AWSTemplateFormatVersion: '2010-09-09' Parameters: CimaDataCatalog: Type: String Description: CimaDataCatalog QuickSightUser: Type: String Description: The QuickSight User that is allowed configure and manage the QS dashboard. CimaDDBTableName: Type: String Description: DynamoDB name to store the CimaDDBConnectorARN: Type: String Description: CimaDDBConnectorARN QuicksightServiceRole: Type: String Description: The Quicksight Service role attached to QS, Default is aws-quicksight-service-role-v0 CimaBucket: Type: String Description: CimaBucket Resources: QuicksightFederatedPolicy: Type: AWS::IAM::ManagedPolicy Properties: ManagedPolicyName: AWSQuickSightCimaEventPolicy Description: "Grants Amazon QuickSight to run Cima federated query" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - lambda:ListFunctions - s3:ListAllMyBuckets Resource: "*" - Effect: "Allow" Action: - "lambda:InvokeFunction" Resource: !Ref CimaDDBConnectorARN - Effect: "Allow" Action: - "s3:GetBucketLocation" - "s3:GetObject" - "s3:ListBucket" - "s3:ListBucketMultipartUploads" - "s3:AbortMultipartUpload" - "s3:PutObject" - "s3:ListMultipartUploadParts" Resource: - !Sub arn:aws:s3:::${CimaBucket} - !Sub arn:aws:s3:::${CimaBucket}/* - arn:aws:s3:::aws-athena-query-results-* - arn:aws:s3:::aws-athena-query-results-*/* - Effect: "Allow" Action: - athena:BatchGetQueryExecution - athena:CancelQueryExecution - athena:GetCatalogs - athena:GetExecutionEngine - athena:GetExecutionEngines - athena:GetNamespace - athena:GetNamespaces - athena:GetQueryExecution - athena:GetQueryExecutions - athena:GetQueryResults - athena:GetQueryResultsStream - athena:GetTable - athena:GetTables - athena:ListQueryExecutions - athena:RunQuery - athena:StartQueryExecution - athena:StopQueryExecution - athena:ListWorkGroups - athena:ListEngineVersions - athena:GetWorkGroup - athena:GetDataCatalog - athena:GetDatabase - athena:GetTableMetadata - athena:ListDataCatalogs - athena:ListDatabases - athena:ListTableMetadata Resource: "*" Roles: - !Ref QuicksightServiceRole CimaQSDataSource: Type: AWS::QuickSight::DataSource DependsOn: QuicksightFederatedPolicy Properties: DataSourceId: !Sub "Cima-${AWS::AccountId}" AwsAccountId: !Sub ${AWS::AccountId} Name: !Sub "Cima-${AWS::AccountId}" Type: ATHENA DataSourceParameters: AthenaParameters: WorkGroup: primary SslProperties: DisableSsl: true CimaQSDataSet: Type: AWS::QuickSight::DataSet Properties: AwsAccountId: !Sub ${AWS::AccountId} ImportMode: SPICE DataSetId: !Sub "Cima-${AWS::AccountId}" Name: !Sub "Cima-${AWS::AccountId}" PhysicalTableMap: "CimaQSPT": RelationalTable: DataSourceArn: !GetAtt CimaQSDataSource.Arn Catalog: !Ref CimaDataCatalog Schema: "default" Name: !Ref CimaDDBTableName InputColumns: - Name: submittedBy Type: STRING - Name: serviceCode Type: STRING - Name: subject Type: STRING - Name: language Type: STRING - Name: categoryCode Type: STRING - Name: ingestionTime Type: STRING - Name: caseId Type: STRING - Name: timeCreated Type: STRING - Name: severityCode Type: STRING - Name: resolveTime Type: STRING - Name: displayId Type: STRING - Name: submittedRole Type: STRING - Name: account Type: STRING - Name: accountName Type: STRING - Name: status Type: STRING LogicalTableMap: "CimaQSLT": Alias: !Sub "Cima-${AWS::AccountId}" Source: PhysicalTableId: "CimaQSPT" DataTransforms: - CastColumnTypeOperation: ColumnName: ingestionTime NewColumnType: DATETIME Format: MM/dd/yyyy HH:mm:ss - CastColumnTypeOperation: ColumnName: timeCreated NewColumnType: DATETIME Format: MM/dd/yyyy HH:mm:ss - CastColumnTypeOperation: ColumnName: resolveTime NewColumnType: DATETIME Format: MM/dd/yyyy HH:mm:ss - ProjectOperation: ProjectedColumns: - submittedBy - serviceCode - subject - language - categoryCode - ingestionTime - caseId - timeCreated - severityCode - resolveTime - displayId - submittedRole - account - status - accountName Permissions: - Principal: !Sub "${QuickSightUser}" Actions: - quicksight:DescribeDataSet - quicksight:DescribeDataSetPermissions - quicksight:PassDataSet - quicksight:DescribeIngestion - quicksight:ListIngestions - quicksight:UpdateDataSet - quicksight:DeleteDataSet - quicksight:CreateIngestion - quicksight:CancelIngestion - quicksight:UpdateDataSetPermissions CimaQSDataSetRefresh: Type: AWS::QuickSight::RefreshSchedule DependsOn: CimaQSDataSet Properties: AwsAccountId: !Sub ${AWS::AccountId} DataSetId: !Sub "Cima-${AWS::AccountId}" Schedule: RefreshType: FULL_REFRESH ScheduleFrequency: Interval: HOURLY ScheduleId: !Sub Cima-${AWS::AccountId}-datarefresh Outputs: CimaQSDataSetArn: Value: !GetAtt CimaQSDataSet.Arn Export: Name: CimaQSDataSetArn