Skip to content

fix(events): serialize EventBusPolicy statements#37884

Draft
MukundaKatta wants to merge 1 commit into
aws:mainfrom
MukundaKatta:codex/aws-cdk-eventbus-policy-json
Draft

fix(events): serialize EventBusPolicy statements#37884
MukundaKatta wants to merge 1 commit into
aws:mainfrom
MukundaKatta:codex/aws-cdk-eventbus-policy-json

Conversation

@MukundaKatta
Copy link
Copy Markdown

@MukundaKatta MukundaKatta commented May 15, 2026

Issue

Closes #24031.

Reason for this change

EventBusPolicyProps.statement is typed as iam.PolicyStatement, but EventBusPolicy passed the PolicyStatement instance directly into the underlying CfnEventBusPolicy. When that statement includes principals, CloudFormation synthesis can walk the grantPrincipal object graph and fail with a circular reference.

EventBus.addToResourcePolicy() already avoids this by passing statement.toJSON() into EventBusPolicy. Direct EventBusPolicy usage should do the same thing.

Description of changes

  • Serializes EventBusPolicyProps.statement with toJSON() before passing it to CfnEventBusPolicy.
  • Adds a regression test covering direct EventBusPolicy usage with an AccountPrincipal.

Description of how you validated changes

  • git diff --check passes.
  • Attempted to run jest aws-events/test/event-bus.test.ts --runInBand using the existing local AWS CDK toolchain. The test runner could not start in the fresh worktree because generated core/dist artifacts were missing (../dist/core/cfn-utils-provider.generated).

Checklist

  • My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES
  • My change is relevant to the issue above
  • I added a regression test
  • I tried to run relevant tests and documented the local environment blocker

@github-actions github-actions Bot added the beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK label May 15, 2026
aws-cdk-automation
aws-cdk-automation requested changes May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter fails with the following errors:

❌ Fixes must contain a change to an integration test file and the resulting snapshot.

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.

✅ A exemption request has been requested. Please wait for a maintainer's review.

@MukundaKatta
Copy link
Copy Markdown
Author

MukundaKatta commented May 15, 2026

Exemption Request: this fix is limited to serializing EventBusPolicyProps.statement before synthesis. The regression test covers the failing direct EventBusPolicy path with an AccountPrincipal and asserts the synthesized statement JSON. An integration test would only snapshot the same synthesized policy shape, so the unit regression is the targeted coverage for this bug.

@aws-cdk-automation aws-cdk-automation added the pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. label May 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(events): EventBusPolicy fails with circular reference if PolicyStatement is not already resolved to JSON

2 participants

@MukundaKatta @aws-cdk-automation