Add EventBridge scheduling: schedule_reminder, list_reminders, cancel_reminder

2026-05-07 23:24:48 -05:00
parent 825294d433
commit 58ed60f7b7
46 changed files with 3605 additions and 24 deletions
--- a/cdk/lib/agent-claw-stack.ts
+++ b/cdk/lib/agent-claw-stack.ts
@@ -285,6 +285,47 @@ export class AgentClawStack extends cdk.Stack {
    // NOTE: AgentCore runtime env vars are set in agentcore.json / agentcore deploy, not CDK.
    // Output the URL so it can be manually set in agentcore.json OAUTH_START_URL.

+
+    // ── Lambda: scheduler ─────────────────────────────────────────────────
+    const schedulerFn = new lambda.Function(this, 'Scheduler', {
+      functionName: 'agent-claw-scheduler',
+      runtime: lambda.Runtime.PYTHON_3_12,
+      handler: 'handler.handler',
+      code: lambda.Code.fromAsset(path.join(__dirname, '../../src/lambdas/scheduler')),
+      timeout: cdk.Duration.seconds(30),
+      memorySize: 128,
+      environment: {
+        TELEGRAM_BOT_TOKEN_SECRET_ARN: telegramBotTokenSecretArn,
+      },
+    });
+    botTokenSecret.grantRead(schedulerFn);
+    // Allow EventBridge to invoke the scheduler Lambda
+    schedulerFn.addPermission('EventBridgeInvoke', {
+      principal: new iam.ServicePrincipal('events.amazonaws.com'),
+      sourceArn: `arn:aws:events:${this.region}:${this.account}:rule/agent-claw-reminder-*`,
+    });
+    // Allow scheduler Lambda to delete its own EventBridge rule
+    schedulerFn.addToRolePolicy(new iam.PolicyStatement({
+      actions: ['events:RemoveTargets', 'events:DeleteRule'],
+      resources: [`arn:aws:events:${this.region}:${this.account}:rule/agent-claw-reminder-*`],
+    }));
+
+    // AgentCore runtime: EventBridge + Lambda permissions for scheduling
+    runtime1Role.addToPolicy(new iam.PolicyStatement({
+      sid: 'EventBridgeScheduler',
+      actions: [
+        'events:PutRule', 'events:PutTargets',
+        'events:ListRules', 'events:ListTargetsByRule',
+        'events:RemoveTargets', 'events:DeleteRule',
+      ],
+      resources: [`arn:aws:events:us-east-1:*:rule/agent-claw-reminder-*`],
+    }));
+    runtime1Role.addToPolicy(new iam.PolicyStatement({
+      sid: 'SchedulerLambdaPermission',
+      actions: ['lambda:AddPermission', 'lambda:RemovePermission'],
+      resources: [schedulerFn.functionArn],
+    }));
+
    // ── Outputs ────────────────────────────────────────────────────────────

    new cdk.CfnOutput(this, 'WorkspaceMcpFunctionUrl', {
@@ -329,5 +370,10 @@ export class AgentClawStack extends cdk.Stack {
      value: runtime1Role.roleArn,
      description: 'IAM execution role ARN for AgentCore Runtime 1',
    });
+
+    new cdk.CfnOutput(this, 'SchedulerLambdaArn', {
+      value: schedulerFn.functionArn,
+      description: 'Scheduler Lambda ARN — set as SCHEDULER_LAMBDA_ARN in agentcore.json',
+    });
  }
 }