AWSTemplateFormatVersion: 2010-09-09 Description: > This template creates a CodeBuild project used to configure and deploy the chatbot UI Parameters: CodeBuildName: Type: String Description: CodeBuild project used to configure and deploy the Lex Web UI Default: lex-web-ui-conf-deploy MinLength: 2 MaxLength: 255 AllowedPattern: '^[A-Za-z0-9][A-Za-z0-9\-_]{1,254}$' ConstraintDescription: > Should start with Alphanumeric. May contain alphanumeric, underscore and dash. SourceBucket: Description: S3 bucket where the source is located Type: String Default: aws-bigdata-blog SourcePrefix: Description: Prefix key to reference yaml templates Type: String Default: artifacts SourceObject: Description: S3 object zip file containing the project source Type: String Default: artifacts/aws-lex-web-ui/artifacts/src.zip CustomResourceCodeObject: Type: String Description: > S3 object zip file containing Lambda custom resource functions Default: artifacts/aws-lex-web-ui/artifacts/custom-resources.zip InitiateChatLambdaCodeObject: Type: String Description: > S3 object zip file containing Lambda custom resource functions Default: artifacts/aws-lex-web-ui/artifacts/initiate-chat-lambda.zip CleanupBuckets: Type: String Default: true AllowedValues: - true - false Description: > If set to True, buckets and their associated data will be deleted on CloudFormation stack delete. If set to False, S3 buckets will be retained. ShouldEnableCognitoLogin: Type: String Default: false AllowedValues: - true - false Description: > If set to True, a menu with a login action will be displayed in the Lex Web Ui. This feature uses Cognito User Pools with hosted login pages. After login, the menu will switch to logout. ShouldForceCognitoLogin: Type: String Default: false AllowedValues: - true - false Description: > If set to True, the menu with a login action will not be displayed in the Lex Web Ui, and the Cognito login will be executed automatically. EnableMarkdownSupport: Type: String Default: true AllowedValues: - true - false Description: > If set to True, Markdown formatting in ResponseCards will be enabled. ReInitSessionAttributesOnRestart: Type: String Default: false AllowedValues: - true - false Description: > If set to True, session attributes sent on each request to Lex are reset. Use a value of false, if session attributes need to be supported on subsequent Lex requests. The default is false. ShouldLoadIframeMinimized: Type: String Default: false AllowedValues: - true - false Description: > If set to True and running embedded as an Iframe on a web page, minimize the LexWebUi when first launched. If set to False, the Iframe will be maximized on the hosting page. ShowResponseCardTitle: Type: String Default: false AllowedValues: - true - false Description: > If set to True, the ResponseCard title is displayed in the UI. When set to false, a ResponseCard title is not displayed in the UI. Default is false. Note at the present time this is a global setting. Should the UI need to display some form of a title, use the optional sub-title property of a ResponseCard. CognitoIdentityPoolId: Type: String Description: > Cognito Identity Pool Id to used in the web app configuration. MinLength: 1 MaxLength: 55 AllowedPattern: '^[\w-]+:[0-9a-f-]+$' ConstraintDescription: > Alphanumeric followed by a column and ending with a hex uuid type. CognitoAppUserPoolClientId: Type: String Description: > Cognito App User Pool Client Id to used in the web app configuration. CognitoUserPoolId: Type: String Description: > Cognito App User Pool Id ConnectContactFlowId: Type: String Description: > Connect Contract Flow