fix(events): cannot trigger multiple Lambdas from the same Rule (#13260)

The permissions required to actually trigger the Lambda would only be added to the first target, not to any of the others. Fixes #13231. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Feb 25, 2021 · c8c1762 · c8c1762
1 parent 8426c71
commit c8c1762
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 15 deletions.
diff --git a/packages/@aws-cdk/aws-events-targets/lib/util.ts b/packages/@aws-cdk/aws-events-targets/lib/util.ts
@@ -33,13 +33,14 @@ export function singletonEventRole(scope: IConstruct, policyStatements: iam.Poli
 export function addLambdaPermission(rule: events.IRule, handler: lambda.IFunction): void {
   let scope: Construct | undefined;
   let node: ConstructNode = handler.permissionsNode;
+  let permissionId = `AllowEventRule${Names.nodeUniqueId(rule.node)}`;
   if (rule instanceof Construct) {
     // Place the Permission resource in the same stack as Rule rather than the Function
     // This is to reduce circular dependency when the lambda handler and the rule are across stacks.
     scope = rule;
     node = rule.node;
+    permissionId = `AllowEventRule${Names.nodeUniqueId(handler.node)}`;
   }
-  const permissionId = `AllowEventRule${Names.nodeUniqueId(rule.node)}`;
   if (!node.tryFindChild(permissionId)) {
     handler.addPermission(permissionId, {
       scope,

diff --git a/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json b/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json
@@ -29,7 +29,26 @@
         ]
       }
     },
-    "ScheduleRuleAllowEventRuleawscdkawsapitargetintegScheduleRule51140722763E20C1": {
+    "ScheduleRuleAllowEventRuleawscdkawsapitargetintegScheduleRuleScheduleRuleTarget0HandlerF2C0C898874A4805": {
+      "Type": "AWS::Lambda::Permission",
+      "Properties": {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": {
+          "Fn::GetAtt": [
+            "AWSb4cf1abd4e4f4bc699441af7ccd9ec371511E620",
+            "Arn"
+          ]
+        },
+        "Principal": "events.amazonaws.com",
+        "SourceArn": {
+          "Fn::GetAtt": [
+            "ScheduleRuleDA5BD877",
+            "Arn"
+          ]
+        }
+      }
+    },
+    "ScheduleRuleAllowEventRuleawscdkawsapitargetintegScheduleRuleScheduleRuleTarget1Handler4688817C0179F894": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",
@@ -198,7 +217,7 @@
         ]
       }
     },
-    "PatternRuleAllowEventRuleawscdkawsapitargetintegPatternRule3D388581AA4F776B": {
+    "PatternRuleAllowEventRuleawscdkawsapitargetintegPatternRulePatternRuleTarget0HandlerA0821464BB49C5D3": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",

diff --git a/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json b/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json
@@ -68,7 +68,7 @@
         ]
       }
     },
-    "TimerAllowEventRulelambdaeventsTimer0E6AB6D890F582F4": {
+    "TimerAllowEventRulelambdaeventsMyFunc910E580F793D7BBB": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",
@@ -105,7 +105,7 @@
         ]
       }
     },
-    "Timer2AllowEventRulelambdaeventsTimer27F866A1E50659689": {
+    "Timer2AllowEventRulelambdaeventsMyFunc910E580FCCD9CDCE": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",

diff --git a/packages/@aws-cdk/aws-events-targets/test/lambda/lambda.test.ts b/packages/@aws-cdk/aws-events-targets/test/lambda/lambda.test.ts
@@ -78,6 +78,27 @@ test('adding same lambda function as target mutiple times creates permission onl
   expect(stack).toCountResources('AWS::Lambda::Permission', 1);
 });
 
+test('adding different lambda functions as target mutiple times creates multiple permissions', () => {
+  // GIVEN
+  const stack = new cdk.Stack();
+  const fn1 = newTestLambda(stack);
+  const fn2 = newTestLambda(stack, '2');
+  const rule = new events.Rule(stack, 'Rule', {
+    schedule: events.Schedule.rate(cdk.Duration.minutes(1)),
+  });
+
+  // WHEN
+  rule.addTarget(new targets.LambdaFunction(fn1, {
+    event: events.RuleTargetInput.fromObject({ key: 'value1' }),
+  }));
+  rule.addTarget(new targets.LambdaFunction(fn2, {
+    event: events.RuleTargetInput.fromObject({ key: 'value2' }),
+  }));
+
+  // THEN
+  expect(stack).toCountResources('AWS::Lambda::Permission', 2);
+});
+
 test('adding same singleton lambda function as target mutiple times creates permission only once', () => {
   // GIVEN
   const stack = new cdk.Stack();
@@ -126,8 +147,8 @@ test('lambda handler and cloudwatch event across stacks', () => {
   expect(eventStack).toCountResources('AWS::Lambda::Permission', 1);
 });
 
