## Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. ## SPDX-License-Identifier: MIT-0 AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: A serverless pipeline to translate JSON documents using Amazon Translate. Parameters: SourceLanguageCode: Type: String Default: en TargetLanguageCode: Type: String Default: es TriggerFileName: Type: String Default: triggerfile Resources: bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: BucketName: !Join ['', ['translate-bucket-', !Select [2, !Split [/, !Ref AWS::StackId ]]]] S3FolderCreationPolicy: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - 's3:GetObject' - 's3:GetObjectAcl' - 's3:PutObject' - 's3:PutObjectAcl' Resource: !Join ['', ['arn:aws:s3:::translate-bucket-', !Select [2, !Split [/, !Ref AWS::StackId ]], /*]] TranslateJsonServiceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: translate.amazonaws.com Version: "2012-10-17" TranslateJsonServiceRoleDefaultPolicy: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Statement: - Action: ['s3:GetObject','s3:PutObject'] Effect: Allow Resource: [!Join ['', ['arn:aws:s3:::translate-bucket-', !Select [2, !Split [/, !Ref AWS::StackId ]], /*]]] - Action: ['s3:ListBucket'] Effect: Allow Resource: [!Join ['', ['arn:aws:s3:::translate-bucket-', !Select [2, !Split [/, !Ref AWS::StackId ]]]]] Version: "2012-10-17" ManagedPolicyName: TranslateJsonServiceRoleDefaultPolicy Roles: - Ref: TranslateJsonServiceRole S3FileTriggerEventProcessorPolicy: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:ListBucket Resource: Fn::Join: - '' - - arn:aws:s3:::translate-bucket- - Fn::Select: - 2 - Fn::Split: - / - Ref: AWS::StackId - Effect: Allow Action: - 's3:GetObject' - 's3:GetObjectAcl' - 's3:PutObject' - 's3:PutObjectAcl' - 's3:GetObjectTagging' - 'S3:PutObjectTagging' - 's3:DeleteObject' Resource: !Join ['', ['arn:aws:s3:::translate-bucket-', !Select [2, !Split [/, !Ref AWS::StackId ]], /*]] - Effect: Allow Action: - 'iam:PassRole' Resource: Fn::GetAtt: - TranslateJsonServiceRole - Arn - Effect: Allow Action: - 'translate:StartTextTranslationJob' Resource: ['*'] ManagedPolicyName: S3FileTriggerEventProcessorPolicy TranslateJsonJobEventProcessorPolicy: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - translate:DescribeTextTranslationJob Resource: ['*'] - Effect: Allow Action: - s3:ListBucket Resource: Fn::Join: - '' - - arn:aws:s3:::translate-bucket- - Fn::Select: - 2 - Fn::Split: - / - Ref: AWS::StackId - Effect: Allow Action: - 's3:GetObject' - 's3:GetObjectAcl' - 's3:PutObject' - 's3:PutObjectAcl' - 's3:DeleteObject' Resource: !Join ['', ['arn:aws:s3:::translate-bucket-', !Select [2, !Split [/, !Ref AWS::StackId ]], /*]] ManagedPolicyName: TranslateJsonJobEventProcessorPolicy S3FolderCreate: Type: AWS::Serverless::Function Properties: CodeUri: deployment/ Handler: s3_folder_create.handler Runtime: python3.8 Description: Python Function to create S3 folders MemorySize: 128 Timeout: 30 # Function's execution role Policies: - AWSLambdaBasicExecutionRole - AWSLambda_ReadOnlyAccess - AWSXrayWriteOnlyAccess - !Ref S3FolderCreationPolicy Tracing: Active CreateS3Folder: Type: Custom::CreateS3Folder Properties: ServiceToken: Fn::GetAtt: - S3FolderCreate - Arn S3Bucket: Ref: bucket S3FileEventProcessor: Type: AWS::Serverless::Function Properties: CodeUri: translate_json/ Handler: s3_event_handler.lambda_handler Runtime: python3.8 Description: Python Function to covert the source JSON Files to XML for Translation MemorySize: 1024 Timeout: 300 Environment: Variables: SOURCE_LANG_CODE: !Ref SourceLanguageCode TARGET_LANG_CODE: !Ref TargetLanguageCode TRIGGER_NAME: !Ref TriggerFileName S3_ROLE_ARN: Fn::GetAtt: - TranslateJsonServiceRole - Arn # Function's execution role Policies: - AWSLambdaBasicExecutionRole - AWSLambda_ReadOnlyAccess - AWSXrayWriteOnlyAccess - !Ref S3FileTriggerEventProcessorPolicy Tracing: Active Events: s3Notification: Type: S3 Properties: Bucket: !Ref bucket Events: s3:ObjectCreated:* Filter: S3Key: Rules: - Name: prefix Value: input/ - Name: suffix Value: !Ref TriggerFileName TranslateJsonJobEventProcessor: Type: AWS::Serverless::Function Properties: CodeUri: translate_json/ Handler: translate_job_event_handler.lambda_handler Runtime: python3.8 Description: Python function to process the Translate Job completion SNS event MemorySize: 1024 Timeout: 300 Environment: Variables: DELETE_XMLS: true # Function's execution role Policies: - AWSLambdaBasicExecutionRole - AWSLambda_ReadOnlyAccess - AWSXrayWriteOnlyAccess - !Ref TranslateJsonJobEventProcessorPolicy Tracing: Active Events: EventBridgeRule1: Type: EventBridgeRule Properties: Pattern: source: - aws.translate detail-type: - Translate TextTranslationJob State Change Target: Id: !Ref TranslateJsonJobEventProcessor Outputs: TranslateS3Bucket: Description: 'Amazon S3 bucket for document processing' Value: !Join ['', ['translate-bucket-', !Select [2, !Split [/, !Ref AWS::StackId ]]]] S3FileEventProcessor: Description: 'AWS Lambda function triggered when the JSON document is uploaded' Value: !Ref S3FileEventProcessor TranslateJsonJobEventProcessor: Description: 'AWS Lambda function triggered on the completion of the Amazon Translate Job and it generates the translated document' Value: !Ref TranslateJsonJobEventProcessor