Merge pull request #143 from jerolan/main

add optional roleArn support for scheduler schedules

Author: mnapoli

docs/events/schedule.md

@@ -88,13 +88,17 @@ However, `AWS::Scheduler::Schedule` has much higher limits (1,000,000 events), a
 `method` can be set in order to migrate to this trigger type seamlessly. It also allows you to specify a timezone to run your event based on local time.
 The default method is `eventBus`, which configures an `AWS::Event::Rule`.
 
+By default, `scheduler` uses the function execution role as target role.
+You can provide `roleArn` to use a dedicated role for EventBridge Scheduler.
+
 ```yaml
 functions:
   foo:
     handler: foo.handler
     events:
       - schedule:
           method: scheduler
+          roleArn: arn:aws:iam::123456789012:role/scheduler-execution-role
           rate:
             - cron(0 0/4 ? * MON-FRI *)
           timezone: America/New_York

lib/plugins/aws/package/compile/events/schedule.js

@@ -82,6 +82,9 @@ class AwsCompileScheduledEvents {
               type: 'string',
               enum: [METHOD_EVENT_BUS, METHOD_SCHEDULER],
             },
+            roleArn: {
+              anyOf: [{ type: 'string' }, { $ref: '#/definitions/awsCfFunction' }],
+            },
             timezone: {
               type: 'string',
               pattern: '[\\w\\-\\/]+',
@@ -140,7 +143,7 @@ class AwsCompileScheduledEvents {
               const functionLogicalId = this.provider.naming.getLambdaLogicalId(functionName);
               const functionResource = resources[functionLogicalId];
 
-              roleArn = functionResource.Properties.Role;
+              roleArn = event.schedule.roleArn || functionResource.Properties.Role;
 
               method = event.schedule.method || METHOD_EVENT_BUS;
 

test/unit/lib/plugins/aws/package/compile/events/schedule.test.js

@@ -435,4 +435,25 @@ describe('test/unit/lib/plugins/aws/package/compile/events/schedule.test.js', ()
       'Fn::GetAtt': ['customRole', 'Arn'],
     });
   });
+
+  it('should pass explicit schedule roleArn to method:schedule resources', async () => {
+    const events = [
+      {
+        schedule: {
+          rate: 'rate(15 minutes)',
+          method: METHOD_SCHEDULER,
+          roleArn: 'arn:aws:iam::123456789012:role/scheduler-execution-role',
+          name: 'scheduler-scheduled-event',
+          description: 'Scheduler Scheduled Event',
+          input: '{"key":"array"}',
+        },
+      },
+    ];
+
+    const { scheduleCfResources } = await run(events, { functionRole: 'customRole' });
+
+    expect(scheduleCfResources[0].Properties.Target.RoleArn).to.equal(
+      'arn:aws:iam::123456789012:role/scheduler-execution-role'
+    );
+  });
 });

types/index.d.ts

@@ -205,6 +205,7 @@ export interface AWS {
               };
             };
             method?: "eventBus" | "scheduler";
+            roleArn?: AwsCfFunction | string;
             timezone?: string;
           };
         }