AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Serverless language detection and translation workflow - it accepts an input text and starts a state machine (workflow), which: 1) detects the input text language by using Amazon Comprehend 2) if the confidence of the detected language is low, reach out to an agent by e-mail using Amazon SES to confirm/reject the detected language 3) translates the text into the target language (English by default), leveraging Amazon Translate and 4) stores the input text, the source and target language and the translated text in Amazon S3 ########################################################################## # Parameters # ########################################################################## Parameters: TargetLanguage : Type: String Description: (Optional) A validated language code as target for our translation. Default: 'en' VerifiedEmail: Type: String Description: (Required) A validated SES email address for receiving new submissions. MaxLength: 70 MinLength: 4 ConstraintDescription: Required. Must be an Amazon SES verified email address. Resources: GlobalAPIGatewayAccountConfig: Type: AWS::ApiGateway::Account Properties: CloudWatchRoleArn: !GetAtt GlobalAPIGatewayCloudWatchRole.Arn GlobalAPIGatewayCloudWatchRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - apigateway.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs ########################################################################## # SKELETON INFRASTRUCTURE # ########################################################################## SkeletonTranslationS3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true SkeletonStateMachineCloudWatchLogsGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: /skeleton-language-detection-and-translation/step-functions RetentionInDays: 7 SkeletonRestApiAccessCloudWatchLogsGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: /skeleton-language-detection-and-translation/api-gateway-access RetentionInDays: 7 SkeletonStateMachine: Type: AWS::Serverless::StateMachine # More info about State Machine Resource: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html Properties: Name: SkeletonLanguageDetectionAndTranslationStateMachine Type: STANDARD DefinitionUri: statemachine/skeleton-sfn-template.asl.json Logging: Destinations: - CloudWatchLogsLogGroup: LogGroupArn: !GetAtt SkeletonStateMachineCloudWatchLogsGroup.Arn IncludeExecutionData: True Level: ALL # ALL | ERROR | FATAL | OFF Tracing: Enabled: true DefinitionSubstitutions: TargetLanguage: !Ref TargetLanguage SourceEmail: !Ref VerifiedEmail APIEndpoint: !Sub "https://${SkeletonRestApi}.execute-api.${AWS::Region}.amazonaws.com/live" Policies: # Find out more about SAM policy templates: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html - ComprehendBasicAccessPolicy: {} - SESCrudPolicy: IdentityName: !Ref VerifiedEmail - S3CrudPolicy: BucketName: !Ref SkeletonTranslationS3Bucket - Version: 2012-10-17 Statement: - Effect: Allow Action: - translate:translateText Resource: "*" - Version: 2012-10-17 Statement: - Effect: Allow Action: # see https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html - logs:CreateLogDelivery - logs:GetLogDelivery - logs:UpdateLogDelivery - logs:DeleteLogDelivery - logs:ListLogDeliveries - logs:PutResourcePolicy - logs:DescribeResourcePolicies - logs:DescribeLogGroups Resource: "*" SkeletonRestApi: Type: AWS::Serverless::Api Properties: StageName: live EndpointConfiguration: Type: REGIONAL MethodSettings: - LoggingLevel: INFO ResourcePath: "/*" # allows for logging on any resource HttpMethod: "*" # allows for logging on any method AccessLogSetting: DestinationArn: !GetAtt SkeletonRestApiAccessCloudWatchLogsGroup.Arn Format: "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] $context.httpMethod $context.resourcePath $context.protocol $context.status $context.responseLength $context.requestId" TracingEnabled: True DefinitionBody: 'Fn::Transform': Name: 'AWS::Include' Parameters: Location: 'api/skeleton-api.yaml' SkeletonRestApiRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - apigateway.