Id ConnectInstanceId: Type: String Description: > Connect Instance Id ConnectPromptForNameMessage: Type: String Description: > Message to display prompting the user for a name ConnectWaitForAgentMessage: Type: String Description: > Message to display every message interval while waiting for an agent to connect ConnectWaitForAgentMessageIntervalInSeconds: Type: Number Description: > Interval in seconds between successive ConnectWaitForAgentMessage ConnectLiveChatTerms: Type: String Description: > Command separated list of terms that can be used to start Live Chat mode ConnectAgentJoinedMessage: Type: String Description: > Message to play when an agent joins the chat. {Agent} will be replaced with the Agent's name. Default: "{Agent} has joined." ConnectAgentLeftMessage: Type: String Description: > Message to play when an agent leaves the chat. {Agent} will be replaced with the Agent's name. Default: "{Agent} has left." ConnectChatEndedMessage: Type: String Description: > Message to play when a chat session has ended. Default: "Chat ended." ConnectAttachChatTranscript: Type: String Default: true AllowedValues: - true - false Description: > Attach chat transcript as file. This only works if you enable ConnectStartLiveChatLabel: Type: String Description: > Label used in Menu to start connect live chat Default: "Start Live Chat" ConnectStartLiveChatIcon: Type: String Description: > Icon to use in menu to start connect live chat Default: "people_alt" ConnectEndLiveChatLabel: Type: String Description: > Label to use in menu and toolbar to end connect live chat Default: "End Live Chat" ConnectEndLiveChatIcon: Type: String Description: > Icon to use in menu and toolbar to end connect live chat Default: "call_end" ConnectTranscriptMessageDelayInMsec: Type: Number Description: > Delay to insert between each transcript message send to Connect in msec. Default: 150 LexV2BotId: Description: > Bot ID (not bot name) of an existing Lex V2 Bot to be used by the web ui. NOTE: You must also enter your Bot alias ID in the LexV2BotAliasId field below. Type: String Default: '' MaxLength: 50 AllowedPattern: '(^$|^[a-zA-Z0-9]+((_[a-zA-Z0-9]+)*|([a-zA-Z0-9]+_)*|_))' ConstraintDescription: > Must conform with the permitted Lex V2 Bot name pattern. LexV2BotAliasId: Description: > Use your Lex V2 bot's alias id (not alias name) here. Type: String Default: '' MinLength: 0 MaxLength: 50 AllowedPattern: '(^$|^[$a-zA-Z0-9]+((_[$a-zA-Z0-9]+)*|([$a-zA-Z0-9]+_)*|_))' ConstraintDescription: > Must conform with the permitted Lex V2 Alias name pattern. LexV2BotLocaleId: Description: > Use your bot's locale id here. By default this is en_US. Lex V2 supported values are en_AU, en_GB, es_419, es_ES, es_US, fr_CA, fr_FR, it_IT. See "https://docs.aws.amazon.com/lexv2/latest/dg/lex2.0.pdf" for details on supported languages and locales. Type: String Default: 'en_US' MinLength: 2 MaxLength: 50 BotName: Description: > Name of an existing Lex Bot to be used by the web ui. NOTE: You must also enter your published bot alias in the BotAlias field below. (If BotName is left empty, a Bot based on the OrderFlowers sample will be automatically created.) Type: String Default: '' MinLength: 0 MaxLength: 50 BotAlias: Description: > WARNING: For production deployments, use your bot's published alias here. The $LATEST alias should only be used for manual testing. Amazon Lex limits the number of runtime requests that you can make to the $LATEST version of the bot. Type: String Default: '$LATEST' MinLength: 2 MaxLength: 50 AllowedPattern: '(^$|^[$a-zA-Z]+((_[$a-zA-Z]+)*|([$a-zA-Z]+_)*|_))' ConstraintDescription: > Must conform with the permitted Lex Alias name pattern. ParentOrigin: Type: String Description: > Browser origin (e.g. http://mysite.example.com:8080) of an existing site that is allowed to send/receive data and events from the web ui in an iframe setup. This is an optional parameter. If left empty, an S3 bucket will be created to host a sample parent site embedding the webapp as an iframe. AllowedPattern: '(^$|^https?://[\w\.