aws-cdk
aws-cdk copied to clipboard
aws
(aws-ecr): ECR EventBridge rule has incorrect event pattern
Describe the bug
Using the CDK, creating an EventBridge rule on an ECR repository creates a rule with the following event pattern:
{
"resources": ["arn:aws:ecr:ap-southeast-2:<account-id>:repository/my-repository-name"],
"source": ["aws.ecr"]
}
However when ECR sends the event, "resources" is empty, so the rule never matches (example from https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-eventbridge.html#ecr-eventbridge-bus):
{
"version": "0",
"id": "13cde686-328b-6117-af20-0e5566167482",
"detail-type": "ECR Image Action",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-11-16T01:54:34Z",
"region": "us-west-2",
"resources": [], // <--- empty, rule fails
"detail": {
"result": "SUCCESS",
"repository-name": "my-repository-name",
"image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
"action-type": "PUSH",
"image-tag": "latest"
}
}
Expected Behavior
Use the detail.repository-name field as a filter instead of resources:
{
"detail": {
"repository-name": ["my-repository-name"]
},
"source": ["aws.ecr"]
}
Current Behavior
Uses resources as a filter, which is empty in the real event
Reproduction Steps
var ecrRepo = new EcrRepository(this, "CiTestEcrRepository", new EcrRepositoryProps());
ecrRepo.OnEvent("EcrRepoEventRule", new OnEventOptions() {
Target = new LambdaFunction(myLambdaHandler),
});
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.127.0 (build 6c90efc)
Framework Version
.NET 8
Node.js Version
v18.16.1
OS
MacOS
Language
.NET
Language Version
.NET 8
Other information
No response
Also, CDK adds the resources filter even if you specify your own event pattern, including if you set Resources to null or an empty array:
ecrRepo.OnEvent("EcrRepoEventRule", new OnEventOptions() {
Target = new LambdaFunction(ecrHandler),
EventPattern = new EventPattern() {
Source = new[] { "aws.ecr" },
Resources = null, //Setting to `null` or `new string[0]` doesn't help
Detail = new Dictionary<string, object>() {
["repository-name"] = new[] { ecrRepo.RepositoryName },
},
},
});
Result:
{
"resources": ["arn:aws:ecr:ap-southeast-2:<account-id>:repository/repository-name"],
"detail": {
"repository-name": ["repository-name"]
},
"source": ["aws.ecr"]
}
Workaround is to create the rule directly via the EventBridge CDK Rule construct:
new Rule(this, "EcrRepoEventRule", new RuleProps() {
Targets = new IRuleTarget[] {
new LambdaFunction(ecrHandler),
},
EventPattern = new EventPattern() {
Source = new[] { "aws.ecr" },
Detail = new Dictionary<string, object>() {
["repository-name"] = new[] { ecrRepo.RepositoryName },
},
},
});
Yes I get this when I synth:
Type: AWS::Events::Rule
Properties:
EventPattern:
source:
- aws.ecr
resources:
- Fn::GetAtt:
- CiTestEcrRepository95B2A864
- Arn
State: ENABLED
Targets:
- Arn:
Fn::GetAtt:
- Func217E03A4
- Arn
Id: Target0
And looks like the resources should be empty according to the doc. And we probably should filter the repository-name in the detail.
@pahud I started a PR for this but please see my comment in the description. The Lambda trigger does not created on the Lambda side.
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}