AWSTemplateFormatVersion: 2010-09-09 Description: > This template creates a CodeCommit repo and initializes it with this project sources. It uses CodeBuild and a custom resource to git push the files into the repo. Parameters: CodeCommitRepoName: Type: String Description: Name of CodeCommit repository name to be created. Default: lex-web-ui MinLength: 1 MaxLength: 100 AllowedPattern: '^[\w\.-]+$' ConstraintDescription: Alphanumeric, dot and dash. CodeBuildName: Type: String Description: CodeBuild project used to initialize the code repo Default: lex-web-ui-init MinLength: 2 MaxLength: 255 AllowedPattern: '^[A-Za-z0-9][A-Za-z0-9\-_]{1,254}$' ConstraintDescription: > Should start with Alphanumeric. May contain alphanumeric, undescore and dash. SourceBucket: Description: S3 bucket where the source is located Type: String Default: aws-bigdata-blog SourceObject: Description: S3 object zip file containing the project source Type: String Default: artifacts/aws-lex-web-ui/artifacts/src.zip CustomResourceCodeObject: Type: String Description: > S3 object zip file containing Lambda custom resource functions Default: artifacts/aws-lex-web-ui/artifacts/custom-resources.zip CognitoIdentityPoolId: Type: String Description: > Cognito Identity Pool Id to used in the web app configuration. MinLength: 1 MaxLength: 55 AllowedPattern: '^[\w-]+:[0-9a-f-]+$' ConstraintDescription: > Alphanumeric followed by a colum and ending with a hex uuid type. BotName: Description: > Name of Lex bot to be used in the web app configuration. Type: String Default: '' MinLength: 0 MaxLength: 50 AllowedPattern: '(^$|^[a-zA-Z]+((_[a-zA-Z]+)*|([a-zA-Z]+_)*|_))' ConstraintDescription: > Must conform with the permitted Lex Bot name pattern. BotAlias: Description: > WARNING: For production deployments, use your bot's published alias here. The $LATEST alias should only be used for manual testing. Amazon Lex limits the number of runtime requests that you can make to the $LATEST version of the bot. Type: String Default: '$LATEST' MinLength: 2 MaxLength: 50 AllowedPattern: '(^$|^[$a-zA-Z]+((_[$a-zA-Z]+)*|([$a-zA-Z]+_)*|_))' ConstraintDescription: > Must conform with the permitted Lex Alias name pattern. LexV2BotId: Description: > Bot ID (not bot name) of an existing Lex V2 Bot to be used by the web ui. NOTE: You must also enter your Bot alias ID in the LexV2BotAliasId field below. Type: String Default: '' MaxLength: 50 AllowedPattern: '(^$|^[a-zA-Z0-9]+((_[a-zA-Z0-9]+)*|([a-zA-Z0-9]+_)*|_))' ConstraintDescription: > Must conform with the permitted Lex V2 Bot name pattern. LexV2BotAliasId: Description: > Use your Lex V2 bot's alias id (not alias name) here. Type: String Default: '' MinLength: 0 MaxLength: 50 AllowedPattern: '(^$|^[$a-zA-Z0-9]+((_[$a-zA-Z0-9]+)*|([$a-zA-Z0-9]+_)*|_))' ConstraintDescription: > Must conform with the permitted Lex V2 Alias name pattern. LexV2BotLocaleId: Description: > Use your bot's locale id here. By default this is en_US. Other Lex V2 supported values are en_AU, en_GB, es_419, es_ES, es_US, fr_CA, fr_FR, it_IT. See "https://docs.aws.amazon.com/lexv2/latest/dg/lex2.0.pdf" for details on supported languages and locales. Type: String Default: 'en_US' MinLength: 2 MaxLength: 50 Resources: CodeCommitRepo: Type: AWS::CodeCommit::Repository Properties: RepositoryDescription: Lex Web UI RepositoryName: !Ref CodeCommitRepoName CodeBuild: Type: AWS::CodeBuild::Project Properties: Name: !Ref CodeBuildName Description: Used to initialize the Lex Web UI CodeCommit Repo Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER Image: