{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Amazon Connect Voicemail Stack", "Resources": { "ContactVoicemailStreamLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/voicemail.stream", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "ContactVoicemailStreamIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Description": "AWS Lambda Function that will be triggered when records are written into the ContactVoicemail Table.\n", "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" }, "GLOBAL_TABLE_NAME": { "Ref": "GlobalTable" }, "CONTACT_VOICEMAIL_TABLE_NAME": { "Ref": "ContactVoicemailTable" }, "SIGNED_RECORDING_URL_EXP": { "Ref": "SignedRecordingUrlExpiration" }, "DELIVERY_EMAIL": { "Ref": "DeliveryEmail" }, "AVAILABLE_SMS_COUNTRIES": { "Ref": "AvailableSMSCountries" }, "SECRET_ARN": { "Ref": "VoicemailSecret" } } } }, "DependsOn": [ "ContactVoicemailStreamIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "TranscriptionEventsLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/transcription.process", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "TranscriptionEventsIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Description": "AWS Lambda Function that will be triggered when transcription status changes.", "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" }, "GLOBAL_TABLE_NAME": { "Ref": "GlobalTable" }, "CONTACT_VOICEMAIL_TABLE_NAME": { "Ref": "ContactVoicemailTable" }, "SIGNED_RECORDING_URL_EXP": { "Ref": "SignedRecordingUrlExpiration" }, "AVAILABLE_SMS_COUNTRIES": { "Ref": "AvailableSMSCountries" } } } }, "DependsOn": [ "TranscriptionEventsIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "GetAgentByExtensionLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/agents.getAgentByExtension", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "GetAgentByExtensionIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Description": "AWS Lambda Function that will be triggered when dialog flow needs to get agent's information based on phone extension", "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" } } } }, "DependsOn": [ "GetAgentByExtensionIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "CognitoUsersConfigLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/cognito.usersConfig", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "CognitoUsersConfigIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" }, "GLOBAL_TABLE_NAME": { "Ref": "GlobalTable" }, "AVAILABLE_SMS_COUNTRIES": { "Ref": "AvailableSMSCountries" }, "COGNITO_USER_POOL_ID": { "Ref": "CognitoUserPoolUserPool" }, "DELIVERY_EMAIL": { "Ref": "DeliveryEmail" } } } }, "DependsOn": [ "CognitoUsersConfigIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "AuthorizerLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/authorizer.handler", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "AuthorizerIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "COGNITO_USER_POOL_ID": { "Ref": "CognitoUserPoolUserPool" }, "APP_REGION": { "Ref": "AWS::Region" } } } }, "DependsOn": [ "AuthorizerIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "AgentsGetLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/agents.getAgents", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "AgentsGetIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" } } } }, "DependsOn": [ "AgentsGetIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "AgentsUpdateByIdLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/agents.updateAgentById", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "AgentsUpdateByIdIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" } } } }, "DependsOn": [ "AgentsUpdateByIdIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "AgentsGetByIdLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/agents.getAgentById", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "AgentsGetByIdIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" } } } }, "DependsOn": [ "AgentsGetByIdIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "GlobalSettingsUpdateLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/global-settings.update", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "GlobalSettingsUpdateIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "GLOBAL_TABLE_NAME": { "Ref": "GlobalTable" }, "AVAILABLE_SMS_COUNTRIES": { "Ref": "AvailableSMSCountries" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" } } } }, "DependsOn": [ "GlobalSettingsUpdateIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "GlobalSettingsGetLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/global-settings.get", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "GlobalSettingsGetIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "GLOBAL_TABLE_NAME": { "Ref": "GlobalTable" }, "AVAILABLE_SMS_COUNTRIES": { "Ref": "AvailableSMSCountries" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" } } } }, "DependsOn": [ "GlobalSettingsGetIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "BuildContactFlowLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/contact-flow.build", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "BuildContactFlowIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 