fix(scheduler-targets-alpha): imported Schedule targets cause synth-time error

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/codebuild-start-build.ts

@@ -1,34 +1,23 @@
 import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import { IProject } from 'aws-cdk-lib/aws-codebuild';
 import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Use an AWS CodeBuild as a target for AWS EventBridge Scheduler.
  */
 export class CodeBuildStartBuild extends ScheduleTargetBase implements IScheduleTarget {
+  private readonly project: IProject;
+
   constructor(
-    private readonly project: IProject,
-    private readonly props: ScheduleTargetBaseProps = {},
+    project: IProject,
+    props: ScheduleTargetBaseProps = {},
   ) {
     super(props, project.projectArn);
+    this.project = project;
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    if (!sameEnvDimension(this.project.env.region, schedule.env.region)) {
-      throw new Error(`Cannot assign project in region ${this.project.env.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the project must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(this.project.env.account, schedule.env.account)) {
-      throw new Error(`Cannot assign project in account ${this.project.env.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the project must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, schedule.env.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     role.addToPrincipalPolicy(new PolicyStatement({
       actions: ['codebuild:StartBuild'],
       resources: [this.project.projectArn],

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/codepipeline-start-pipeline-execution.ts

@@ -1,37 +1,23 @@
 import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import { IPipeline } from 'aws-cdk-lib/aws-codepipeline';
 import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Use an AWS CodePipeline pipeline as a target for AWS EventBridge Scheduler.
  */
 export class CodePipelineStartPipelineExecution extends ScheduleTargetBase implements IScheduleTarget {
+  private readonly pipeline: IPipeline;
+
   constructor(
-    private readonly pipeline: IPipeline,
-    private readonly props: ScheduleTargetBaseProps = {},
+    pipeline: IPipeline,
+    props: ScheduleTargetBaseProps = {},
   ) {
     super(props, pipeline.pipelineArn);
+    this.pipeline = pipeline;
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    const region = this.pipeline.env.region ?? '';
-    const account = this.pipeline.env.account ?? '';
-
-    if (!sameEnvDimension(region, schedule.env.region)) {
-      throw new Error(`Cannot assign pipeline in region ${region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the pipeline must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(account, schedule.env.account)) {
-      throw new Error(`Cannot assign pipeline in account ${account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the pipeline must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.pipeline.node)} in account ${account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     role.addToPrincipalPolicy(new PolicyStatement({
       actions: ['codepipeline:StartPipelineExecution'],
       resources: [this.pipeline.pipelineArn],

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/event-bridge-put-events.ts

@@ -1,9 +1,7 @@
 import { IScheduleTarget, ISchedule, ScheduleTargetInput, ScheduleTargetConfig } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import * as events from 'aws-cdk-lib/aws-events';
 import { IRole } from 'aws-cdk-lib/aws-iam';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * An entry to be sent to EventBridge
@@ -60,21 +58,8 @@ export class EventBridgePutEvents extends ScheduleTargetBase implements ISchedul
     }
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     const eventBus = this.entry.eventBus;
-    const eventBusEnv = eventBus.env;
-    if (!sameEnvDimension(eventBusEnv.region, schedule.env.region)) {
-      throw new Error(`Cannot assign eventBus in region ${eventBusEnv.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the eventBus must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(eventBusEnv.account, schedule.env.account)) {
-      throw new Error(`Cannot assign eventBus in account ${eventBusEnv.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the eventBus must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, eventBusEnv.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(eventBus.node)} in account ${eventBusEnv.account}. Both the target and the execution role must be in the same account.`);
-    }
-
     eventBus.grantPutEventsTo(role);
   }
 