-]+(:\d+)?$)' ConstraintDescription: Empty or valid browser origin WebAppConfBotInitialText: Type: String Default: > You can ask me for help ordering flowers. Just type "Buy flowers" or click on the mic and say it. Description: First bot message displayed in the chatbot UI WebAppConfBotInitialSpeech: Type: String Default: Say 'Buy Flowers' to get started. Description: > Message spoken by bot when the microphone is first pressed in a conversation WebAppConfBotInitialUtterance: Type: String Default: '' Description: > Text to use to send as first utterance to bot WebAppConfNegativeFeedback: Type: String Default: Thumbs down Description: > This optional parameter defines the message to be sent by the user upon pressing a feedback button signaling a negative feedback. If left empty feedback buttons will be disabled on the UI. WebAppConfPositiveFeedback: Type: String Default: Thumbs up Description: > This optional parameter defines the message to be sent by the user upon pressing a feedback button signaling a positive feedback. If left empty feedback buttons will be disabled on the UI. WebAppConfHelp: Type: String Default: Help Description: > This is an optional parameter, when defined with a value, a help button will display on the chat bot toolbar. When pressed the button will send the entered string to the bot as a help message. If left empty the help button will be disabled. WebAppConfToolbarTitle: Type: String Default: Order Flowers Description: Title displayed in the chatbot UI toolbar WebAppConfCname: Type: String Default: "" Description: This optional parameter allows a single CNAME to be defined and used as an alias to the cloudfront distribution that is created by this template. If a CNAME is provided, a WebAppAcmCertificateArn must also be provided. WebAppAcmCertificateArn: Type: String Default: "" Description: This optional parameter allows a AcmCertificateArn to be provided for use in the Cloudfront distribution created by this template. if a AcmCertificateArn is provided, a WebAppConfCname must also be provided. WebAppWafAclArn: Type: String Default: "" Description: This optional parameter allows a AWS WAF web ACL to be specified in ARN formation. This supports AWS WAF V2. SaveHistory: Type: String Default: false AllowedValues: - true - false Description: > This is an optional parameter, if set to True, the history of the chat is maintained over sessions. A item to clean the chat will appear at the menu. ShouldEnableLiveChat: Type: String Default: false AllowedValues: - true - false Description: > This is an optional parameter, if set to True, the AWS Connect live Chat functionality will be available. A item to start a live chat will appear at the menu. HideButtonMessageBubble: Type: String Default: false AllowedValues: - true - false Description: > If set to true, hide the message bubble on a response card button press MessageMenu: Type: String Default: false AllowedValues: - true - false Description: > If set to true, each message will have an additional clickable menu on messages sent to the bot allowing you to repeat that message. BackButton: Type: String Default: false AllowedValues: - true - false Description: > If