我想创建
n
数量的 EventBridge 规则,其中目标资源是使用 CDK 的 Lambda。创建规则时,EventBridge 会自动为 lambda 创建资源策略,如下所示:
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "EventBridge-Rule-1",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:XXXXXXXXXXXXX:function:SUBMIT-JOB-LAMBDA",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:us-east-1:XXXXXXXXXXXXX:rule/src-project-file.py"
}
}
},
{
"Sid": "EventBridge-Rule-2",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:XXXXXXXXXXXXX:function:SUBMIT-JOB-LAMBDA",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:us-east-1:XXXXXXXXXXXXX:rule/src-project-file_2.py"
}
}
}
]
}
目前该政策包含有关两条规则的信息。将来,该策略可能有超过 100 条语句,这将破坏资源策略的大小(20KB)。
就我而言,
SourceArn
始终以arn:aws:events:us-east-1:XXXXXXXXXXXXX:rule/src
开头。因此,我可以在 *
中使用 SourceArn
通配符,并将此资源策略减少为单个语句,无论规则数量如何。
最后我使用 L1 规则构造解决了这个问题:
// Creating input for target
const input = JSON.stringify({
job_name: jobAndRuleName,
file_path: schedule.file_path,
cpu: this.get_cpu(schedule?.cpu),
ram: this.get_ram(this.get_cpu(schedule?.cpu)),
job_queue: 'JOB-QUEUE',
job_definition: 'JOB-DEFINITION',
});
// Creating rule
new events.CfnRule(this, jobAndRuleName, {
name: jobAndRuleName,
description: `This rule is created via CDK for file: ${schedule.file_path}`,
scheduleExpression: `cron(${schedule.cron})`,
state: schedule?.disable ? 'DISABLED' : 'ENABLED',
targets: [
{
arn: this.lambda.functionArn,
id: 'Target-SUBMIT-JOB-LAMBDA',
input: input,
},
],
});