fix(events): remove policy statement from CF template when using AwsApi (#4037)

* fix(events): remove policy statement from CF template when using AwsApi

All props of the `AwsApi` target were passed as event input, unnecessarily polluting the
CloudFormation template.

* refactor with AwsApiInput interface

* JSDoc

Author: jogold

packages/@aws-cdk/aws-events-targets/lib/aws-api-handler/index.ts

@@ -1,8 +1,8 @@
 // tslint:disable:no-console
 import AWS = require('aws-sdk');
-import { AwsApiProps } from '../aws-api';
+import { AwsApiInput } from '../aws-api';
 
-export async function handler(event: AwsApiProps) {
+export async function handler(event: AwsApiInput) {
   console.log('Event: %j', event);
   console.log('AWS SDK VERSION: ' + (AWS as any).VERSION);
 

packages/@aws-cdk/aws-events-targets/lib/aws-api.ts

@@ -12,7 +12,10 @@ export type AwsSdkMetadata = {[key: string]: any};
 
 const awsSdkMetadata: AwsSdkMetadata = metadata;
 
-export interface AwsApiProps {
+/**
+ * Rule target input for an AwsApi target.
+ */
+export interface AwsApiInput {
   /**
    * The service to call
    *
@@ -52,7 +55,12 @@ export interface AwsApiProps {
    * @default - use latest available API version
    */
   readonly apiVersion?: string;
+}
 
+/**
+ * Properties for an AwsApi target.
+ */
+export interface AwsApiProps extends AwsApiInput {
   /**
    * The IAM policy statement to allow the API call. Use only if
    * resource restriction is needed.
@@ -93,10 +101,18 @@ export class AwsApi implements events.IRuleTarget {
     // Allow handler to be called from rule
     addLambdaPermission(rule, handler);
 
+    const input: AwsApiInput = {
+      service: this.props.service,
+      action: this.props.action,
+      parameters: this.props.parameters,
+      catchErrorPattern: this.props.catchErrorPattern,
+      apiVersion: this.props.apiVersion,
+    };
+
     return {
       id: '',
       arn: handler.functionArn,
-      input: events.RuleTargetInput.fromObject(this.props),
+      input: events.RuleTargetInput.fromObject(input),
       targetResource: handler,
     };
   }

packages/@aws-cdk/aws-events-targets/test/aws-api/aws-api.test.ts

@@ -1,5 +1,6 @@
 import { countResources, expect, haveResource } from '@aws-cdk/assert';
 import events = require('@aws-cdk/aws-events');
+import iam = require('@aws-cdk/aws-iam');
 import { Stack } from '@aws-cdk/core';
 import targets = require('../../lib');
 
@@ -18,8 +19,8 @@ test('use AwsApi as an event rule target', () => {
       service: 'cool-service',
       forceNewDeployment: true
     } as AWS.ECS.UpdateServiceRequest,
+    catchErrorPattern: 'error',
     apiVersion: '2019-01-01',
-    catchErrorPattern: 'error'
   }));
 
   rule.addTarget(new targets.AwsApi({
@@ -48,8 +49,8 @@ test('use AwsApi as an event rule target', () => {
             service: 'cool-service',
             forceNewDeployment: true
           },
+          catchErrorPattern: 'error',
           apiVersion: '2019-01-01',
-          catchErrorPattern: 'error'
         })
       },
       {
@@ -92,3 +93,53 @@ test('use AwsApi as an event rule target', () => {
     }
   }));
 });
+
+test('with policy statement', () => {
+  // GIVEN
+  const stack = new Stack();
+  const rule = new events.Rule(stack, 'Rule', {
+    schedule: events.Schedule.expression('rate(15 minutes)')
+  });
+
+  // WHEN
+  rule.addTarget(new targets.AwsApi({
+    service: 'service',
+    action: 'action',
+    policyStatement: new iam.PolicyStatement({
+      actions: ['s3:GetObject'],
+      resources: ['resource'],
+    })
+  }));
+
+  // THEN
+  expect(stack).to(haveResource('AWS::Events::Rule', {
+    Targets: [
+      {
+        Arn: {
+          "Fn::GetAtt": [
+            "AWSb4cf1abd4e4f4bc699441af7ccd9ec371511E620",
+            "Arn"
+          ]
+        },
+        Id: "Target0",
+        Input: JSON.stringify({ // No `policyStatement`
+          service: 'service',
+          action: 'action',
+        })
+      },
+    ]
+  }));
+
+  expect(stack).to(haveResource('AWS::IAM::Policy', {
+    PolicyDocument: {
+      Statement: [
+        {
+          Action: "s3:GetObject",
+          Effect: "Allow",
+          Resource: "resource"
+        },
+      ],
+      Version: "2012-10-17"
+    }
+  }));
+});