aws
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/README.md
+50 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/README.md
+50
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts
+1 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts
+1
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/universal.ts
+109 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/universal.ts
+109
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.universal.js.snapshot/AwsSchedulerTargetsUniversal.assets.json
+19 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.universal.js.snapshot/AwsSchedulerTargetsUniversal.assets.json
+19
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.universal.js.snapshot/AwsSchedulerTargetsUniversal.template.json
+139 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.universal.js.snapshot/AwsSchedulerTargetsUniversal.template.json
+139
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.universal.js.snapshot/IntegTestUniversalDefaultTestDeployAssert42BBB3FD.assets.json
+32 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.universal.js.snapshot/IntegTestUniversalDefaultTestDeployAssert42BBB3FD.assets.json
+32
@@ -34,6 +34,7 @@ The following targets are supported:
 9. `targets.KinesisDataFirehosePutRecord`: [Put a record to a Kinesis Data Firehose](#put-a-record-to-a-kinesis-data-firehose)
 10. `targets.CodePipelineStartPipelineExecution`: [Start a CodePipeline execution](#start-a-codepipeline-execution)
 11. `targets.SageMakerStartPipelineExecution`: [Start a SageMaker pipeline execution](#start-a-sagemaker-pipeline-execution)
+12. `targets.Universal`: [Invoke a wider set of AWS API](#invoke-a-wider-set-of-aws-api)
 
 ## Invoke a Lambda function
 
@@ -312,3 +313,52 @@ new Schedule(this, 'Schedule', {
   }),
 });
 ```
+
+## Invoke a wider set of AWS API
+
+Use the `Universal` target to invoke AWS API.
+
+The code snippet below creates an event rule with AWS API as the target which is
+called at midnight every day by EventBridge Scheduler.
+
+```ts
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.cron({
+    minute: '0',
+    hour: '0',
+  }),
+  target: new targets.Universal({
+    service: 'rds',
+    action: 'stopDBCluster',
+    input: ScheduleTargetInput.fromObject({
+      DbClusterIdentifier: 'my-db',
+    }),
+  }),
+});
+```
+
+The `service` must be in lowercase and the `action` must be in camelCase.
+
+By default, an IAM policy for the Scheduler is extracted from the API call.
+
+You can control the IAM policy for the Scheduler by specifying the `policyStatements` property.
+
+```ts
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.rate(Duration.minutes(60)),
+  target: new targets.Universal({
+    service: 'sqs',
+    action: 'sendMessage',
+    policyStatements: [
+      new iam.PolicyStatement({
+        actions: ['sqs:SendMessage'],
+        resources: ['arn:aws:sqs:us-east-1:123456789012:my_queue'],
+      }),
+      new iam.PolicyStatement({
+        actions: ['kms:Decrypt', 'kms:GenerateDataKey*'],
+        resources: ['arn:aws:kms:us-east-1:123456789012:key/0987dcba-09fe-87dc-65ba-ab0987654321'],
+      }),
+    ],
+  }),
+});
+```
@@ -10,3 +10,4 @@ export * from './sns-publish';
 export * from './sqs-send-message';
 export * from './stepfunctions-start-execution';
 export * from './target';
+export * from './universal';
@@ -0,0 +1,109 @@
+import { IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
+import { Aws, Token } from 'aws-cdk-lib';
+import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { awsSdkToIamAction } from 'aws-cdk-lib/custom-resources/lib/helpers-internal';
+import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
+
+/**
+ * AWS read-only API action name prefixes that are not supported by EventBridge Scheduler.
+ *
+ * @see https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html
+ */
+const NOT_SUPPORTED_ACTION_PREFIX = [
+  'get',
+  'describe',
+  'list',
+  'poll',
+  'receive',
+  'search',
+  'scan',
+  'query',
+  'select',
+  'read',
+  'lookup',
+  'discover',
+  'validate',
+  'batchGet',
+  'batchDescribe',
+  'batchRead',
+  'transactGet',
+  'adminGet',
+  'adminList',
+  'testMigration',
+  'retrieve',
+  'testConnection',
+  'translateDocument',
+  'isAuthorized',
+  'invokeModel',
+];
+
+/**
+ * Properties for a Universal Target
+ */
+export interface UniversalTargetProps extends ScheduleTargetBaseProps {
+  /**
+   * The AWS service to call.
+   *
+   * This must be in lowercase.
