTargetErrors(),
evaluationPeriods: 1,
threshold: 0
});
See full list of metrics and their description at Monitoring Using CloudWatch Metrics in the AWS Event Bridge Scheduler User Guide.
FAQs
The CDK Construct Library for Amazon Scheduler
We found that @aws-cdk/aws-scheduler-alpha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.