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts

@@ -1,34 +1,20 @@
 import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
 import { CfnAssessmentTemplate } from 'aws-cdk-lib/aws-inspector';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Use an Amazon Inspector as a target for AWS EventBridge Scheduler.
  */
 export class InspectorStartAssessmentRun extends ScheduleTargetBase implements IScheduleTarget {
   constructor(
-    private readonly template: CfnAssessmentTemplate,
-    private readonly props: ScheduleTargetBaseProps = {},
+    template: CfnAssessmentTemplate,
+    props: ScheduleTargetBaseProps = {},
   ) {
     super(props, template.attrArn);
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    if (!sameEnvDimension(this.template.stack.region, schedule.env.region)) {
-      throw new Error(`Cannot assign assessment template in region ${this.template.stack.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the assessment template must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(this.template.stack.account, schedule.env.account)) {
-      throw new Error(`Cannot assign assessment template in account ${this.template.stack.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the assessment template must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.template.stack.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.template.node)} in account ${this.template.stack.account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     role.addToPrincipalPolicy(new PolicyStatement({
       actions: ['inspector:StartAssessmentRun'],
       resources: ['*'],

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/kinesis-data-firehose-put-record.ts

@@ -1,34 +1,23 @@
 import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
 import { CfnDeliveryStream } from 'aws-cdk-lib/aws-kinesisfirehose';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Use an Amazon Kinesis Data Firehose as a target for AWS EventBridge Scheduler.
  */
 export class KinesisDataFirehosePutRecord extends ScheduleTargetBase implements IScheduleTarget {
+  private readonly deliveryStream: CfnDeliveryStream;
+
   constructor(
-    private readonly deliveryStream: CfnDeliveryStream,
-    private readonly props: ScheduleTargetBaseProps = {},
+    deliveryStream: CfnDeliveryStream,
+    props: ScheduleTargetBaseProps = {},
   ) {
     super(props, deliveryStream.attrArn);
+    this.deliveryStream = deliveryStream;
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    if (!sameEnvDimension(this.deliveryStream.stack.region, schedule.env.region)) {
-      throw new Error(`Cannot assign the Firehose delivery stream in region ${this.deliveryStream.stack.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the Firehose delivery stream must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(this.deliveryStream.stack.account, schedule.env.account)) {
-      throw new Error(`Cannot assign the Firehose delivery stream in account ${this.deliveryStream.stack.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the Firehose delivery stream must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.deliveryStream.stack.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.deliveryStream.node)} in account ${this.deliveryStream.stack.account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     role.addToPrincipalPolicy(new PolicyStatement({
       actions: ['firehose:PutRecord'],
       resources: [this.deliveryStream.attrArn],

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/kinesis-stream-put-record.ts

@@ -1,9 +1,7 @@
 import { ISchedule, IScheduleTarget, ScheduleTargetConfig } from '@aws-cdk/aws-scheduler-alpha';
-import { Names, Token } from 'aws-cdk-lib';
 import { IRole } from 'aws-cdk-lib/aws-iam';
 import * as kinesis from 'aws-cdk-lib/aws-kinesis';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Properties for a Kinesis Data Streams Target
@@ -28,25 +26,9 @@ export class KinesisStreamPutRecord extends ScheduleTargetBase implements ISched
     private readonly props: KinesisStreamPutRecordProps,
   ) {
     super(props, stream.streamArn);
-
-    if (!Token.isUnresolved(props.partitionKey) && (props.partitionKey.length < 1 || props.partitionKey.length > 256)) {
-      throw new Error(`partitionKey length must be between 1 and 256, got ${props.partitionKey.length}`);
-    }
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    if (!sameEnvDimension(this.stream.env.region, schedule.env.region)) {
-      throw new Error(`Cannot assign stream in region ${this.stream.env.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the stream must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(this.stream.env.account, schedule.env.account)) {
-      throw new Error(`Cannot assign stream in account ${this.stream.env.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the stream must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.stream.env.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.stream.node)} in account ${this.stream.env.account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     this.stream.grantWrite(role);
   }
 