-function newTestLambda(scope: constructs.Construct) {
-  return new lambda.Function(scope, 'MyLambda', {
+function newTestLambda(scope: constructs.Construct, suffix = '') {
+  return new lambda.Function(scope, `MyLambda${suffix}`, {
     code: new lambda.InlineCode('foo'),
     handler: 'bar',
     runtime: lambda.Runtime.PYTHON_2_7,

diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json b/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json
@@ -58,13 +58,13 @@
         "Code": {
           "ZipFile": "exports.handler = async (event) => {\n        console.log('Event: %j', event);\n        if (event === 'error') throw new Error('UnkownError');\n        return event;\n      };"
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "FirstServiceRole097DB3A5",
             "Arn"
           ]
         },
+        "Handler": "index.handler",
         "Runtime": "nodejs10.x"
       },
       "DependsOn": [
@@ -114,7 +114,7 @@
         ]
       }
     },
-    "FirstEventInvokeConfigFailureAllowEventRuleawscdklambdachainFirstEventInvokeConfigFailure7180F42FA8F1F1F0": {
+    "FirstEventInvokeConfigFailureAllowEventRuleawscdklambdachainErrorC073CD8DCAD68018": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",
@@ -175,7 +175,7 @@
         ]
       }
     },
-    "FirstEventInvokeConfigSuccessAllowEventRuleawscdklambdachainFirstEventInvokeConfigSuccess2DCAE39FC2495AB7": {
+    "FirstEventInvokeConfigSuccessAllowEventRuleawscdklambdachainSecond178F48F8A8DE2790": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",
@@ -308,13 +308,13 @@
         "Code": {
           "ZipFile": "exports.handler = async (event) => {\n        console.log('Event: %j', event);\n        if (event === 'error') throw new Error('UnkownError');\n        return event;\n      };"
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "SecondServiceRole55940A31",
             "Arn"
           ]
         },
+        "Handler": "index.handler",
         "Runtime": "nodejs10.x"
       },
       "DependsOn": [
@@ -364,7 +364,7 @@
         ]
       }
     },
-    "SecondEventInvokeConfigSuccessAllowEventRuleawscdklambdachainSecondEventInvokeConfigSuccess2078CDC9C7FB9F61": {
+    "SecondEventInvokeConfigSuccessAllowEventRuleawscdklambdachainThird031C7FF6ABA1C15A": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",
@@ -453,13 +453,13 @@
         "Code": {
           "ZipFile": "exports.handler = async (event) => {\n        console.log('Event: %j', event);\n        if (event === 'error') throw new Error('UnkownError');\n        return event;\n      };"
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "ThirdServiceRole42701801",
             "Arn"
           ]
         },
+        "Handler": "index.handler",
         "Runtime": "nodejs10.x"
       },
       "DependsOn": [
@@ -503,13 +503,13 @@
         "Code": {
           "ZipFile": "exports.handler = async (event) => {\n        console.log('Event: %j', event);\n        if (event === 'error') throw new Error('UnkownError');\n        return event;\n      };"
         },
-        "Handler": "index.handler",
         "Role": {
           "Fn::GetAtt": [
             "ErrorServiceRoleCE484966",
             "Arn"
           ]
         },
+        "Handler": "index.handler",
         "Runtime": "nodejs10.x"
       },
       "DependsOn": [

diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json
@@ -909,7 +909,7 @@
         ]
       }
     },
-    "InstanceAvailabilityAllowEventRuleawscdkrdsinstanceInstanceAvailabilityCE39A6A7B066AA0D": {
+    "InstanceAvailabilityAllowEventRuleawscdkrdsinstanceFunctionD515EE1969208105": {
       "Type": "AWS::Lambda::Permission",
       "Properties": {
         "Action": "lambda:InvokeFunction",