aws/codebuild/nodejs:10.14.1 ComputeType: BUILD_GENERAL1_SMALL EnvironmentVariables: - Name: REPO_URL Value: !GetAtt CodeCommitRepo.CloneUrlHttp - Name: POOL_ID Value: !Ref CognitoIdentityPoolId - Name: V2_BOT_ID Value: !Ref LexV2BotId - Name: V2_BOT_ALIAS_ID Value: !Ref LexV2BotAliasId - Name: V2_BOT_LOCALE_ID Value: !Ref LexV2BotLocaleId - Name: BOT_NAME Value: !Ref BotName - Name: BOT_ALIAS Value: !Ref BotAlias ServiceRole: !GetAtt CodeBuildRole.Arn TimeoutInMinutes: 10 Source: Type: S3 Location: !Sub "${SourceBucket}/${SourceObject}" BuildSpec: !Sub | version: 0.1 phases: install: commands: - npm install -g n - n stable - npm update -g npm pre_build: commands: - make config build: commands: - aws configure set region "${AWS::Region}" - git config --global user.name 'CodeCommit Init' - git config --global user.email '<>' - git config --global push.default simple - git config --global "credential.https://git-codecommit.${AWS::Region}.amazonaws.com.helper" '!aws codecommit credential-helper $@' - git config --global "credential.https://git-codecommit.${AWS::Region}.amazonaws.com.UseHttpPath" 'true' - git init - git add . - git commit -a -m initial - git remote add origin "${!REPO_URL}" - git push --set-upstream origin master # custom resource to start code build project CodeBuildStarter: Type: Custom::CodeBuildStarter Properties: ServiceToken: !GetAtt CodeBuildStarterLambda.Arn ProjectName: !Ref CodeBuild # Lambda function for custom resource CodeBuildStarterLambda: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !Ref SourceBucket S3Key: !Ref CustomResourceCodeObject Handler: codebuild-start.handler Role: !GetAtt CodeBuildStarterLambdaRole.Arn Runtime: python3.7 Timeout: 120 TracingConfig: Mode: Active CodeBuildRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Principal: Service: - codebuild.amazonaws.com Effect: Allow Action: - sts:AssumeRole Policies: - PolicyName: CodeCommitGetListPush PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - codecommit:BatchGetRepositories - codecommit:CreateBranch - codecommit:Get* - codecommit:GitPull - codecommit:GitPush - codecommit:List* - codecommit:UpdateDefaultBranch Resource: - !GetAtt CodeCommitRepo.Arn - PolicyName: S3GetObject PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - s3:GetObject* Resource: - !Sub "arn:aws:s3:::${SourceBucket}/${SourceObject}" - PolicyName: CloudWatchLogsCodeBuild PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${CodeBuildName}" - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${CodeBuildName}:*" CodeBuildStarterLambdaRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Principal: Service: - lambda.amazonaws.com Effect: Allow Action: - sts:AssumeRole Policies: - PolicyName: LogsForLambda PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*" - PolicyName: CodeBuildStart PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - codebuild:StartBuild Resource: !GetAtt CodeBuild.Arn - PolicyName: XRay PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - xray:PutTraceSegments - xray:PutTelemetryRecords Resource: "*" - PolicyName: AllowVPCSupport PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - ec2:DescribeNetworkInterfaces - ec2:CreateNetworkInterface - ec2:DeleteNetworkInterface Resource: "*" Outputs: CodeCommitRepoUrl: Description: CodeCommit repository clone URL Value: !GetAtt CodeCommitRepo.CloneUrlHttp CodeCommitRepoArn: Description: CodeCommit repository clone URL Value: !GetAtt CodeCommitRepo.Arn CodeCommitRepoName: Description: CodeCommit repository name Value: !GetAtt CodeCommitRepo.Name