chore(release): 2.229.1 (#36187)

mergify[bot] · web-flow · commit 06dcb4d97a0e · 2025-11-25T09:25:19.000Z
See [CHANGELOG](https://github.com/aws/aws-cdk/blob/patch/v2.229.1/CHANGELOG.v2.md)
diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.229.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.229.0-alpha.0...v2.229.1-alpha.0) (2025-11-25)
+
 ## [2.229.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.228.0-alpha.0...v2.229.0-alpha.0) (2025-11-24)
 
 
diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.229.1](https://github.com/aws/aws-cdk/compare/v2.229.0...v2.229.1) (2025-11-25)
+
+
+### Bug Fixes
+
+* **scheduler:** wrong ARN generated in `ScheduleGroup.grant*` methods ([#36175](https://github.com/aws/aws-cdk/issues/36175)) ([ca9fbdd](https://github.com/aws/aws-cdk/commit/ca9fbdd4c7d9551e18abe4967f0b8649302aaa56))
+
 ## [2.229.0](https://github.com/aws/aws-cdk/compare/v2.228.0...v2.229.0) (2025-11-24)
 
 
diff --git a/packages/aws-cdk-lib/aws-scheduler/grants.json b/packages/aws-cdk-lib/aws-scheduler/grants.json
diff --git a/packages/aws-cdk-lib/aws-scheduler/lib/index.ts b/packages/aws-cdk-lib/aws-scheduler/lib/index.ts
@@ -1,7 +1,7 @@
 export * from './scheduler.generated';
-export * from './scheduler-grants.generated';
 export * from './schedule-expression';
 export * from './input';
 export * from './schedule';
 export * from './target';
 export * from './schedule-group';
+export * from './schedule-group-grants';
diff --git a/packages/aws-cdk-lib/aws-scheduler/lib/schedule-group-grants.ts b/packages/aws-cdk-lib/aws-scheduler/lib/schedule-group-grants.ts
@@ -0,0 +1,81 @@
+/* eslint-disable @stylistic/max-len, eol-last */
+import * as scheduler from './scheduler.generated';
+import * as iam from '../../aws-iam';
+import { Arn, Aws } from '../../core';
+
+/**
+ * Properties for ScheduleGroupGrants
+ */
+interface ScheduleGroupGrantsProps {
+  /**
+   * The resource on which actions will be allowed
+   */
+  readonly resource: scheduler.IScheduleGroupRef;
+}
+
+/**
+ * Collection of grant methods for a IScheduleGroupRef
+ */
+export class ScheduleGroupGrants {
+  /**
+   * Creates grants for ScheduleGroupGrants
+   */
+  public static fromScheduleGroup(resource: scheduler.IScheduleGroupRef): ScheduleGroupGrants {
+    return new ScheduleGroupGrants({
+      resource: resource,
+    });
+  }
+
+  protected readonly resource: scheduler.IScheduleGroupRef;
+
+  private constructor(props: ScheduleGroupGrantsProps) {
+    this.resource = props.resource;
+  }
+
+  /**
+   * Grant list and get schedule permissions for schedules in this group to the given principal
+   */
+  public readSchedules(grantee: iam.IGrantable): iam.Grant {
+    const actions = ['scheduler:GetSchedule', 'scheduler:ListSchedules'];
+    return iam.Grant.addToPrincipal({
+      actions: actions,
+      grantee: grantee,
+      resourceArns: [this.arnForScheduleInGroup('*')],
+    });
+  }
+
+  /**
+   * Grant create and update schedule permissions for schedules in this group to the given principal
+   */
+  public writeSchedules(grantee: iam.IGrantable): iam.Grant {
+    const actions = ['scheduler:CreateSchedule', 'scheduler:UpdateSchedule'];
+    return iam.Grant.addToPrincipal({
+      actions: actions,
+      grantee: grantee,
+      resourceArns: [this.arnForScheduleInGroup('*')],
+    });
+  }
+
+  /**
+   * Grant delete schedule permission for schedules in this group to the given principal
+   */
+  public deleteSchedules(grantee: iam.IGrantable): iam.Grant {
+    const actions = ['scheduler:DeleteSchedule'];
+    return iam.Grant.addToPrincipal({
+      actions: actions,
+      grantee: grantee,
+      resourceArns: [this.arnForScheduleInGroup('*')],
+    });
+  }
+
+  private arnForScheduleInGroup(scheduleName: string): string {
+    return Arn.format({
+      region: this.resource.env.region,
+      account: this.resource.env.account,
+      partition: Aws.PARTITION,
+      service: 'scheduler',
+      resource: 'schedule',
+      resourceName: this.resource.scheduleGroupRef.scheduleGroupName + '/' + scheduleName,
+    });
+  }
+}
diff --git a/packages/aws-cdk-lib/aws-scheduler/lib/schedule-group.ts b/packages/aws-cdk-lib/aws-scheduler/lib/schedule-group.ts
@@ -1,5 +1,5 @@
 import { Construct } from 'constructs';
-import { ScheduleGroupGrants } from './scheduler-grants.generated';
+import { ScheduleGroupGrants } from './schedule-group-grants';
 import { CfnScheduleGroup, IScheduleGroupRef, ScheduleGroupReference } from './scheduler.generated';
 import * as cloudwatch from '../../aws-cloudwatch';
 import * as iam from '../../aws-iam';
@@ -260,51 +260,25 @@ abstract class ScheduleGroupBase extends Resource implements IScheduleGroup {
     });
   }
 
