Initial commit

Author: willdady

.prettierrc

@@ -0,0 +1,6 @@
+{
+    "trailingComma": "es5",
+    "tabWidth": 2,
+    "semi": true,
+    "singleQuote": true
+}

README.md

@@ -1,14 +1,16 @@
-# Welcome to your CDK TypeScript project!
+# EventBridge No Match Rule
 
-This is a blank project for TypeScript development with CDK.
+AWS EventBridge does not natively provide a way to catch events which do not match any rules defined on an event bus. This AWS CDK project defines a custom construct, `NoMatchRule`, which captures un-matched events and forwards them to an SQS queue of your choosing.
 
-The `cdk.json` file tells the CDK Toolkit how to execute your app.
+This works by creating a rule which matches on **all** events and forwards the event to a Lambda function. The Lambda function introspects the event bus by fetching all rules and testing the event against each rule's pattern. If no rules match the event is sent to the SQS queue.
 
-## Useful commands
+Note you must only instantiate `NoMatchRule` at most **once** for a given event bus.
 
- * `npm run build`   compile typescript to js
- * `npm run watch`   watch for changes and compile
- * `npm run test`    perform the jest unit tests
- * `cdk deploy`      deploy this stack to your default AWS account/region
- * `cdk diff`        compare deployed stack with current state
- * `cdk synth`       emits the synthesized CloudFormation template
+## Commands
+
+- `npm run build` compile typescript to js
+- `npm run watch` watch for changes and compile
+- `npm run test` perform the jest unit tests
+- `cdk deploy` deploy this stack to your default AWS account/region
+- `cdk diff` compare deployed stack with current state
+- `cdk synth` emits the synthesized CloudFormation template

bin/eventbridge-no-match-rule.ts

@@ -1,21 +1,18 @@
 #!/usr/bin/env node
 import 'source-map-support/register';
 import * as cdk from '@aws-cdk/core';
-import { EventbridgeNoMatchRuleStack } from '../lib/eventbridge-no-match-rule-stack';
+import { NoMatchRuleStack } from '../lib/no-match-rule-stack';
 
 const app = new cdk.App();
-new EventbridgeNoMatchRuleStack(app, 'EventbridgeNoMatchRuleStack', {
+new NoMatchRuleStack(app, 'NoMatchRuleStack', {
   /* If you don't specify 'env', this stack will be environment-agnostic.
    * Account/Region-dependent features and context lookups will not work,
    * but a single synthesized template can be deployed anywhere. */
-
   /* Uncomment the next line to specialize this stack for the AWS Account
    * and Region that are implied by the current CLI configuration. */
   // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
-
   /* Uncomment the next line if you know exactly what Account and Region you
    * want to deploy the stack to. */
   // env: { account: '123456789012', region: 'us-east-1' },
-
   /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
 });

lib/eventbridge-no-match-rule-stack.ts

@@ -0,0 +1,35 @@
+import * as cdk from '@aws-cdk/core';
+import * as events from '@aws-cdk/aws-events';
+import * as eventsTargets from '@aws-cdk/aws-events-targets';
+import * as sqs from '@aws-cdk/aws-sqs';
+
+import { NoMatchRule } from './no-match-rule';
+
+export class NoMatchRuleStack extends cdk.Stack {
+  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+
+    const eventBus = new events.EventBus(this, 'EventBus');
+
+    const queue1 = new sqs.Queue(this, 'Queue1');
+    new events.Rule(this, 'Rule1', {
+      eventBus: eventBus,
+      eventPattern: { source: ['foo'] },
+      targets: [new eventsTargets.SqsQueue(queue1)],
+    });
+
+    const queue2 = new sqs.Queue(this, 'Queue2');
+    new events.Rule(this, 'Rule2', {
+      eventBus: eventBus,
+      eventPattern: { source: ['bar'] },
+      targets: [new eventsTargets.SqsQueue(queue2)],
+    });
+
+    const noMatchQueue = new sqs.Queue(this, 'NoMatchQueue');
+
+    new NoMatchRule(this, 'NoMatchRule', {
+      eventBus: eventBus,
+      queue: noMatchQueue,
+    });
+  }
+}