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs Policies: - PolicyName: AllowSFNStartListExecution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - states:StartExecution - states:ListExecutions - states:SendTaskSuccess - states:SendTaskFailure Resource: !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:SkeletonLanguageDetectionAndTranslationStateMachine" - PolicyName: AllowSFNStopDescribeExecution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - states:DescribeExecution - states:StopExecution Resource: !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:SkeletonLanguageDetectionAndTranslationStateMachine:*" ########################################################################## # SOLUTION INFRASTRUCTURE # ########################################################################## SolutionTranslationS3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Delete Properties: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true SolutionStateMachineCloudWatchLogsGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: /solution-language-detection-and-translation/step-functions RetentionInDays: 7 SolutionRestApiAccessCloudWatchLogsGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: /solution-language-detection-and-translation/api-gateway-access RetentionInDays: 7 SolutionStateMachine: Type: AWS::Serverless::StateMachine # More info about State Machine Resource: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html Properties: Name: SolutionLanguageDetectionAndTranslationStateMachine Type: STANDARD DefinitionUri: statemachine/solution-sfn-template.asl.json Logging: Destinations: - CloudWatchLogsLogGroup: LogGroupArn: !GetAtt SolutionStateMachineCloudWatchLogsGroup.Arn IncludeExecutionData: True Level: ALL # ALL | ERROR | FATAL | OFF Tracing: Enabled: true DefinitionSubstitutions: TargetLanguage: !Ref TargetLanguage TranslationS3Bucket: !Ref SolutionTranslationS3Bucket SourceEmail: !Ref VerifiedEmail APIEndpoint: !Sub "https://${SolutionRestApi}.execute-api.${AWS::Region}.amazonaws.com/live" Policies: # Find out more about SAM policy templates: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html - ComprehendBasicAccessPolicy: {} - SESCrudPolicy: IdentityName: !Ref VerifiedEmail - S3CrudPolicy: BucketName: !Ref SolutionTranslationS3Bucket - Version: 2012-10-17 Statement: - Effect: Allow Action: - translate:translateText Resource: "*" - Version: 2012-10-17 Statement: - Effect: Allow Action: # see https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html - logs:CreateLogDelivery - logs:GetLogDelivery - logs:UpdateLogDelivery - logs:DeleteLogDelivery - logs:ListLogDeliveries - logs:PutResourcePolicy - logs:DescribeResourcePolicies - logs:DescribeLogGroups Resource: "*" SolutionRestApi: Type: AWS::Serverless::Api Properties: StageName: live EndpointConfiguration: Type: REGIONAL MethodSettings: - LoggingLevel: INFO ResourcePath: "/*" # allows for logging on any resource HttpMethod: "*" # allows for logging on any method AccessLogSetting: DestinationArn: !GetAtt SolutionRestApiAccessCloudWatchLogsGroup.Arn Format: "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] $context.httpMethod $context.resourcePath $context.protocol $context.status $context.responseLength $context.requestId" TracingEnabled: True DefinitionBody: 'Fn::Transform': Name: 'AWS::Include' Parameters: Location: 'api/solution-api.yaml' SolutionRestApiRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - apigateway.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs Policies: - PolicyName: AllowSFNStartListExecution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - states:StartExecution - states:ListExecutions - states:SendTaskSuccess - states:SendTaskFailure Resource: !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:SolutionLanguageDetectionAndTranslationStateMachine" - PolicyName: AllowSFNStopDescribeExecution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - states:DescribeExecution - states:StopExecution Resource: !