AWSTemplateFormatVersion: 2010-09-09 Description: > This template creates a Lex bot and associated resources. It uses a custom resource to read the bot definition from a file. Parameters: NamePrefix: Type: String Description: Prefix to add to Lex resource names Default: WebUi MinLength: 3 MaxLength: 32 AllowedPattern: '^[a-zA-Z\._]+$' ConstraintDescription: > Must conform with the permitted Lex Bot name pattern. CustomResourceCodeBucket: Description: S3 bucket where the Lambda bundle is located Type: String Default: aws-bigdata-blog CustomResourceCodeObject: Type: String Description: > S3 object zip file containing Lambda custom resource functions Default: artifacts/aws-lex-web-ui/artifacts/custom-resources.zip ShouldDeleteBot: Type: String Default: true AllowedValues: - true - false Description: > If set to True, the Lex bot and associated resources will be deleted when the stack is deleted. Otherwise, the bot will be preserved. Resources: # custom resource to start code build project LexBot: Type: Custom::LexBot Properties: ServiceToken: !GetAtt LexBotLambda.Arn NamePrefix: !Ref NamePrefix ShouldDelete: !Ref ShouldDeleteBot # Lambda function for custom resource LexBotLambda: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !Ref CustomResourceCodeBucket S3Key: !Ref CustomResourceCodeObject Handler: lex-manager.handler Role: !GetAtt LexBotLambdaRole.Arn Runtime: python3.7 Timeout: 300 TracingConfig: Mode: Active LexBotLambdaRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Principal: Service: - lambda.amazonaws.com Effect: Allow Action: - sts:AssumeRole Policies: - PolicyName: LogsForLambda PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*" - PolicyName: LexGetLists PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - lex:GetBots - lex:GetBotAliases - lex:GetIntents - lex:GetSlotTypes Resource: - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:bot:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:intent:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:*" - PolicyName: LexGet PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - lex:Get* Resource: - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:bot:${NamePrefix}*:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:intent:${NamePrefix}*:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:${NamePrefix}*:*" - PolicyName: LexMutating PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - lex:Put* - lex:Delete* Resource: - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:bot:${NamePrefix}*:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:intent:${NamePrefix}*:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:*" - !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:${NamePrefix}*:*" - PolicyName: XRay PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - xray:PutTraceSegments - xray:PutTelemetryRecords Resource: "*" - PolicyName: AllowVPCSupport PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - ec2:DescribeNetworkInterfaces - ec2:CreateNetworkInterface - ec2:DeleteNetworkInterface Resource: "*" Outputs: BotName: Description: Lex Bot Name Value: !Sub "${LexBot.BotName}"