feat(scheduler-targets-alpha): InspectorStartAssessmentRun Target

packages/@aws-cdk/aws-scheduler-targets-alpha/README.md

@@ -27,6 +27,7 @@ The following targets are supported:
 1. `targets.LambdaInvoke`: [Invoke an AWS Lambda function](#invoke-a-lambda-function))
 2. `targets.StepFunctionsStartExecution`: [Start an AWS Step Function](#start-an-aws-step-function)
 3. `targets.CodeBuildStartBuild`: [Start a CodeBuild job](#start-a-codebuild-job)
+4. `targets.InspectorStartAssessmentRun`: [Start an Amazon Inspector assessment run](#start-an-aws-inspector-assessment-run)
 
 ## Invoke a Lambda function
 
@@ -121,3 +122,21 @@ new Schedule(this, 'Schedule', {
   target: new targets.CodeBuildStartBuild(project),
 });
 ```
+
+## Start an Amazon Inspector assessment run
+
+Use the `InspectorStartAssessmentRun` target to start an Inspector assessment run.
+
+The code snippet below creates an event rule with an assessment template as target which is
+called every hour by Event Bridge Scheduler.
+
+```ts
+import * as inspector from 'aws-cdk-lib/aws-inspector';
+
+declare const assessmentTemplate: inspector.CfnAssessmentTemplate;
+
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.rate(Duration.minutes(60)),
+  target: new targets.InspectorStartAssessmentRun(assessmentTemplate, {}),
+});
+```

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts

@@ -2,3 +2,4 @@ export * from './target';
 export * from './lambda-invoke';
 export * from './stepfunctions-start-execution';
 export * from './codebuild-start-build';
+export * from './inspector-start-assessment-run';

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts

@@ -0,0 +1,37 @@
+import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
+import { Names } from 'aws-cdk-lib';
+import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { CfnAssessmentTemplate } from 'aws-cdk-lib/aws-inspector';
+import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
+import { sameEnvDimension } from './util';
+
+/**
+ * Use an Amazon Inspector as a target for AWS EventBridge Scheduler.
+ */
+export class InspectorStartAssessmentRun extends ScheduleTargetBase implements IScheduleTarget {
+  constructor(
+    private readonly template: CfnAssessmentTemplate,
+    private readonly props: ScheduleTargetBaseProps,
+  ) {
+    super(props, template.attrArn);
+  }
+
+  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
+    if (!sameEnvDimension(this.template.stack.region, schedule.env.region)) {
+      throw new Error(`Cannot assign assessment template in region ${this.template.stack.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the assessment template must be in the same region.`);
+    }
+
+    if (!sameEnvDimension(this.template.stack.account, schedule.env.account)) {
+      throw new Error(`Cannot assign assessment template in account ${this.template.stack.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the assessment template must be in the same account.`);
+    }
+
+    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.template.stack.account)) {
+      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.template.node)} in account ${this.template.stack.account}. Both the target and the execution role must be in the same account.`);
+    }
+
+    role.addToPrincipalPolicy(new PolicyStatement({
+      actions: ['inspector:StartAssessmentRun'],
+      resources: ['*'],
+    }));
+  }
+}