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:SolutionLanguageDetectionAndTranslationStateMachine:*" ########################################################################## # Outputs # ########################################################################## Outputs: SkeletonTranslationS3BucketName: Description: "Skeleton Amazon S3 bucket name" Value: !Ref SkeletonTranslationS3Bucket SkeletonTranslationS3BucketAWSConsoleLink: Description: "AWS Console link to the skeleton Amazon S3 bucket" Value: !Sub "https://s3.console.aws.amazon.com/s3/buckets/${SkeletonTranslationS3Bucket}" SkeletonStepFunctionsArn: Description: "Skeleton Step Functions ARN" Value: !GetAtt SkeletonStateMachine.Arn SkeletonStepFunctionsAWSConsoleLink: Description: "AWS Console link to the skeleton Step Functions state machine" Value: !Sub "https://console.aws.amazon.com/states/home?#/statemachines/view/${SkeletonStateMachine.Arn}" SkeletonRestApiId: Description: "Skeleton API Gateway id" Value: !Ref SkeletonRestApi SkeletonRestApiEndpoint: Description: "Skeleton API Gateway endpoint" Value: !Sub "https://${SkeletonRestApi}.execute-api.${AWS::Region}.amazonaws.com/live/" SkeletonRestApiAWSConsoleLink: Description: "AWS Console link to the skeleton API Gateway endpoint" Value: !Sub "https://console.aws.amazon.com/apigateway/home?#/apis/${SkeletonRestApi}/resources/${SkeletonRestApi.RootResourceId}" SkeletonStateMachineCloudWatchLogsGroupAWSConsoleLink: Description: "AWS Console link to the skeleton CloudWatch Log Groups for AWS Step Functions" Value: "https://console.aws.amazon.com/cloudwatch/home?#logsV2:log-groups/log-group/$252Fskeleton-language-detection-and-translation$252Fstep-functions" SkeletonRestApiAccessCloudWatchLogsGroupAWSConsoleLink: Description: "AWS Console link to the skeleton CloudWatch Log Groups for Amazon API Gateway access logs" Value: "https://console.aws.amazon.com/cloudwatch/home?#logsV2:log-groups/log-group/$252Fskeleton-language-detection-and-translation$252Fapi-gateway-access" SkeletonRestApiExecutionCloudWatchLogsGroupAWSConsoleLink: Description: "AWS Console link to the skeleton CloudWatch Log Groups for Amazon API Gateway execution logs" Value: !Sub "https://console.aws.amazon.com/cloudwatch/home?#logsV2:log-groups/log-group/API-Gateway-Execution-Logs_${SkeletonRestApi}$252Flive" SolutionTranslationS3BucketName: Description: "Solution Amazon S3 bucket name" Value: !Ref SolutionTranslationS3Bucket SolutionTranslationS3BucketAWSConsoleLink: Description: "AWS Console link to the solution Amazon S3 bucket" Value: !Sub "https://s3.console.aws.amazon.com/s3/buckets/${SolutionTranslationS3Bucket}" SolutionStepFunctionsArn: Description: "Solution Step Functions ARN" Value: !GetAtt SolutionStateMachine.Arn SolutionStepFunctionsAWSConsoleLink: Description: "AWS Console link to the solution Step Functions state machine" Value: !Sub "https://console.aws.amazon.com/states/home?#/statemachines/view/${SolutionStateMachine.Arn}" SolutionRestApiId: Description: "Solution API Gateway id" Value: !Ref SolutionRestApi SolutionRestApiEndpoint: Description: "Solution API Gateway endpoint" Value: !Sub "https://${SolutionRestApi}.execute-api.${AWS::Region}.amazonaws.com/live/" SolutionRestApiAWSConsoleLink: Description: "AWS Console link to the solution API Gateway endpoint" Value: !Sub "https://console.aws.amazon.com/apigateway/home?#/apis/${SolutionRestApi}/resources/${SolutionRestApi.RootResourceId}" SolutionStateMachineCloudWatchLogsGroupAWSConsoleLink: Description: "AWS Console link to the solution CloudWatch Log Groups for AWS Step Functions" Value: "https://console.aws.amazon.com/cloudwatch/home?#logsV2:log-groups/log-group/$252Fsolution-language-detection-and-translation$252Fstep-functions" SolutionRestApiAccessCloudWatchLogsGroupAWSConsoleLink: Description: "AWS Console link to the solution CloudWatch Log Groups for Amazon API Gateway access logs" Value: "https://console.aws.amazon.com/cloudwatch/home?#logsV2:log-groups/log-group/$252Fsolution-language-detection-and-translation$252Fapi-gateway-access" SolutionRestApiExecutionCloudWatchLogsGroupAWSConsoleLink: Description: "AWS Console link to the solution CloudWatch Log Groups for Amazon API Gateway execution logs" Value: !Sub "https://console.aws.amazon.com/cloudwatch/home?#logsV2:log-groups/log-group/API-Gateway-Execution-Logs_${SolutionRestApi}$252Flive"