# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 Description: Template for PollyReadsThePage Parameters: EC2InstanceType: Description: EC2 instance type on which IDE runs Type: String Default: t2.micro AllowedValues: - t2.nano - t2.micro - t2.small - t2.medium - t2.large - t2.xlarge - t2.2xlarge - m3.medium - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - m4.16xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge Resources: Cloud9BuildTest: Type: 'AWS::Cloud9::EnvironmentEC2' Properties: Name: PRTPDemoCloud9 InstanceType: !Ref 'EC2InstanceType' ConnectionType: CONNECT_SSH S3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: AccessControl: BucketOwnerFullControl BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 CorsConfiguration: CorsRules: - AllowedHeaders: - '*' AllowedMethods: - GET AllowedOrigins: - '*' ExposedHeaders: - Date Id: myCORSRuleId1 MaxAge: 3600 PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true S3BucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref S3Bucket PolicyDocument: Statement: - Sid: HttpsOnly Action: '*' Effect: Deny Resource: !Sub arn:aws:s3:::${S3Bucket}/* Principal: '*' Condition: Bool: 'aws:SecureTransport': 'false' IdentityPool: Type: "AWS::Cognito::IdentityPool" Properties: IdentityPoolName: "PRTPDemoCognitoPool" AllowUnauthenticatedIdentities: true CognitoRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Statement: - Effect: "Allow" Principal: Federated: "cognito-identity.amazonaws.com" Action: - "sts:AssumeRoleWithWebIdentity" Condition: StringEquals: "cognito-identity.amazonaws.com:aud": !Ref IdentityPool Policies: - PolicyName: "CognitoUnauthorizedPolicy" PolicyDocument: Statement: - Effect: "Allow" Action: - "cognito-identity:GetId" - "cognito-identity:GetCredentialsForIdentity" Resource: !Sub arn:aws:cognito-identity:::${IdentityPool}/* - Effect: "Allow" Action: - s3:GetObject - s3:PutObject - s3:List* Resource: - !GetAtt S3Bucket.Arn - !Sub ${S3Bucket.Arn}/* - Effect: "Allow" Action: - polly:SynthesizeSpeech - polly:StartSpeechSynthesisTask - polly:GetSpeechSynthesisTask - polly:ListSpeechSynthesisTasks - polly:DescribeVoices - polly:GetLexicon - polly:ListLexicons Resource: "*" # Assigns the roles to the Identity Pool IdentityPoolRoleMapping: Type: "AWS::Cognito::IdentityPoolRoleAttachment" Properties: IdentityPoolId: !Ref IdentityPool Roles: authenticated: !GetAtt CognitoRole.Arn unauthenticated: !GetAtt CognitoRole.Arn Outputs: BucketName: Value: !Ref S3Bucket Description: Name of the sample Amazon S3 bucket with CORS enabled. IdentityPoolId: Value: !Ref IdentityPool Cloud9: Value: !Ref Cloud9BuildTest