chore(aws-events-targets): fix StepFunctions doc & tests role usage (a…

…ws#19178) The role used in the aws-events-targets example and test code needs to be passed to the SfnStateMachine target, not to the StateMachine resource. The role's trust policy trusts events.amazonaws.com so the state machine resource would be unable to use this role anyways. This PR modifies the example in README.md and the test code to have the StateMachine construct create its own role and pass the manually created role to SfnStateMachine where EventBridge will use it to start the state machine. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
TheRealAmazonKendra · Mar 11, 2022 · 0e3d268 · 0e3d268
1 parent 30dfaf6
commit 0e3d268
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/packages/@aws-cdk/aws-events-targets/README.md b/packages/@aws-cdk/aws-events-targets/README.md
@@ -167,13 +167,13 @@ const role = new iam.Role(this, 'Role', {
   assumedBy: new iam.ServicePrincipal('events.amazonaws.com'),
 });
 const stateMachine = new sfn.StateMachine(this, 'SM', {
-  definition: new sfn.Wait(this, 'Hello', { time: sfn.WaitTime.duration(cdk.Duration.seconds(10)) }),
-  role,
+  definition: new sfn.Wait(this, 'Hello', { time: sfn.WaitTime.duration(cdk.Duration.seconds(10)) })
 });
 
 rule.addTarget(new targets.SfnStateMachine(stateMachine, {
   input: events.RuleTargetInput.fromObject({ SomeParam: 'SomeValue' }),
   deadLetterQueue: dlq,
+  role: role
 }));
 ```
 

diff --git a/packages/@aws-cdk/aws-events-targets/test/stepfunctions/statemachine.test.ts b/packages/@aws-cdk/aws-events-targets/test/stepfunctions/statemachine.test.ts
@@ -68,12 +68,12 @@ test('Existing role can be used for State machine Rule target', () => {
   });
   const stateMachine = new sfn.StateMachine(stack, 'SM', {
     definition: new sfn.Wait(stack, 'Hello', { time: sfn.WaitTime.duration(cdk.Duration.seconds(10)) }),
-    role,
   });
 
   // WHEN
   rule.addTarget(new targets.SfnStateMachine(stateMachine, {
     input: events.RuleTargetInput.fromObject({ SomeParam: 'SomeValue' }),
+    role: role,
   }));
 
   // THEN
@@ -125,13 +125,13 @@ test('specifying retry policy', () => {
   });
   const stateMachine = new sfn.StateMachine(stack, 'SM', {
     definition: new sfn.Wait(stack, 'Hello', { time: sfn.WaitTime.duration(cdk.Duration.seconds(10)) }),
-    role,
   });
 
   rule.addTarget(new targets.SfnStateMachine(stateMachine, {
     input: events.RuleTargetInput.fromObject({ SomeParam: 'SomeValue' }),
     maxEventAge: cdk.Duration.hours(2),
     retryAttempts: 2,
+    role: role,
   }));
 
   // THEN
@@ -151,7 +151,7 @@ test('specifying retry policy', () => {
         },
         RoleArn: {
           'Fn::GetAtt': [
-            'SMEventsRoleB320A902',
+            'Role1ABCC5F0',
             'Arn',
           ],
         },
@@ -176,13 +176,13 @@ test('use a Dead Letter Queue for the rule target', () => {
   });
   const stateMachine = new sfn.StateMachine(stack, 'SM', {
     definition: new sfn.Wait(stack, 'Hello', { time: sfn.WaitTime.duration(cdk.Duration.seconds(10)) }),
-    role,
   });
 
   // WHEN
   rule.addTarget(new targets.SfnStateMachine(stateMachine, {
     input: events.RuleTargetInput.fromObject({ SomeParam: 'SomeValue' }),
     deadLetterQueue: dlq,
+    role: role,
   }));
 
   // the Permission resource should be in the event stack
@@ -206,7 +206,7 @@ test('use a Dead Letter Queue for the rule target', () => {
         Input: '{"SomeParam":"SomeValue"}',
         RoleArn: {
           'Fn::GetAtt': [
-            'SMEventsRoleB320A902',
+            'Role1ABCC5F0',
             'Arn',
           ],
         },