Support Kinesis Streams as an Event Rule target

[0xdabbad00]

• I'm submitting a ...

  • 🪲 bug report
  • 🚀 feature request
  • 📚 construct library gap
  • ☎️ security issue or vulnerability => Please see policy
  • ❓ support request => Please see note at the top of this template.

• What is the expected behavior (or behavior of feature suggested)?
  CloudWatch Event Rules can send events to Kinesis Streams, as shown here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#aws-properties-events-rule-target--examples--Target_with_KinesisParameters--yaml

The CDK does not yet support that, as shown here: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-events.IRuleTarget.html

• What is the motivation / use case for changing the behavior or adding this feature?
  I want to send CloudWatch Events to a Kinesis Stream. This is needed for GuardDuty event collection as shown here: https://summitroute.com/blog/2019/03/06/guardduty_event_collection_via_cloudwatch_events/

• Please tell us about your environment:

  • CDK CLI Version: 0.35.0
  • Module Version: aws-events
  • OS: [all ]
  • Language: [ Javascript ]

• Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

[NGL321]

Hi Scott, thank you for reaching out!

We are currently pausing work on most new FRs and community PRs for a few weeks while we work towards stabilization and tuning to meet our consistency guidelines. Please feel free to discuss here, or put in a PR if you feel this is a problem you can resolve.

[0xdabbad00]

Thanks for the response. I was able to work around this for now using the "escape hatch" concept described here: https://docs.aws.amazon.com/cdk/latest/guide/cfn_layer.html

[NicoSorrenti]

@0xdabbad00 Scott, could you please give me a little insight on how you managed to do that? I'm looking on the link you sent, and the AWS Resource and Property Types Reference, but I can't find where that Kinesis event is. Thanks in advance

[0xdabbad00]

@NicoSorrenti The following creates two CloudWatch Event rules. One for GuardDuty, Trusted Adisor, and test events, and one for CloudTrail events.

// Create IAM Role for CloudWatch Events to send to the Kinesis Stream
    const event_role = new iam.Role(this, "event_role", {
      assumedBy: new iam.ServicePrincipal('events.amazonaws.com')
    });

    event_role.addToPolicy(new iam.PolicyStatement({
      resources: [RECORDS_SOURCE],
      actions: ['kinesis:PutRecord*']
    }));

    // Create rule to send GuardDuty, TrustedAdvisor, heartbeat, and test_events to our Kinesis Stream
    // Some of the needed functionality does not exist in the CDK yet and must be over-ridden
    var guardduty_rule = new events.Rule(this, "guardduty_rule", {
      ruleName: "guardduty_rule",
      schedule: events.Schedule.expression("rate(30 minutes)"),  // Ignore this schedule, it will be over-ridden
      description: "Collects GuardDuty, TrustedAdvisor, heartbeat, and test events"
    });

    var guardduty_rule_resource = guardduty_rule.node.findChild('Resource');

    guardduty_rule_resource.addOverride('Properties.ScheduleExpression', undefined);
    guardduty_rule_resource.addOverride('Properties.EventPattern', 
      { source: [
        "aws.guardduty", 
        "aws.trustedadvisor",
        "event_test",
        "event_forwarder"]
      }
    );
    guardduty_rule_resource.addOverride('Properties.Targets', 
      [{
        Arn: RECORDS_SOURCE,
        Id: "target",
        RoleArn: event_role.roleArn
      }]
    );

    // Create rule to send CloudTrail events to our Kinesis Stream
    var cloudtrail_rule = new events.Rule(this, "cloudtrail_rule", {
      ruleName: "cloudtrail_rule",
      schedule: events.Schedule.expression("rate(30 minutes)"), // Ignore this schedule, it will be over-ridden
      description: "Collects CloudTrail events"
    });

    var cloudtrail_rule_resource = cloudtrail_rule.node.findChild('Resource');

    cloudtrail_rule_resource.addOverride('Properties.ScheduleExpression', undefined);
    cloudtrail_rule_resource.addOverride('Properties.EventPattern', 
      { "detail-type": ["AWS API Call via CloudTrail"] }
    );
    cloudtrail_rule_resource.addOverride('Properties.Targets', 
      [{
        Arn: RECORDS_SOURCE,
        Id: "target",
        RoleArn: event_role.roleArn
      }]
    );

RECORDS_SOURCE is a string for the ARN for the Kinesis Stream. I wrote this 4 months ago, so there may be some updates needed for newer versions of the CDK as it looks like I was using the CDK v0.34.0.