aws
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/kinesis-stream-put-record.ts
+2-1 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/kinesis-stream-put-record.ts
+2-1
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sqs-send-message.ts
+2-1 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sqs-send-message.ts
+2-1
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/target.ts
-4 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/lib/target.ts
-4
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.inspector-start-assessment-run.ts
-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.inspector-start-assessment-run.ts
-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-data-firehose-put-record.ts
-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-data-firehose-put-record.ts
-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/aws-cdk-scheduler-targets-kinesis-stream-put-record.assets.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/aws-cdk-scheduler-targets-kinesis-stream-put-record.assets.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/aws-cdk-scheduler-targets-kinesis-stream-put-record.template.json
+2-3 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/aws-cdk-scheduler-targets-kinesis-stream-put-record.template.json
+2-3
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/integrationtestkinesisstreamputrecordDefaultTestDeployAssert6B5E163F.assets.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/integrationtestkinesisstreamputrecordDefaultTestDeployAssert6B5E163F.assets.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/integrationtestkinesisstreamputrecordDefaultTestDeployAssert6B5E163F.template.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/integrationtestkinesisstreamputrecordDefaultTestDeployAssert6B5E163F.template.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/manifest.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/manifest.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/tree.json
-1 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.js.snapshot/tree.json
-1
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.ts
+1-1 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.kinesis-stream-put-record.ts
+1-1
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.ts
-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.ts
-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/aws-cdk-schedule-dlq.assets.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/aws-cdk-schedule-dlq.assets.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/aws-cdk-schedule-dlq.template.json
+14-20 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/aws-cdk-schedule-dlq.template.json
+14-20
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/integtestscheduledlqDefaultTestDeployAssertC769CF31.assets.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/integtestscheduledlqDefaultTestDeployAssertC769CF31.assets.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/integtestscheduledlqDefaultTestDeployAssertC769CF31.template.json
+1-1 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/integtestscheduledlqDefaultTestDeployAssertC769CF31.template.json
+1-1
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/manifest.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/manifest.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/tree.json
+15-21 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.schedule-with-dlq.js.snapshot/tree.json
+15-21
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/aws-cdk-schedule.assets.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/aws-cdk-schedule.assets.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/aws-cdk-schedule.template.json
+1-5 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/aws-cdk-schedule.template.json
+1-5
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/integsqssendmessageDefaultTestDeployAssert883D0D33.assets.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/integsqssendmessageDefaultTestDeployAssert883D0D33.assets.json
+2-2
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/integsqssendmessageDefaultTestDeployAssert883D0D33.template.json
+1-1 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/integsqssendmessageDefaultTestDeployAssert883D0D33.template.json
+1-1
diff --git a/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/manifest.json
+2-2 b/‎packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sqs-send-message.js.snapshot/manifest.json
+2-2
@@ -34,7 +34,8 @@ export class KinesisStreamPutRecord extends ScheduleTargetBase implements ISched
   }
 
   protected addTargetActionToRole(role: IRole): void {
-    this.stream.grantWrite(role);
+    this.stream.grant(role, 'kinesis:PutRecord', 'kinesis:PutRecords');
+    this.stream.encryptionKey?.grant(role, 'kms:GenerateDataKey*');
   }
 
   protected bindBaseTargetConfig(_schedule: ISchedule): ScheduleTargetConfig {
 
@@ -49,7 +49,8 @@ export class SqsSendMessage extends ScheduleTargetBase implements IScheduleTarge
   }
 
   protected addTargetActionToRole(role: IRole): void {
-    this.queue.grantSendMessages(role);
+    this.queue.grant(role, 'sqs:SendMessage');
+    this.queue.encryptionMasterKey?.grant(role, 'kms:Decrypt', 'kms:GenerateDataKey*');
   }
 
   protected bindBaseTargetConfig(_schedule: ISchedule): ScheduleTargetConfig {
 
@@ -16,10 +16,6 @@ export interface ScheduleTargetBaseProps {
    * permissions to interact with the templated target. If you wish you may specify your own IAM role, then the templated targets
    * will grant minimal required permissions.
    *
-   * Universal target automatically create an IAM role if you do not specify your own IAM role.
-   * However, in comparison with templated targets, for universal targets you must grant the required
-   * IAM permissions yourself.
-   *
    * @default - created by target
    */
   readonly role?: iam.IRole;
 
@@ -44,5 +44,3 @@ integrationTest.assertions.awsApiCall('Inspector', 'listAssessmentRuns', {
   interval: cdk.Duration.seconds(30),
   totalTimeout: cdk.Duration.minutes(10),
 });
-
-app.synth();
@@ -69,5 +69,3 @@ if (objects instanceof AwsApiCall && objects.waiterProvider) {
     Resource: ['*'],
   });
 }
-
-app.synth();
@@ -19,8 +19,8 @@
      ]
     }
    },
-   "UpdateReplacePolicy": "Retain",
-   "DeletionPolicy": "Retain"
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
   },
   "Schedule83A77FD1": {
    "Type": "AWS::Scheduler::Schedule",
@@ -106,7 +106,6 @@
      "Statement": [
       {
        "Action": [
-        "kinesis:ListShards",
         "kinesis:PutRecord",
         "kinesis:PutRecords"
        ],
 
