aws_ecr: repository.on_event() creates an event that never fires

[mrudelle]

Describe the bug

The event created by the method .on_event() of an ecr.Repository does not fire. And I suspect this is because the event behavior filters for resources which is not specified in the ecr event.

Expected Behavior

When a new image is pushed to the repository, an event should fire.

Current Behavior

No event is fired.

Reproduction Steps

We are creating the rule like this:

repository_name="my-repo"
container_repository = ecr.Repository(
    self, 'Repository',
    repository_name=repository_name,
)

notify_fn = aws_lambda.Function(
    self, 'NotifyFn',
    runtime=aws_lambda.Runtime.PYTHON_3_12,
    code=aws_lambda.Code.from_asset('lambdas/ecr-notify'),
    handler='handler.lambda_handler',
)

rule = container_repository.on_event(
    'RepositoryNewReleaseEvent',
    target=targets.LambdaFunction(notify_fn)
)

rule.add_event_pattern(
    detail_type=["ECR Image Action"],
    detail={
        "action-type": ["PUSH"],
        "result": ["SUCCESS"],
        "repository-name": [container_repository.repository_name],
    }
)

In the console, that creates the following event pattern:

{
  "detail-type": ["ECR Image Action"],
  "resources": ["arn:aws:ecr:eu-central-1:XXXXXXXX:repository/XXXXXXX"],
  "source": ["aws.ecr"],
  "detail": {
    "result": ["SUCCESS"],
    "repository-name": ["XXXXXXX"],
    "action-type": ["PUSH"]
  }
}

And the event is never fired. But if instead I create the event like this:

repository_name="my-repo"
container_repository = ecr.Repository(
    self, 'Repository',
    repository_name=repository_name,
)

notify_fn = aws_lambda.Function(
    self, 'NotifyFn',
    runtime=aws_lambda.Runtime.PYTHON_3_12,
    code=aws_lambda.Code.from_asset('lambdas/ecr-notify'),
    handler='handler.lambda_handler',
)

rule = events.Rule(
    self, 'NotifyRule',
    targets=[targets.LambdaFunction(notify_fn)],
    event_pattern=events.EventPattern(
        source=["aws.ecr"],
        detail_type=["ECR Image Action"],
        detail={
            'action-type': ["PUSH"],
            'result': ["SUCCESS"],
            'repository-name': [container_repository.repository_name],
        }
    )
)

The following event pattern is created:

{
  "detail-type": ["ECR Image Action"],
  "detail": {
    "result": ["SUCCESS"],
    "repository-name": ["XXXXXXX"],
    "action-type": ["PUSH"]
  },
  "source": ["aws.ecr"]
}

And events fire as expected

Possible Solution

The event that is sent to the lambda has an empty array for resources. That could be why the event is not fired, if it tries to match for this property.

Additional Information/Context

No response

CDK CLI Version

2.131.0 (build 92b912d)

Framework Version

aws-cdk-lib==2.131.0

Node.js Version

v18.19.0

OS

MacOS

Language

Python

Language Version

Python 3.10.10

Other information

No response

[mrudelle]

Actually, this issue was already reported here #29225

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[aws-cdk-automation]

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.