set to true, will show a back button to go back to a previous message. MinimizedButtonContent: Type: String Default: '' Description: > This is an optional parameter, if populated will display provided text when chat window is minimized. retryOnLexPostTextTimeout: Type: String Default: false AllowedValues: - true - false Description: > When set to true, operations against the Lex PostText API that result in a timeout will be retried up the the defined retry count. This is useful to enable if 30 second timeouts in Lex are frequently observed and subsequent operations will must likely succeed. retryCountPostTextTimeout: Type: Number Default: 1 Description: > Defines the number of times the lex-web-ui will retry the Lex post text API operation when an exception is detected. Timestamp: Type: Number Description: > This is a required parameter. It defines a timestamp allow the codebuild to execute as long as the timestamp from master.yaml and master-pipeline.yaml varies. ResourcePrefix: Type: String Description: > This will be a prefix for resources that must have unique names. Conditions: NeedsParentOrigin: !Equals [!Ref ParentOrigin, ''] ShouldCleanupBuckets: !Equals [!Ref CleanupBuckets, true] EnableLiveChat: !Equals [!Ref ShouldEnableLiveChat, true] UseDefaultCloudfrontUrl: !Or [ !Equals [!Ref WebAppConfCname, ''], !Equals [!Ref WebAppAcmCertificateArn, ''] ] ShouldNotSpecifyWafAcl: !Equals [!Ref WebAppWafAclArn, ''] Resources: # Bucket where S3 access logs are stored S3ServerAccessLogs: Type: AWS::S3::Bucket UpdateReplacePolicy: Retain DeletionPolicy: Retain Properties: VersioningConfiguration: Status: Enabled BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 # Bucket where the web app is deployed WebAppBucket: Type: AWS::S3::Bucket UpdateReplacePolicy: Retain DeletionPolicy: Retain Properties: WebsiteConfiguration: IndexDocument: index.html VersioningConfiguration: Status: Enabled LoggingConfiguration: DestinationBucketName: !Ref S3ServerAccessLogs LogFilePrefix: "webappbucket/" BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 CorsConfiguration: !If - NeedsParentOrigin - !Ref AWS::NoValue - CorsRules: - AllowedMethods: - GET AllowedOrigins: - !Ref ParentOrigin S3ServerAccessLogsBucketPolicy: Type: "AWS::S3::BucketPolicy" Properties: Bucket: Ref: "S3ServerAccessLogs" PolicyDocument: Statement: - Effect: "Allow" Action: - "s3:PutObject" Resource: - !Sub "arn:aws:s3:::${S3ServerAccessLogs}/*" Principal: Service: "logging.s3.amazonaws.com" Condition: ArnLike: aws:SourceArn: - !Sub "arn:aws:s3:::${WebAppBucket}" StringEquals: aws:SourceAccount: - !Sub "${AWS::AccountId}" # Bucket for CloudFrontDistributionLogs LexWebUiCloudFrontDistributionLogsBucket: Type: AWS::S3::Bucket UpdateReplacePolicy: Retain DeletionPolicy: Retain Properties: OwnershipControls: Rules: - ObjectOwnership: BucketOwnerPreferred VersioningConfiguration: Status: Enabled BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 WebAppBucketOriginAccessIdentity: Type: AWS::CloudFront::CloudFrontOriginAccessIdentity Properties: CloudFrontOriginAccessIdentityConfig: Comment: !Sub "access-identity-${WebAppBucket}" WebAppBucketBucketPolicy: Type: "AWS::S3::BucketPolicy" Properties: Bucket: Ref: "WebAppBucket" PolicyDocument: Statement: - Effect: "Allow" Action: - "s3:GetObject" Resource: - !Sub "arn:aws:s3:::${WebAppBucket}/*" Principal: CanonicalUser: !GetAtt WebAppBucketOriginAccessIdentity.S3CanonicalUserId LexWebUIResponseHeaderPolicy: Type : "AWS::CloudFront::ResponseHeadersPolicy" Properties: ResponseHeadersPolicyConfig: Comment: "Response header policy for LexWebUI" Name: !Join ["-", [!Ref ResourcePrefix, "LexWebUIResponseHeaderPolicy"]] CorsConfig: AccessControlAllowOrigins: Items: - !If - NeedsParentOrigin - "*" - !Ref ParentOrigin AccessControlAllowHeaders: Items: - "*" AccessControlAllowMethods: Items: - "GET" AccessControlAllowCredentials: False AccessControlMaxAgeSec: 600 OriginOverride: true SecurityHeadersConfig: XSSProtection: Override: False Protection: True ModeBlock: True ReferrerPolicy: Override: False ReferrerPolicy: "strict-origin-when-cross-origin" ContentTypeOptions: Override: false StrictTransportSecurity: Override: False IncludeSubdomains: True Preload: False AccessControlMaxAgeSec: 47304000 LexWebUiDistribution: Type: AWS::CloudFront::Distribution DependsOn: - WebAppBucket Properties: DistributionConfig: Origins: - DomainName: !Sub "${WebAppBucket}.s3.${AWS::Region}.amazonaws.com" S3OriginConfig: OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${WebAppBucketOriginAccessIdentity}" Id: webuiorigin Enabled: True Comment: cloudfront distribution for lex-web-ui DefaultRootObject: index.html Logging: Bucket: !GetAtt LexWebUiCloudFrontDistributionLogsBucket.DomainName IncludeCookies: True Prefix: "lexwebui/" CustomErrorResponses: # Send errors to index file # TODO move TTL to mapping or parameter - ErrorCachingMinTTL: 300 ErrorCode: 403 ResponseCode: 200 ResponsePagePath: /index.html - ErrorCachingMinTTL: 300 ErrorCode: 404 ResponseCode: 200 ResponsePagePath: /index.html DefaultCacheBehavior: AllowedMethods: - GET - HEAD - OPTIONS CachedMethods: - GET - HEAD - OPTIONS Compress: true TargetOriginId: webuiorigin CachePolicyId: "658327ea-f89d-4fab-a63d-7e88639e58f6" OriginRequestPolicyId: "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf" ViewerProtocolPolicy: redirect-to-https ResponseHeadersPolicyId: !GetAtt LexWebUIResponseHeaderPolicy.Id Aliases: !If - UseDefaultCloudfrontUrl - !Ref AWS::NoValue - [ !Ref WebAppConfCname ] ViewerCertificate: !If - UseDefaultCloudfrontUrl - CloudFrontDefaultCertificate: true - AcmCertificateArn: !Ref WebAppAcmCertificateArn MinimumProtocolVersion: TLSv1.2_2018 SslSupportMethod: sni-only WebACLId: !If - ShouldNotSpecifyWafAcl - !Ref AWS::NoValue - !Ref WebAppWafAclArn HttpVersion: http2 IPV6Enabled: true RestApi: Type: AWS::CloudFormation::Stack Condition: EnableLiveChat Properties: TimeoutInMinutes: 15 TemplateURL: !Sub "https://${SourceBucket}.s3.${AWS::Region}.amazonaws.com/${SourcePrefix}/templates/restapi.yaml" Parameters: ParentStackName: !Ref "AWS::StackName" SourceBucket: !Ref SourceBucket InitiateChatLambdaCodeObject: !Ref InitiateChatLambdaCodeObject ConnectContactFlowId: !Ref ConnectContactFlowId ConnectInstanceId: !Ref ConnectInstanceId ParentOrigin: !If - UseDefaultCloudfrontUrl - !Sub "https://${LexWebUiDistribution.DomainName}" - !Sub "https://${WebAppConfCname}" CodeBuild: Type: AWS::CodeBuild::Project Properties: Name: !Ref CodeBuildName Description: Used to configure and deploy the Lex Web UI Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER Image: aws/codebuild/amazonlinux2-x86_64-standard:2.0 ComputeType: BUILD_GENERAL1_SMALL EnvironmentVariables: - Name: BUILD_TYPE Value: dist - Name: POOL_ID Value: !Ref CognitoIdentityPoolId - Name: CONNECT_CONTACT_FLOW_ID Value: !Ref ConnectContactFlowId - Name: CONNECT_INSTANCE_ID Value: !Ref ConnectInstanceId - Name: CONNECT_API_GATEWAY_ENDPOINT Value: !If [EnableLiveChat, !Sub "https://${RestApi.Outputs.RestApiId}.execute-api.