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/lambda-invoke.ts

@@ -1,34 +1,23 @@
 import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import { IRole } from 'aws-cdk-lib/aws-iam';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Use an AWS Lambda function as a target for AWS EventBridge Scheduler.
  */
 export class LambdaInvoke extends ScheduleTargetBase implements IScheduleTarget {
+  private readonly func: lambda.IFunction;
+
   constructor(
-    private readonly func: lambda.IFunction,
-    private readonly props: ScheduleTargetBaseProps,
+    func: lambda.IFunction,
+    props: ScheduleTargetBaseProps,
   ) {
     super(props, func.functionArn);
+    this.func = func;
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    if (!sameEnvDimension(this.func.env.region, schedule.env.region)) {
-      throw new Error(`Cannot assign function in region ${this.func.env.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the function must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(this.func.env.account, schedule.env.account)) {
-      throw new Error(`Cannot assign function in account ${this.func.env.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the function must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.func.env.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.func.node)} in account ${this.func.env.account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     this.func.grantInvoke(role);
   }
 }

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sage-maker-start-pipeline-execution.ts

@@ -1,9 +1,7 @@
 import { ISchedule, IScheduleTarget, ScheduleTargetConfig } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import { IRole } from 'aws-cdk-lib/aws-iam';
 import { IPipeline } from 'aws-cdk-lib/aws-sagemaker';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Properties for a pipeline parameter
@@ -45,25 +43,9 @@ export class SageMakerStartPipelineExecution extends ScheduleTargetBase implemen
     private readonly props: SageMakerStartPipelineExecutionProps = {},
   ) {
     super(props, pipeline.pipelineArn);
-
-    if (props.pipelineParameterList !== undefined && props.pipelineParameterList.length > 200) {
-      throw new Error(`pipelineParameterList length must be between 0 and 200, got ${props.pipelineParameterList.length}`);
-    }
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    if (!sameEnvDimension(this.pipeline.stack.region, schedule.env.region)) {
-      throw new Error(`Cannot assign pipeline in region ${this.pipeline.stack.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the pipeline must be in the same region.`);
-    }
-
-    if (!sameEnvDimension(this.pipeline.stack.account, schedule.env.account)) {
-      throw new Error(`Cannot assign pipeline in account ${this.pipeline.stack.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the pipeline must be in the same account.`);
-    }
-
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.pipeline.stack.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.pipeline.node)} in account ${this.pipeline.stack.account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     this.pipeline.grantStartPipelineExecution(role);
   }
 

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sns-publish.ts

@@ -1,37 +1,23 @@
 import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
-import { Names } from 'aws-cdk-lib';
 import { IRole } from 'aws-cdk-lib/aws-iam';
 import * as sns from 'aws-cdk-lib/aws-sns';
 import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
-import { sameEnvDimension } from './util';
 
 /**
  * Use an Amazon SNS topic as a target for AWS EventBridge Scheduler.
  */
 export class SnsPublish extends ScheduleTargetBase implements IScheduleTarget {
+  private readonly topic: sns.ITopic;
+
   constructor(
-    private readonly topic: sns.ITopic,
-    private readonly props: ScheduleTargetBaseProps = {},
+    topic: sns.ITopic,
+    props: ScheduleTargetBaseProps = {},
   ) {
     super(props, topic.topicArn);
+    this.topic = topic;
   }
 
-  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
-    // Check if target and schedule are in the region
-    if (!sameEnvDimension(this.topic.env.region, schedule.env.region)) {
-      throw new Error(`Cannot assign topic in region ${this.topic.env.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the topic must be in the same region.`);
-    }
-
-    // Check if target and schedule are in the same account
-    if (!sameEnvDimension(this.topic.env.account, schedule.env.account)) {
-      throw new Error(`Cannot assign topic in account ${this.topic.env.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${role.env.account}. Both the schedule and the topic must be in the same account.`);
-    }
-
-    // Check if target and role are in the same account
-    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.topic.env.account)) {
-      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to publish to target ${Names.nodeUniqueId(this.topic.node)} in account ${this.topic.env.account}. Both the target and the execution role must be in the same account.`);
-    }
-
+  protected addTargetActionToRole(_schedule: ISchedule, role: IRole): void {
     this.topic.grantPublish(role);
   }
 }