aws-events-rule-sns - AWS Solutions Constructs
OverviewPattern Construct PropsPattern PropertiesDefault settingsArchitectureGitHub

aws-events-rule-sns

> Some of our early constructs don’t meet the naming standards that evolved for the library. We are releasing completely feature compatible versions with corrected names. The underlying implementation code is the same regardless of whether you deploy the construct using the old or new name. We will support both names for all 1.x releases, but in 2.x we will only publish the correctly named constructs. This construct is being replaced by the functionally identical aws-eventbridge-sns.
Language Package
Python aws_solutions_constructs.aws_events_rule_sns
Typescript @aws-solutions-constructs/aws-events-rule-sns
Java software.amazon.awsconstructs.services.eventsrulesns

Overview

This AWS Solutions Construct implements an AWS Events rule and an AWS SNS Topic.

Here is a minimal deployable pattern definition:

Typescript

// aws-events-rule-sns has been deprecated for CDK V2 in favor of aws-eventbridge-sns.
// This sample uses the CDK V1 syntax
import * as cdk from '@aws-cdk/core';
import * as events from '@aws-cdk/aws-events';
import * as iam from '@aws-cdk/aws-iam';
import { EventsRuleToSnsProps, EventsRuleToSns } from "@aws-solutions-constructs/aws-events-rule-sns";

const constructProps: EventsRuleToSnsProps = {
  eventRuleProps: {
    schedule: events.Schedule.rate(cdk.Duration.minutes(5)),
  }
};

const constructStack = new EventsRuleToSns(this, 'test', constructProps);

// Grant yourself permissions to use the Customer Managed KMS Key
const policyStatement = new iam.PolicyStatement({
  actions: ["kms:Encrypt", "kms:Decrypt"],
  effect: iam.Effect.ALLOW,
  principals: [new iam.AccountRootPrincipal()],
  resources: ["*"]
});

constructStack.encryptionKey?.addToResourcePolicy(policyStatement);
Python

# aws-events-rule-sns has been deprecated for CDK V2 in favor of aws-eventbridge-sns.
# This sample uses the CDK V1 syntax
from aws_solutions_constructs.aws_events_rule_sns import EventsRuleToSns, EventsRuleToSnsProps
from aws_cdk import (
    aws_events as events,
    aws_iam as iam,
    core
)

construct_stack = EventsRuleToSns(self, 'test',
                                event_rule_props=events.RuleProps(
                                    schedule=events.Schedule.rate(
                                        core.Duration.minutes(5))
                                ))

# Grant yourself permissions to use the Customer Managed KMS Key
policy_statement = iam.PolicyStatement(
    actions=["kms:Encrypt", "kms:Decrypt"],
    effect=iam.Effect.ALLOW,
    principals=[iam.AccountRootPrincipal()],
    resources=["*"]
)

construct_stack.encryption_key.add_to_resource_policy(policy_statement)
Java

// aws-events-rule-sns has been deprecated for CDK V2 in favor of aws-eventbridge-sns.
// This sample uses the CDK V1 syntax
import software.constructs.Construct;
import java.util.List;

import software.amazon.awscdk.core.*;
import software.amazon.awscdk.services.events.*;
import software.amazon.awscdk.services.iam.*;
import software.amazon.awsconstructs.services.eventsrulesns.*;

final EventsRuleToSns constructStack = new EventsRuleToSns(this, "test",
    new EventsRuleToSnsProps.Builder()
        .eventRuleProps(new RuleProps.Builder()
            .schedule(Schedule.rate(Duration.minutes(5)))
            .build())
        .build());

// Grant yourself permissions to use the Customer Managed KMS Key
final PolicyStatement policyStatement = PolicyStatement.Builder.create()
    .actions(List.of("kms:Encrypt", "kms:Decrypt"))
    .effect(Effect.ALLOW)
    .principals(List.of(new AccountRootPrincipal()))
    .resources(List.of("*"))
    .build();

constructStack.getEncryptionKey().addToResourcePolicy(policyStatement);

Pattern Construct Props

Name Type Description
eventRuleProps events.RuleProps User provided eventRuleProps to override the defaults.
existingTopicObj? sns.Topic Existing instance of SNS Topic object, providing both this and topicProps will cause an error.
topicProps? sns.TopicProps User provided props to override the default props for the SNS Topic.
existingEventBusInterface? events.IEventBus Optional user-provided custom EventBus for construct to use. Providing both this and eventBusProps results an error.
eventBusProps? events.EventBusProps Optional user-provided properties to override the default properties when creating a custom EventBus. Setting this value to {} will create a custom EventBus using all default properties. If neither this nor existingEventBusInterface is provided the construct will use the default EventBus. Providing both this and existingEventBusInterface results an error.
enableEncryptionWithCustomerManagedKey? boolean Use a KMS Key, either managed by this CDK app, or imported. If importing an encryption key, it must be specified in the encryptionKey property for this construct.
encryptionKey? kms.Key An optional, imported encryption key to encrypt the SNS Topic.
encryptionKeyProps? kms.KeyProps An optional, user provided properties to override the default properties for the KMS encryption key.

Pattern Properties

Name Type Description
eventBus? events.IEventBus Returns the instance of events.IEventBus used by the construct
eventsRule events.Rule Returns an instance of events.Rule created by the construct
snsTopic sns.Topic Returns an instance of sns.Topic created by the construct
encryptionKey? kms.Key Returns an instance of kms Key used for the SNS Topic.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon EventBridge Rule

  • Grant least privilege permissions to EventBridge Rule to publish to the SNS Topic.

Amazon SNS Topic

  • Configure least privilege access permissions for SNS Topic.

  • Enable server-side encryption forSNS Topic using Customer managed KMS Key.

  • Enforce encryption of data in transit.

Architecture

GitHub

To view the code for this pattern, create/view issues and pull requests, and more:
@aws-solutions-constructs/aws-events-rule-sns