${AWS::Region}.amazonaws.com/Prod/livechat", ""] - Name: CONNECT_PROMPT_FOR_NAME_MESSAGE Value: !Ref ConnectPromptForNameMessage - Name: CONNECT_WAIT_FOR_AGENT_MESSAGE Value: !Ref ConnectWaitForAgentMessage - Name: CONNECT_WAIT_FOR_AGENT_MESSAGE_INTERVAL_IN_SECONDS Value: !Ref ConnectWaitForAgentMessageIntervalInSeconds - Name: CONNECT_LIVE_CHAT_TERMS Value: !Ref ConnectLiveChatTerms - Name: CONNECT_AGENT_JOINED_MESSAGE Value: !Ref ConnectAgentJoinedMessage - Name: CONNECT_AGENT_LEFT_MESSAGE Value: !Ref ConnectAgentLeftMessage - Name: CONNECT_CHAT_ENDED_MESSAGE Value: !Ref ConnectChatEndedMessage - Name: CONNECT_ATTACH_CHAT_TRANSCRIPT Value: !Ref ConnectAttachChatTranscript - Name: CONNECT_START_LIVE_CHAT_LABEL Value: !Ref ConnectStartLiveChatLabel - Name: CONNECT_START_LIVE_CHAT_ICON Value: !Ref ConnectStartLiveChatIcon - Name: CONNECT_END_LIVE_CHAT_LABEL Value: !Ref ConnectEndLiveChatLabel - Name: CONNECT_END_LIVE_CHAT_ICON Value: !Ref ConnectEndLiveChatIcon - Name: CONNECT_TRANSCRIPT_MESSAGE_DELAY_IN_MSEC Value: !Ref ConnectTranscriptMessageDelayInMsec - Name: APP_USER_POOL_CLIENT_ID Value: !Ref CognitoAppUserPoolClientId - Name: APP_USER_POOL_NAME Value: !Ref CognitoUserPoolId - Name: WEBAPP_BUCKET Value: !Ref WebAppBucket - Name: AWS_DEFAULT_REGION Value: !Sub "${AWS::Region}" - Name: V2_BOT_ID Value: !Ref LexV2BotId - Name: V2_BOT_ALIAS_ID Value: !Ref LexV2BotAliasId - Name: V2_BOT_LOCALE_ID Value: !Ref LexV2BotLocaleId - Name: BOT_NAME Value: !Ref BotName - Name: BOT_ALIAS Value: !Ref BotAlias - Name: BOT_INITIAL_TEXT Value: !Ref WebAppConfBotInitialText - Name: BOT_INITIAL_SPEECH Value: !Ref WebAppConfBotInitialSpeech - Name: BOT_INITIAL_UTTERANCE Value: !Ref WebAppConfBotInitialUtterance - Name: NEGATIVE_INTENT Value: !Ref WebAppConfNegativeFeedback - Name: POSITIVE_INTENT Value: !Ref WebAppConfPositiveFeedback - Name: HELP_INTENT Value: !Ref WebAppConfHelp - Name: HIDE_BUTTON_MESSAGE_BUBBLE Value: !Ref HideButtonMessageBubble - Name: MESSAGE_MENU Value: !Ref MessageMenu - Name: BACK_BUTTON Value: !Ref BackButton - Name: MIN_BUTTON_CONTENT Value: !Ref MinimizedButtonContent - Name: UI_TOOLBAR_TITLE Value: !Ref WebAppConfToolbarTitle - Name: ENABLE_LOGIN Value: !Ref ShouldEnableCognitoLogin - Name: FORCE_LOGIN Value: !Ref ShouldForceCognitoLogin - Name: REINIT_SESSION_ATTRIBUTES_ON_RESTART Value: !Ref ReInitSessionAttributesOnRestart - Name: ENABLE_MARKDOWN_SUPPORT Value: !Ref EnableMarkdownSupport - Name: IFRAME_LOAD_MINIMIZED Value: !Ref ShouldLoadIframeMinimized - Name: SHOW_RESPONSE_CARD_TITLE Value: !Ref ShowResponseCardTitle - Name: PARENT_ORIGIN Value: !If - NeedsParentOrigin - !Sub "https://${LexWebUiDistribution.DomainName}" - !Ref ParentOrigin - Name: IFRAME_ORIGIN Value: !Sub "https://${LexWebUiDistribution.DomainName}" - Name: WEBAPP_BUCKET_REGIONALDOMAINNAME Value: !Sub "${WebAppBucket.RegionalDomainName}" - Name: CLOUDFRONT_DOMAIN Value: !Sub "${LexWebUiDistribution.DomainName}" - Name: SAVE_HISTORY Value: !Ref SaveHistory - Name: ENABLE_LIVE_CHAT Value: !Ref ShouldEnableLiveChat - Name: BOT_RETRY_ON_LEX_POST_TEXT_TIMEOUT Value: !Ref retryOnLexPostTextTimeout - Name: BOT_RETRY_COUNT_POST_TEXT_TIMEOUT Value: !Ref retryCountPostTextTimeout - Name: TIMESTAMP Value: !Ref Timestamp ServiceRole: !GetAtt CodeBuildRole.Arn TimeoutInMinutes: 10 Source: Type: S3 Location: !Sub "${SourceBucket}/${SourceObject}" BuildSpec: !Sub | version: 0.1 phases: pre_build: commands: - aws configure set region "$AWS_DEFAULT_REGION" - make load-current-config - make config post_build: commands: - make sync-website - aws cloudfront create-invalidation --distribution-id "${LexWebUiDistribution}" --paths '/*' # custom resource to start code build project # parameters apart from ProjectName are not used but are required to trigger codebuild on