@@ -21,6 +21,7 @@ const partitionKey = 'key';
 const stream = new Stream(stack, 'MyStream', {
   streamName,
   shardCount: 1,
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
 });
 
 new scheduler.Schedule(stack, 'Schedule', {
@@ -58,4 +59,3 @@ getRecords.assertAtPath(
   totalTimeout: cdk.Duration.minutes(10),
 });
 
-app.synth();
@@ -135,5 +135,3 @@ integrationTest.assertions.awsApiCall('Sagemaker', 'listPipelineExecutions', {
   interval: cdk.Duration.seconds(30),
   totalTimeout: cdk.Duration.minutes(10),
 });
-
-app.synth();
@@ -27,29 +27,23 @@
    "Properties": {
     "PolicyDocument": {
      "Statement": [
-      {
-       "Action": [
-        "sqs:GetQueueAttributes",
-        "sqs:GetQueueUrl",
-        "sqs:SendMessage"
-       ],
-       "Effect": "Allow",
-       "Resource": {
-        "Fn::GetAtt": [
-         "ScheduleTargetQueueFA42B954",
-         "Arn"
-        ]
-       }
-      },
       {
        "Action": "sqs:SendMessage",
        "Effect": "Allow",
-       "Resource": {
-        "Fn::GetAtt": [
-         "ScheduleDeadLetterQueue0D6B48D2",
-         "Arn"
-        ]
-       }
+       "Resource": [
+        {
+         "Fn::GetAtt": [
+          "ScheduleDeadLetterQueue0D6B48D2",
+          "Arn"
+         ]
+        },
+        {
+         "Fn::GetAtt": [
+          "ScheduleTargetQueueFA42B954",
+          "Arn"
+         ]
+        }
+       ]
       }
      ],
      "Version": "2012-10-17"
 
@@ -92,11 +92,7 @@
     "PolicyDocument": {
      "Statement": [
       {
-       "Action": [
-        "sqs:GetQueueAttributes",
-        "sqs:GetQueueUrl",
-        "sqs:SendMessage"
-       ],
+       "Action": "sqs:SendMessage",
        "Effect": "Allow",
        "Resource": {
         "Fn::GetAtt": [
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,8 @@ export class KinesisStreamPutRecord extends ScheduleTargetBase implements ISched`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`protected addTargetActionToRole(role: IRole): void {`
`37`		`- this.stream.grantWrite(role);`
	`37`	`+ this.stream.grant(role, 'kinesis:PutRecord', 'kinesis:PutRecords');`
	`38`	`+ this.stream.encryptionKey?.grant(role, 'kms:GenerateDataKey*');`
`38`	`39`	`}`
`39`	`40`
`40`	`41`	`protected bindBaseTargetConfig(_schedule: ISchedule): ScheduleTargetConfig {`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,8 @@ export class SqsSendMessage extends ScheduleTargetBase implements IScheduleTarge`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`protected addTargetActionToRole(role: IRole): void {`
`52`		`- this.queue.grantSendMessages(role);`
	`52`	`+ this.queue.grant(role, 'sqs:SendMessage');`
	`53`	`+ this.queue.encryptionMasterKey?.grant(role, 'kms:Decrypt', 'kms:GenerateDataKey*');`
`53`	`54`	`}`
`54`	`55`
`55`	`56`	`protected bindBaseTargetConfig(_schedule: ISchedule): ScheduleTargetConfig {`
Original file line number	Diff line number	Diff line change
`@@ -69,5 +69,3 @@ if (objects instanceof AwsApiCall && objects.waiterProvider) {`
`69`	`69`	`Resource: ['*'],`
`70`	`70`	`});`
`71`	`71`	`}`
`72`		`-`
`73`		`-app.synth();`
Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,8 @@`
`19`	`19`	`]`
`20`	`20`	`}`
`21`	`21`	`},`
`22`		`- "UpdateReplacePolicy": "Retain",`
`23`		`- "DeletionPolicy": "Retain"`
	`22`	`+ "UpdateReplacePolicy": "Delete",`
	`23`	`+ "DeletionPolicy": "Delete"`
`24`	`24`	`},`
`25`	`25`	`"Schedule83A77FD1": {`
`26`	`26`	`"Type": "AWS::Scheduler::Schedule",`
`@@ -106,7 +106,6 @@`
`106`	`106`	`"Statement": [`
`107`	`107`	`{`
`108`	`108`	`"Action": [`
`109`		`- "kinesis:ListShards",`
`110`	`109`	`"kinesis:PutRecord",`
`111`	`110`	`"kinesis:PutRecords"`
`112`	`111`	`],`