+   */
+  readonly service: string;
+
+  /**
+   * The API action to call. Must be camelCase.
+   *
+   * You cannot use read-only API actions such as common GET operations.
+   *
+   * @see https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html#unsupported-api-actions
+   */
+  readonly action: string;
+
+  /**
+   * The IAM policy statements needed to invoke the target. These statements are attached to the Scheduler's role.
+   *
+   * Note that the default may not be the correct actions as not all AWS services follows the same IAM action pattern, or there may be more actions needed to invoke the target.
+   *
+   * @default - Policy with `service:action` action only.
+   */
+  readonly policyStatements?: PolicyStatement[];
+}
+
+/**
+ * Use a wider set of AWS API as a target for AWS EventBridge Scheduler.
+ *
+ * @see https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html
+ */
+export class Universal extends ScheduleTargetBase implements IScheduleTarget {
+  constructor(
+    private readonly props: UniversalTargetProps,
+  ) {
+    const service = props.service;
+    const action = props.action;
+
+    if (!Token.isUnresolved(service) && service !== service.toLowerCase()) {
+      throw new Error(`API service must be lowercase, got: ${service}`);
+    }
+    if (!Token.isUnresolved(action) && !action.startsWith(action[0]?.toLowerCase())) {
+      throw new Error(`API action must be camelCase, got: ${action}`);
+    }
+    if (!Token.isUnresolved(action) && NOT_SUPPORTED_ACTION_PREFIX.some(prefix => action.startsWith(prefix))) {
+      throw new Error(`Read-only API action is not supported by EventBridge Scheduler: ${service}:${action}`);
+    }
+
+    const arn = `arn:${Aws.PARTITION}:scheduler:::aws-sdk:${service}:${action}`;
+    super(props, arn);
+  }
+
+  protected addTargetActionToRole(role: IRole): void {
+    if (!this.props.policyStatements?.length) {
+      role.addToPrincipalPolicy(new PolicyStatement({
+        actions: [awsSdkToIamAction(this.props.service, this.props.action)],
+        resources: ['*'],
+      }));
+      return;
+    }
+
+    for (const statement of this.props.policyStatements) {
+      role.addToPrincipalPolicy(statement);
+    }
+  }
+}
@@ -0,0 +1,139 @@
+{
+ "Resources": {
+  "Schedule83A77FD1": {
+   "Type": "AWS::Scheduler::Schedule",
+   "Properties": {
+    "FlexibleTimeWindow": {
+     "Mode": "OFF"
+    },
+    "ScheduleExpression": "rate(1 minute)",
+    "ScheduleExpressionTimezone": "Etc/UTC",
+    "State": "ENABLED",
+    "Target": {
+     "Arn": {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":scheduler:::aws-sdk:sqs:createQueue"
+       ]
+      ]
+     },
+     "Input": "{\"QueueName\":\"aws-scheduler-targets-create-queue\"}",
+     "RetryPolicy": {
+      "MaximumEventAgeInSeconds": 86400,
+      "MaximumRetryAttempts": 185
+     },
+     "RoleArn": {
+      "Fn::GetAtt": [
+       "SchedulerRoleForTarget5cddf726972933",
+       "Arn"
+      ]
+     }
+    }
+   }
+  },
+  "SchedulerRoleForTarget5cddf726972933": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Condition": {
+        "StringEquals": {
+         "aws:SourceAccount": {
+          "Ref": "AWS::AccountId"
+         },
+         "aws:SourceArn": {
+          "Fn::Join": [
+           "",
+           [
+            "arn:",
+            {
+             "Ref": "AWS::Partition"
+            },
+            ":scheduler:",
+            {
+             "Ref": "AWS::Region"
+            },
+            ":",
+            {
+             "Ref": "AWS::AccountId"
+            },
+            ":schedule-group/default"
+           ]
+          ]
+         }
+        }
+       },
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "scheduler.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    }
+   }
+  },
+  "SchedulerRoleForTarget5cddf7DefaultPolicy3159C97B": {
+   "Type": "AWS::IAM::Policy",
+   "Properties": {
+    "PolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sqs:CreateQueue",
+       "Effect": "Allow",
+       "Resource": "*"
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "PolicyName": "SchedulerRoleForTarget5cddf7DefaultPolicy3159C97B",
+    "Roles": [
+     {
+      "Ref": "SchedulerRoleForTarget5cddf726972933"
+     }
+    ]
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}