any param changes CodeBuildStarter: Type: Custom::CodeBuildStarter Properties: ServiceToken: !GetAtt CodeBuildStarterLambda.Arn ProjectName: !Ref CodeBuild CognitoIdentityPoolId: !Ref CognitoIdentityPoolId CognitoAppUserPoolClientId: !Ref CognitoAppUserPoolClientId CognitoUserPoolId: !Ref CognitoUserPoolId ConnectContactFlowId: !Ref ConnectContactFlowId ConnectInstanceId: !Ref ConnectInstanceId ConnectPromptForNameMessage: !Ref ConnectPromptForNameMessage ConnectWaitForAgentMessage: !Ref ConnectWaitForAgentMessage ConnectWaitForAgentMessageIntervalInSeconds: !Ref ConnectWaitForAgentMessageIntervalInSeconds ConnectAgentJoinedMessage: !Ref ConnectAgentJoinedMessage ConnectAgentLeftMessage: !Ref ConnectAgentLeftMessage ConnectChatEndedMessage: !Ref ConnectChatEndedMessage ConnectAttachChatTranscript: !Ref ConnectAttachChatTranscript ConnectLiveChatTerms: !Ref ConnectLiveChatTerms ConnectStartLiveChatLabel: !Ref ConnectStartLiveChatLabel ConnectStartLiveChatIcon: !Ref ConnectStartLiveChatIcon ConnectEndLiveChatLabel: !Ref ConnectEndLiveChatLabel ConnectEndLiveChatIcon: !Ref ConnectEndLiveChatIcon ConnectTranscriptMessageDelayInMsec: !Ref ConnectTranscriptMessageDelayInMsec WebAppBucket: !Ref WebAppBucket LexV2BotId: !Ref LexV2BotId LexV2BotAliasId: !Ref LexV2BotAliasId LexV2BotLocaleId: !Ref LexV2BotLocaleId BotName: !Ref BotName BotAlias: !Ref BotAlias WebAppConfBotInitialText: !Ref WebAppConfBotInitialText WebAppConfBotInitialSpeech: !Ref WebAppConfBotInitialSpeech WebAppConfBotInitialUtterance: !Ref WebAppConfBotInitialUtterance WebAppConfNegativeFeedback: !Ref WebAppConfNegativeFeedback WebAppConfPositiveFeedback: !Ref WebAppConfPositiveFeedback WebAppConfHelp: !Ref WebAppConfHelp HideButtonMessageBubble: !Ref HideButtonMessageBubble MessageMenu: !Ref MessageMenu BackButton: !Ref BackButton MinimizedButtonContent: !Ref MinimizedButtonContent WebAppConfToolbarTitle: !Ref WebAppConfToolbarTitle ShouldEnableCognitoLogin: !Ref ShouldEnableCognitoLogin ShouldEnableLiveChat: !Ref ShouldEnableLiveChat ShouldForceCognitoLogin: !Ref ShouldForceCognitoLogin ReInitSessionAttributesOnRestart: !Ref ReInitSessionAttributesOnRestart EnableMarkdownSupport: !Ref EnableMarkdownSupport ShouldLoadIframeMinimized: !Ref ShouldLoadIframeMinimized ShowResponseCardTitle: !Ref ShowResponseCardTitle SaveHistory: !Ref SaveHistory ParentOrigin: !Ref ParentOrigin retryOnLexPostTextTimeout: !Ref retryOnLexPostTextTimeout retryCountPostTextTimeout: !Ref retryCountPostTextTimeout Timestamp: !Ref Timestamp # Lambda function for custom resource CodeBuildStarterLambda: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !Ref SourceBucket S3Key: !Ref CustomResourceCodeObject Handler: codebuild-start.handler Role: !GetAtt CodeBuildStarterLambdaRole.Arn Runtime: python3.7 Timeout: 120 TracingConfig: Mode: Active CodeBuildRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Principal: Service: - codebuild.amazonaws.com Effect: Allow Action: - sts:AssumeRole Policies: - PolicyName: CloudFrontInvalidateDistribution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - cloudfront:CreateInvalidation Resource: "*" - PolicyName: S3GetObject PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - s3:GetObject* Resource: - !Sub "arn:aws:s3:::${SourceBucket}/${SourceObject}" - PolicyName: S3ReadWrite PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - s3:Get* - s3:Head* - s3:List* - s3:CreateMultipartUpload - s3:CompleteMultipartUpload - s3:AbortMultipartUpload - s3:CopyObject - s3:PutObject* - s3:DeleteObject* - s3:Upload* Resource: - !Sub "arn:aws:s3:::${WebAppBucket}" - !Sub "arn:aws:s3:::${WebAppBucket}/*" - PolicyName: PollySynthesizeSpeech PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - polly:SynthesizeSpeech Resource: "*" - PolicyName: TranslateText PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - translate:TranslateText - comprehend:DetectDominantLanguage Resource: "*" - PolicyName: CloudWatchLogsCodeBuild PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${CodeBuildName}" - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${CodeBuildName}:*" CodeBuildStarterLambdaRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Principal: Service: - lambda.amazonaws.com Effect: Allow Action: - sts:AssumeRole Policies: - PolicyName: LogsForLambda PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*" - PolicyName: CodeBuildStart PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - codebuild:StartBuild Resource: !GetAtt CodeBuild.Arn - PolicyName: XRay PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - xray:PutTraceSegments - xray:PutTelemetryRecords Resource: "*" - PolicyName: AllowVPCSupport PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - ec2:DescribeNetworkInterfaces - ec2:CreateNetworkInterface - ec2:DeleteNetworkInterface Resource: "*" # custom resource to cleanup S3 buckets S3Cleanup: Type: Custom::S3Cleanup Condition: ShouldCleanupBuckets Properties: ServiceToken: !GetAtt S3CleanupLambda.Arn Buckets: - !Ref WebAppBucket # Lambda function for custom resource S3CleanupLambda: Type: AWS::Lambda::Function Condition: ShouldCleanupBuckets Properties: Code: S3Bucket: !Ref SourceBucket S3Key: !Ref CustomResourceCodeObject Handler: s3-cleanup.handler Role: !GetAtt S3CleanupLambdaRole.Arn Runtime: python3.7 Timeout: 120 TracingConfig: Mode: Active S3CleanupLambdaRole: Type: AWS::IAM::Role Condition: ShouldCleanupBuckets Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Principal: Service: - lambda.amazonaws.com Effect: Allow Action: - sts:AssumeRole Policies: - PolicyName: LogsForLambda PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*" - PolicyName: S3All PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - s3:* Resource: - !Sub "arn:aws:s3:::${WebAppBucket}" - !Sub "arn:aws:s3:::${WebAppBucket}/*" - PolicyName: XRay PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - xray:PutTraceSegments - xray:PutTelemetryRecords Resource: - "*" - PolicyName: AllowVPCSupport PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - ec2:DescribeNetworkInterfaces - ec2:CreateNetworkInterface - ec2:DeleteNetworkInterface Resource: "*" Outputs: CodeBuildProject: Description: CodeBuild project name Value: !Ref CodeBuild WebAppUrl: Value: !Sub "https://${LexWebUiDistribution.DomainName}/index.html" Description: URL of the web application WebAppBase: Value: !Sub "https://${LexWebUiDistribution.DomainName}" Description: Base url portion of the web application WebAppDomainName: Value: !Sub "${LexWebUiDistribution.DomainName}" Description: DomainName of the web application ParentPageUrl: Value: !Sub "https://${LexWebUiDistribution.DomainName}/parent.html" Description: URL of the sample parent page LoaderScriptUrl: Value: !Sub "https://${LexWebUiDistribution.DomainName}/lex-web-ui-loader.min.js" Description: URL of the loader script SnippetUrl: Value: !Sub "https://${LexWebUiDistribution.DomainName}/iframe-snippet.html" Description: URL of a page showing the snippet to load the chatbot UI as an iframe WebAppBucket: Value: !Sub "${WebAppBucket}" Description: S3 bucket hosting lexwebui artifacts RestApiId: Value: !Sub "${RestApi.Outputs.RestApiId}" Description: Rest API ID if required by other elements Condition: EnableLiveChat