lib/no-match-rule-stack.ts

@@ -0,0 +1,50 @@
+import {
+  CloudWatchEventsClient,
+  ListRulesCommand,
+  TestEventPatternCommand,
+} from '@aws-sdk/client-cloudwatch-events';
+import { SQSClient, SendMessageCommand } from '@aws-sdk/client-sqs';
+
+const { EVENT_BUS_ARN, SOURCE_RULE_NAME, QUEUE_URL } = process.env;
+
+const eventsClient = new CloudWatchEventsClient({});
+const sqsClient = new SQSClient({});
+
+export const handler = async (event: any) => {
+  let isFirstIteration = true;
+  let nextToken: string | undefined;
+  while (isFirstIteration || nextToken) {
+    isFirstIteration = false;
+    const response = await eventsClient.send(
+      new ListRulesCommand({
+        EventBusName: EVENT_BUS_ARN!,
+        NextToken: nextToken,
+        Limit: 100,
+      })
+    );
+    nextToken = response.NextToken;
+    for (const rule of response.Rules || []) {
+      // We ignore the rule targeting this Lambda function
+      if (rule.Name === SOURCE_RULE_NAME!) continue;
+      // Check if rule matches event
+      const response = await eventsClient.send(
+        new TestEventPatternCommand({
+          Event: JSON.stringify(event),
+          EventPattern: rule.EventPattern,
+        })
+      );
+      if (response.Result) {
+        console.log(`Rule ${rule.Arn} matched the event`);
+        return;
+      }
+    }
+  }
+  // If we make it here, no rules match the event
+  console.log(`No rules matched event. Forwarding event to queue.`);
+  await sqsClient.send(
+    new SendMessageCommand({
+      QueueUrl: QUEUE_URL,
+      MessageBody: JSON.stringify(event),
+    })
+  );
+};

lib/no-match-rule.func.ts

@@ -0,0 +1,45 @@
+import * as cdk from '@aws-cdk/core';
+import * as events from '@aws-cdk/aws-events';
+import * as eventsTargets from '@aws-cdk/aws-events-targets';
+import * as lambdaNodejs from '@aws-cdk/aws-lambda-nodejs';
+import * as lambda from '@aws-cdk/aws-lambda';
+import * as iam from '@aws-cdk/aws-iam';
+import * as sqs from '@aws-cdk/aws-sqs';
+
+interface NoMatchRuleProps {
+  eventBus: events.IEventBus;
+  queue: sqs.IQueue;
+}
+
+export class NoMatchRule extends cdk.Construct {
+  constructor(scope: cdk.Construct, id: string, props: NoMatchRuleProps) {
+    super(scope, id);
+
+    const func = new lambdaNodejs.NodejsFunction(this, 'func', {
+      runtime: lambda.Runtime.NODEJS_14_X,
+      memorySize: 256,
+      environment: {
+        EVENT_BUS_ARN: props.eventBus.eventBusArn,
+        QUEUE_URL: props.queue.queueUrl,
+      },
+    });
+    func.addToRolePolicy(
+      new iam.PolicyStatement({
+        effect: iam.Effect.ALLOW,
+        actions: ['events:ListRules', 'events:TestEventPattern'],
+        resources: ['*'],
+      })
+    );
+    props.queue.grantSendMessages(func);
+
+    const ruleName = `${id}CatchAllRule`;
+    new events.Rule(this, 'Rule', {
+      ruleName: ruleName,
+      eventBus: props.eventBus,
+      eventPattern: { source: [JSON.stringify({ prefix: '' })] },
+      targets: [new eventsTargets.LambdaFunction(func)],
+    });
+
+    func.addEnvironment('SOURCE_RULE_NAME', ruleName);
+  }
+}