From 4044dd43fdf3c456ef12d727ef2d735cd882edee Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Mon, 18 May 2020 18:15:26 -0700 Subject: [PATCH] fix(events): cannot use the same target account for 2 cross-account event sources We hard code the SID of the EventBusPolicy that we generate in the account of the target of a cross-account CloudWatch Event rule. Which means that, if you have two sources in different accounts generating events into the same target account, you will get an error on CloudFormation deployment time about a duplicate SID. Include the source account ID when generating the SID to make it unique. Fixes #8010 --- packages/@aws-cdk/aws-events/lib/rule.ts | 2 +- packages/@aws-cdk/aws-events/test/test.rule.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-events/lib/rule.ts b/packages/@aws-cdk/aws-events/lib/rule.ts index e8e7cfcfa3431..582cd570e8bc8 100644 --- a/packages/@aws-cdk/aws-events/lib/rule.ts +++ b/packages/@aws-cdk/aws-events/lib/rule.ts @@ -244,7 +244,7 @@ export class Rule extends Resource implements IRule { }); new CfnEventBusPolicy(eventBusPolicyStack, 'GivePermToOtherAccount', { action: 'events:PutEvents', - statementId: 'MySid', + statementId: `Allow-account-${sourceAccount}`, principal: sourceAccount, }); } diff --git a/packages/@aws-cdk/aws-events/test/test.rule.ts b/packages/@aws-cdk/aws-events/test/test.rule.ts index b478fb10ec0fa..304bf91ed4dcb 100644 --- a/packages/@aws-cdk/aws-events/test/test.rule.ts +++ b/packages/@aws-cdk/aws-events/test/test.rule.ts @@ -717,7 +717,7 @@ export = { const eventBusPolicyStack = app.node.findChild(`EventBusPolicy-${sourceAccount}-us-west-2-${targetAccount}`) as cdk.Stack; expect(eventBusPolicyStack).to(haveResourceLike('AWS::Events::EventBusPolicy', { 'Action': 'events:PutEvents', - 'StatementId': 'MySid', + 'StatementId': `Allow-account-${sourceAccount}`, 'Principal': sourceAccount, }));