AWSTemplateFormatVersion: "2010-09-09" Description: Amazon Transcribe Post Call Analytics - PCA UI - Deploy Parameters: Bucket: Type: String AuthUri: Type: String AuthClientId: Type: String ApiUri: Type: String DeployCountName: Type: AWS::SSM::Parameter::Name DeployCountValue: Type: AWS::SSM::Parameter::Value Resources: Layer: Type: "AWS::Lambda::LayerVersion" Properties: CompatibleRuntimes: - nodejs14.x Content: ../../src/witch/witch.zip Role: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Policies: - PolicyName: allow-s3-put PolicyDocument: Statement: Effect: Allow Action: - s3:PutObject Resource: !Sub arn:aws:s3:::${Bucket}/* - PolicyName: allow-ssm-param PolicyDocument: Statement: - Effect: Allow Action: - ssm:GetParameter - ssm:PutParameter Resource: !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${DeployCountName}" DeployFunction: Type: "AWS::Lambda::Function" Properties: Code: ../../src/www/build Environment: Variables: BUCKET: !Ref Bucket COUNTER: !Ref DeployCountName Handler: witch.staticHandler Layers: - !Ref Layer Role: !GetAtt Role.Arn Runtime: nodejs14.x Timeout: 300 ConfigureFunction: Type: "AWS::Lambda::Function" Properties: Code: ../../src/lambda Handler: config.handler Role: !GetAtt Role.Arn Runtime: nodejs14.x Deploy: Type: "AWS::CloudFormation::CustomResource" Properties: ServiceToken: !GetAtt DeployFunction.Arn Counter: !Ref DeployCountValue Version: "0.6.0.1" Configure: Type: "AWS::CloudFormation::CustomResource" DependsOn: Deploy Properties: Bucket: !Ref Bucket ServiceToken: !GetAtt ConfigureFunction.Arn AuthUri: !Ref AuthUri AuthClientId: !Ref AuthClientId ApiUri: !Ref ApiUri Region: !Ref AWS::Region Outputs: RolesForKMSKey: Value: !Join - ', ' - - !Sub '"${Role.Arn}"'