fix(events): cannot use the same target account for 2 cross-account e…

…vent sources We hard code the SID of the EventBusPolicy that we generate in the account of the target of a cross-account CloudWatch Event rule. Which means that, if you have two sources in different accounts generating events into the same target account, you will get an error on CloudFormation deployment time about a duplicate SID. Include the source account ID when generating the SID to make it unique. Fixes aws#8010
skinny85 · May 19, 2020 · 4044dd4 · 4044dd4
1 parent 613df1b
commit 4044dd4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/packages/@aws-cdk/aws-events/lib/rule.ts b/packages/@aws-cdk/aws-events/lib/rule.ts
@@ -244,7 +244,7 @@ export class Rule extends Resource implements IRule {
           });
           new CfnEventBusPolicy(eventBusPolicyStack, 'GivePermToOtherAccount', {
             action: 'events:PutEvents',
-            statementId: 'MySid',
+            statementId: `Allow-account-${sourceAccount}`,
             principal: sourceAccount,
           });
         }

diff --git a/packages/@aws-cdk/aws-events/test/test.rule.ts b/packages/@aws-cdk/aws-events/test/test.rule.ts
@@ -717,7 +717,7 @@ export = {
       const eventBusPolicyStack = app.node.findChild(`EventBusPolicy-${sourceAccount}-us-west-2-${targetAccount}`) as cdk.Stack;
       expect(eventBusPolicyStack).to(haveResourceLike('AWS::Events::EventBusPolicy', {
         'Action': 'events:PutEvents',
-        'StatementId': 'MySid',
+        'StatementId': `Allow-account-${sourceAccount}`,
         'Principal': sourceAccount,
       }));