AWSTemplateFormatVersion: "2010-09-09"
Description: Amazon Transcribe Post Call Analytics - PCA UI - Cognito
Parameters:
AdminUsername:
Type: String
AdminEmail:
Type: String
Name:
Type: String
WebUri:
Type: String
Environment:
Type: String
Conditions:
IsProd: !Equals [!Ref Environment, true]
Resources:
# Custom resource to transform input to lowercase.
GetDomainLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
GetDomainLambda:
Type: 'AWS::Lambda::Function'
Properties:
Description: Returns the lowercase version of a string
MemorySize: 256
Runtime: python3.8
Handler: index.lambda_handler
Role: !GetAtt GetDomainLambdaRole.Arn
Timeout: 30
Code:
ZipFile: |
import cfnresponse
import time
def lambda_handler(event, context):
output = event['ResourceProperties'].get('InputString', '').lower()
output = f"{output}-{time.time_ns()}" # make unique
responseData = {'OutputString': output}
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData)
GetDomain:
Type: Custom::GetDomain
Properties:
ServiceToken: !GetAtt GetDomainLambda.Arn
InputString: !Ref Name
PCAUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
InviteMessageTemplate:
EmailMessage:
!Sub >
Hello {username},
Welcome to the Amazon Transcribe Post Call Analytics (PCA) solution!
Your temporary password is: {####}
When the CloudFormation stack is COMPLETE, use the link below to log in
to the PCA web application, set your permanent password,
and start analysing your calls!
${WebUri}
Enjoy!
AWS Post Call Analytics Solution (www.amazon.com/pca)
EmailSubject: Welcome to the Amazon Transcribe Post Call Analytics (PCA) Solution!
AliasAttributes:
- email
AutoVerifiedAttributes:
- email
Schema:
- Required: true
Name: email
AttributeDataType: String
Mutable: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
PCAUserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
Properties:
AllowedOAuthFlows:
- code
AllowedOAuthFlowsUserPoolClient: true
AllowedOAuthScopes:
- openid
CallbackURLs: !If
- IsProd
- - !Ref WebUri
- - !Ref WebUri
- http://localhost:3000/
PreventUserExistenceErrors: ENABLED
SupportedIdentityProviders:
- COGNITO
UserPoolId: !Ref PCAUserPool
PCAUserPoolDomain:
Type: "AWS::Cognito::UserPoolDomain"
Properties:
Domain: !GetAtt GetDomain.OutputString
UserPoolId: !Ref PCAUserPool
AdminUser:
Type: AWS::Cognito::UserPoolUser
Properties:
DesiredDeliveryMediums:
- EMAIL
UserAttributes:
- Name: email
Value:
!Ref AdminEmail
Username:
!Ref AdminUsername
UserPoolId:
!Ref PCAUserPool
Outputs:
AdminUser:
Value: !Ref AdminUser
UserPoolId:
Value: !Ref PCAUserPool
UserPoolClientId:
Value: !Ref PCAUserPoolClient
BaseUri:
Value: !Sub https://${PCAUserPoolDomain}.auth.${AWS::Region}.amazoncognito.com