fix(events): cannot use the same target account for 2 cross-account event sources

skinny85 · skinny85 · commit 4044dd43fdf3 · 2020-05-18T18:15:35.000-07:00
We hard code the SID of the EventBusPolicy that we generate in the account of the target of a cross-account CloudWatch Event rule. Which means that, if you have two sources in different accounts generating events into the same target account, you will get an error on CloudFormation deployment time about a duplicate SID. Include the source account ID when generating the SID to make it unique. Fixes #8010
diff --git a/packages/@aws-cdk/aws-events/lib/rule.ts b/packages/@aws-cdk/aws-events/lib/rule.ts
@@ -244,7 +244,7 @@ export class Rule extends Resource implements IRule {
           });
           new CfnEventBusPolicy(eventBusPolicyStack, 'GivePermToOtherAccount', {
             action: 'events:PutEvents',
-            statementId: 'MySid',
+            statementId: `Allow-account-${sourceAccount}`,
             principal: sourceAccount,
           });
         }
diff --git a/packages/@aws-cdk/aws-events/test/test.rule.ts b/packages/@aws-cdk/aws-events/test/test.rule.ts
@@ -717,7 +717,7 @@ export = {
       const eventBusPolicyStack = app.node.findChild(`EventBusPolicy-${sourceAccount}-us-west-2-${targetAccount}`) as cdk.Stack;
       expect(eventBusPolicyStack).to(haveResourceLike('AWS::Events::EventBusPolicy', {
         'Action': 'events:PutEvents',
-        'StatementId': 'MySid',
+        'StatementId': `Allow-account-${sourceAccount}`,
         'Principal': sourceAccount,
       }));
 

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ export class Rule extends Resource implements IRule {`
`244`	`244`	`});`
`245`	`245`	`new CfnEventBusPolicy(eventBusPolicyStack, 'GivePermToOtherAccount', {`
`246`	`246`	`action: 'events:PutEvents',`
`247`		`- statementId: 'MySid',`
	`247`	+ statementId: `Allow-account-${sourceAccount}`,
`248`	`248`	`principal: sourceAccount,`
`249`	`249`	`});`
`250`	`250`	`}`