AWSTemplateFormatVersion: "2010-09-09"

Description: Amazon Transcribe Post Call Analytics - PCA Server - S3 Trigger

Transform: AWS::Serverless-2016-10-31

Parameters:
  TableName:
    Type: String

  Boto3Layer:
    Type: String

  PyUtilsLayer:
    Type: String

  InputBucketName:
    Type: AWS::SSM::Parameter::Value<String>
    Default: InputBucketName

  InputBucketRawAudio:
    Type: AWS::SSM::Parameter::Value<String>
    Default: InputBucketRawAudio
    
  InputBucketOrigTranscripts:
    Type: AWS::SSM::Parameter::Value<String>
    Default: InputBucketOrigTranscripts

  StepFunctionName:
    Type: AWS::SSM::Parameter::Value<String>
    Default: StepFunctionName

  Summarize:
    Type: String

Globals:
  Function:
    Runtime: python3.8
    MemorySize: 128
    Timeout: 15

Resources:
  FileDropTrigger:
    Type: "AWS::Serverless::Function"
    Properties:
      Environment:
        Variables:
          SUMMARIZE: !Ref Summarize
      CodeUri:  ../../src/pca
      Handler: pca-aws-file-drop-trigger.lambda_handler
      Layers:
        - !Ref Boto3Layer
        - !Ref PyUtilsLayer
      Policies:
      - arn:aws:iam::aws:policy/AmazonTranscribeReadOnlyAccess
      - Statement:
        - Sid: S3BucketReadPolicy    
          Effect: Allow
          Action:
          - s3:ListBucket
          - s3:GetObject
          Resource:
          - !Sub arn:aws:s3:::${InputBucketName}
          - !Sub arn:aws:s3:::${InputBucketName}/*
      - Statement:
        - Sid: SSMGetParameterPolicy    
          Effect: Allow
          Action:
            - ssm:GetParameter
            - ssm:GetParameters
          Resource: !Sub arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/*
      - Statement:
        - Sid: ListStatemachinesPolicy
          Effect: Allow
          Action: states:ListStateMachines
          Resource: "*"
        - Sid: StartExecutionPolicy
          Effect: Allow
          Action: states:StartExecution
          Resource: !Sub arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${StepFunctionName}

    
  FileDropTriggerPermission:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName: !Ref FileDropTrigger
      Action: lambda:InvokeFunction
      Principal: s3.amazonaws.com
      SourceAccount: !Ref AWS::AccountId
      SourceArn: !Sub arn:aws:s3:::${InputBucketName}

  ConfigureBucketRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action:
              - "sts:AssumeRole"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
      Policies:
        - PolicyName: allow-s3-notification-config
          PolicyDocument:
            Statement:
              Effect: Allow
              Action:
                - s3:GetBucketNotification
                - s3:PutBucketNotification
              Resource: !Sub arn:aws:s3:::${InputBucketName}

  ConfigureBucketFunction:
    Type: "AWS::Lambda::Function"
    Properties:
      Code:  ../../src/trigger
      Handler: index.handler
      Runtime: nodejs14.x
      Role: !GetAtt ConfigureBucketRole.Arn
      Environment:
        Variables:
          StackName: !Ref AWS::StackName

  ConfigureBucket:
    Type: "AWS::CloudFormation::CustomResource"
    DependsOn:
      - FileDropTriggerPermission
    Properties:
      ServiceToken: !GetAtt ConfigureBucketFunction.Arn
      BucketName: !Ref InputBucketName
      Prefix: !Ref InputBucketRawAudio
      LambdaArn: !GetAtt FileDropTrigger.Arn

  ConfigureBucketTranscriptFile:
    Type: "AWS::CloudFormation::CustomResource"
    DependsOn:
      - FileDropTriggerPermission
      - ConfigureBucket
    Properties:
      ServiceToken: !GetAtt ConfigureBucketFunction.Arn
      BucketName: !Ref InputBucketName
      Prefix: !Ref InputBucketOrigTranscripts
      LambdaArn: !GetAtt FileDropTrigger.Arn

  TranscribeEventbridge:
    Type: "AWS::Serverless::Function"
    Properties:
      CodeUri:  ../../src/pca
      Handler: pca-transcribe-eventbridge.lambda_handler
      Layers:
        - !Ref Boto3Layer
      Events:
        StandardEventBridge:
          Type: EventBridgeRule
          Properties:
            Pattern:
              detail-type:
                - "Transcribe Job State Change"
              source:
                - aws.transcribe
              detail:
                TranscriptionJobStatus:
                  - FAILED
                  - COMPLETED
        CallAnalyticsEventBridge:
          Type: EventBridgeRule
          Properties:
            Pattern:
              detail-type:
                - "Call Analytics Job State Change"
              source:
                - aws.transcribe
              detail:
                JobStatus:
                  - FAILED
                  - COMPLETED
      Environment:
        Variables:
          TableName: !Ref TableName
          AWS_DATA_PATH: "/opt/models"
      Policies:
      - arn:aws:iam::aws:policy/AmazonTranscribeReadOnlyAccess
      - Statement:
        - Sid: SendTaskSuccessPolicy
          Effect: Allow
          Action: states:SendTaskSuccess
          Resource: "*"
      - Statement:
        - Sid: DynamoDBReadWriteAccess
          Effect: Allow
          Action:
          - dynamodb:DeleteItem
          - dynamodb:GetItem
          Resource: !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${TableName}

Outputs:

  RolesForKMSKey:
    Value: !Join
      - ', '
      - - !Sub '"${FileDropTriggerRole.Arn}"'