-  // private arnForScheduleInGroup(scheduleName: string): string {
-  //   return Arn.format({
-  //     region: this.env.region,
-  //     account: this.env.account,
-  //     partition: Aws.PARTITION,
-  //     service: 'scheduler',
-  //     resource: 'schedule',
-  //     resourceName: this.scheduleGroupName + '/' + scheduleName,
-  //   });
-  // }
-
   /**
    * Grant list and get schedule permissions for schedules in this group to the given principal
    */
   public grantReadSchedules(identity: iam.IGrantable) {
     return this.grants.readSchedules(identity);
-    // return iam.Grant.addToPrincipal({
-    //   grantee: identity,
-    //   actions: ['scheduler:GetSchedule', 'scheduler:ListSchedules'],
-    //   resourceArns: [this.arnForScheduleInGroup('*')],
-    // });
   }
 
   /**
    * Grant create and update schedule permissions for schedules in this group to the given principal
    */
   public grantWriteSchedules(identity: iam.IGrantable): iam.Grant {
     return this.grants.writeSchedules(identity);
-    // return iam.Grant.addToPrincipal({
-    //   grantee: identity,
-    //   actions: ['scheduler:CreateSchedule', 'scheduler:UpdateSchedule'],
-    //   resourceArns: [this.arnForScheduleInGroup('*')],
-    // });
   }
 
   /**
    * Grant delete schedule permission for schedules in this group to the given principal
    */
   public grantDeleteSchedules(identity: iam.IGrantable): iam.Grant {
     return this.grants.deleteSchedules(identity);
-    // return iam.Grant.addToPrincipal({
-    //   grantee: identity,
-    //   actions: ['scheduler:DeleteSchedule'],
-    //   resourceArns: [this.arnForScheduleInGroup('*')],
-    // });
   }
 }
 
diff --git a/packages/aws-cdk-lib/aws-scheduler/test/schedule-group.test.ts b/packages/aws-cdk-lib/aws-scheduler/test/schedule-group.test.ts
@@ -185,13 +185,11 @@ describe('Schedule Group', () => {
               'Fn::Join': [
                 '',
                 [
+                  'arn:',
                   {
-                    'Fn::GetAtt': [
-                      'TestGroupAF88660E',
-                      'Arn',
-                    ],
+                    Ref: 'AWS::Partition',
                   },
-                  '/*',
+                  ':scheduler:us-east-1:123456789012:schedule/MyGroup/*',
                 ],
               ],
             },
@@ -228,13 +226,11 @@ describe('Schedule Group', () => {
               'Fn::Join': [
                 '',
                 [
+                  'arn:',
                   {
-                    'Fn::GetAtt': [
-                      'TestGroupAF88660E',
-                      'Arn',
-                    ],
+                    Ref: 'AWS::Partition',
                   },
-                  '/*',
+                  ':scheduler:us-east-1:123456789012:schedule/MyGroup/*',
                 ],
               ],
             },
@@ -258,8 +254,7 @@ describe('Schedule Group', () => {
     group.grantDeleteSchedules(user);
 
     // THEN
-    let template = Template.fromStack(stack);
-    template.hasResourceProperties('AWS::IAM::Policy', {
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
       PolicyDocument: {
         Statement: [
           {
@@ -269,13 +264,11 @@ describe('Schedule Group', () => {
               'Fn::Join': [
                 '',
                 [
+                  'arn:',
                   {
-                    'Fn::GetAtt': [
-                      'TestGroupAF88660E',
-                      'Arn',
-                    ],
+                    Ref: 'AWS::Partition',
                   },
-                  '/*',
+                  ':scheduler:us-east-1:123456789012:schedule/MyGroup/*',
                 ],
               ],
             },
diff --git a/version.v2.json b/version.v2.json
@@ -1,4 +1,4 @@
 {
-  "version": "2.229.0",
-  "alphaVersion": "2.229.0-alpha.0"
+  "version": "2.229.1",
+  "alphaVersion": "2.229.1-alpha.0"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`	`1`	`{`
`2`		`- "version": "2.229.0",`
`3`		`- "alphaVersion": "2.229.0-alpha.0"`
	`2`	`+ "version": "2.229.1",`
	`3`	`+ "alphaVersion": "2.229.1-alpha.0"`
`4`	`4`	`}`