feat(scheduler-targets-alpha): InspectorStartAssessmentRun Target (#27850)

This PR adds InspectorStartAssessmentRun Target for EventBridge Scheduler.

In [the issue](#27453), the `inspector.CfnAssessmentTarget` is used in the `InspectorStartAssessmentRun`. But it should be a `CfnAssessmentTemplate` so I fixed.

```ts
  export class InspectorStartAssessmentRun extends ScheduleTargetBase implements IScheduleTarget {
    constructor(
      private readonly target: inspector.CfnAssessmentTarget, // <- here
      private readonly props: ScheduleTargetBaseProps,
    ) {
```

Closes #27453.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: go-to-k

packages/@aws-cdk/aws-scheduler-targets-alpha/README.md

@@ -30,6 +30,7 @@ The following targets are supported:
 4. `targets.SqsSendMessage`: [Send a Message to an Amazon SQS Queue](#send-a-message-to-sqs-queue)
 5. `targets.SnsPublish`: [Publish messages to an Amazon SNS topic](#publish-messages-to-an-amazon-sns-topic)
 6. `targets.EventBridgePutEvents`: [Put Events on EventBridge](#send-events-to-an-eventbridge-event-bus)
+7. `targets.InspectorStartAssessmentRun`: [Start an Amazon Inspector assessment run](#start-an-amazon-inspector-assessment-run)
 
 ## Invoke a Lambda function
 
@@ -206,3 +207,21 @@ new Schedule(this, 'Schedule', {
   target: new targets.EventBridgePutEvents(eventEntry, {}),
 });
 ```
+
+## Start an Amazon Inspector assessment run
+
+Use the `InspectorStartAssessmentRun` target to start an Inspector assessment run.
+
+The code snippet below creates an event rule with an assessment template as target which is
+called every hour by Event Bridge Scheduler.
+
+```ts
+import * as inspector from 'aws-cdk-lib/aws-inspector';
+
+declare const assessmentTemplate: inspector.CfnAssessmentTemplate;
+
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.rate(Duration.minutes(60)),
+  target: new targets.InspectorStartAssessmentRun(assessmentTemplate),
+});
+```

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts

@@ -1,7 +1,8 @@
 export * from './codebuild-start-build';
 export * from './event-bridge-put-events';
-export * from './target';
+export * from './inspector-start-assessment-run';
 export * from './lambda-invoke';
 export * from './sns-publish';
+export * from './sqs-send-message';
 export * from './stepfunctions-start-execution';
-export * from './sqs-send-message';
+export * from './target';

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts

@@ -0,0 +1,37 @@
+import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
+import { Names } from 'aws-cdk-lib';
+import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { CfnAssessmentTemplate } from 'aws-cdk-lib/aws-inspector';
+import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
+import { sameEnvDimension } from './util';
+
+/**
+ * Use an Amazon Inspector as a target for AWS EventBridge Scheduler.
+ */
+export class InspectorStartAssessmentRun extends ScheduleTargetBase implements IScheduleTarget {
+  constructor(
+    private readonly template: CfnAssessmentTemplate,
+    private readonly props: ScheduleTargetBaseProps = {},
+  ) {
+    super(props, template.attrArn);
+  }
+
+  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
+    if (!sameEnvDimension(this.template.stack.region, schedule.env.region)) {
+      throw new Error(`Cannot assign assessment template in region ${this.template.stack.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the assessment template must be in the same region.`);
+    }
+
+    if (!sameEnvDimension(this.template.stack.account, schedule.env.account)) {
+      throw new Error(`Cannot assign assessment template in account ${this.template.stack.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the assessment template must be in the same account.`);
+    }
+
+    if (this.props.role && !sameEnvDimension(this.props.role.env.account, this.template.stack.account)) {
+      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.template.node)} in account ${this.template.stack.account}. Both the target and the execution role must be in the same account.`);
+    }
+
+    role.addToPrincipalPolicy(new PolicyStatement({
+      actions: ['inspector:StartAssessmentRun'],
+      resources: ['*'],
+    }));
+  }
+}