30, "Environment": { "Variables": { "GET_AGENT_BY_EXTENSION_LAMBDA_ARN": { "Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${GetAgentByExtensionLambdaFunction}" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" }, "SOLUTION_ID": { "Ref": "SolutionId" }, "UUID": { "Ref": "Uuid" }, "SEND_ANON_DATA": { "Ref": "SendAnonymousData" } } } }, "DependsOn": [ "BuildContactFlowIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "KvsProcessRecordingLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm-java.jar", "S3ObjectVersion": { "Ref": "LambdaDeploymentJarPackageVersion" } }, "Handler": "com.amazonaws.kvstream.KVSProcessRecordingLambda::handleRequest", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "KvsProcessRecordingIamRole", "Arn" ] }, "Runtime": "java8.al2", "Timeout": 900, "Description": "Process recording via CTR", "Environment": { "Variables": { "START_SELECTOR_TYPE": "FRAGMENT_NUMBER", "TRANSCRIBE_REGION": { "Ref": "AWS::Region" }, "RECORDINGS_KEY_PREFIX": "recordings/", "RECORDINGS_BUCKET_NAME": { "Ref": "AudioRecordingsBucket" }, "INPUT_KEY_PREFIX": "audio-file-input/", "LOG_RECORDS_FLAG": "TRUE", "RECORDINGS_PUBLIC_READ_ACL": "FALSE", "APP_REGION": { "Ref": "AWS::Region" }, "CONTACT_VOICEMAIL_TABLE_NAME": { "Ref": "ContactVoicemailTable" }, "SOLUTION_ID": { "Ref": "SolutionId" }, "UUID": { "Ref": "Uuid" }, "SEND_ANON_DATA": { "Ref": "SendAnonymousData" } } } }, "DependsOn": [ "KvsProcessRecordingIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "ConnectSyncRequestLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/sync-vm-connect.syncRequestHandler", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "ConnectSyncRequestIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 60, "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" }, "SOLUTION_ID": { "Ref": "SolutionId" }, "UUID": { "Ref": "Uuid" }, "SEND_ANON_DATA": { "Ref": "SendAnonymousData" } } } }, "DependsOn": [ "ConnectSyncRequestIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "ConnectSyncLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "ServerlessDeploymentBucket" }, "S3Key": "aws-connect-vm-serverless/aws-connect-vm.zip", "S3ObjectVersion": { "Ref": "LambdaDeploymentZipPackageVersion" } }, "Handler": "handler/sync-vm-connect.syncHandler", "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "ConnectSyncIamRole", "Arn" ] }, "Runtime": "nodejs16.x", "Timeout": 900, "Environment": { "Variables": { "USERS_TABLE_NAME": { "Ref": "UsersTable" }, "AMAZON_CONNECT_INSTANCE_ARN": { "Ref": "AmazonConnectInstanceArn" }, "SOLUTION_ID": { "Ref": "SolutionId" }, "UUID": { "Ref": "Uuid" }, "SEND_ANON_DATA": { "Ref": "SendAnonymousData" } } } }, "DependsOn": [ "ConnectSyncIamRole" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "Lambda functions will not be deployed inside a VPC for now" }, { "id": "W92", "reason": "Lambda functions will not define ReservedConcurrentExecutions to reserve simultaneous executions for now" } ] } } }, "ConnectSyncEventsRuleSchedule1": { "Type": "AWS::Events::Rule", "Properties": { "ScheduleExpression": "cron(0 0 * * ? *)", "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "ConnectSyncLambdaFunction", "Arn" ] }, "Id": "ConnectSyncSchedule" } ] } }, "ConnectSyncLambdaPermissionEventsRuleSchedule1": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "ConnectSyncLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "ConnectSyncEventsRuleSchedule1", "Arn" ] } } }, "ApiGatewayRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-", "api" ] ] }, "EndpointConfiguration": { "Types": [ "EDGE" ] }, "Policy": "" } }, "ApiGatewayResourceAgents": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Fn::GetAtt": [ "ApiGatewayRestApi", "RootResourceId" ] }, "PathPart": "agents", "RestApiId": { "Ref": "ApiGatewayRestApi" } } }, "ApiGatewayResourceAgentsAgentidVar": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Ref": "ApiGatewayResourceAgents" }, "PathPart": "{agentId}", "RestApiId": { "Ref": "ApiGatewayRestApi" } } }, "ApiGatewayResourceAgentsSync": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Ref": "ApiGatewayResourceAgents" }, "PathPart": "sync", "RestApiId": { "Ref": "ApiGatewayRestApi" } } }, "ApiGatewayResourceGlobal": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Fn::GetAtt": [ "ApiGatewayRestApi", "RootResourceId" ] }, "PathPart": "global", "RestApiId": { "Ref": "ApiGatewayRestApi" } } }, "ApiGatewayResourceGlobalSettings": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Ref": "ApiGatewayResourceGlobal" }, "PathPart": "settings", "RestApiId": { "Ref": "ApiGatewayRestApi" } } }, "ApiGatewayResourceContact": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Fn::GetAtt": [ "ApiGatewayRestApi", "RootResourceId" ] }, "PathPart": "contact", "RestApiId": { "Ref": "ApiGatewayRestApi" } } }, "ApiGatewayResourceContactFlow": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Ref": "ApiGatewayResourceContact" }, "PathPart": "flow", "RestApiId": { "Ref": "ApiGatewayRestApi" } } }, "ApiGatewayMethodAgentsOptions": { "Type": "AWS::ApiGateway::Method", "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "MethodResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": true, "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true }, "ResponseModels": {} } ], "RequestParameters": {}, "Integration": { "Type": "MOCK", "RequestTemplates": { "application/json": "{statusCode:200}" }, "ContentHandling": "CONVERT_TO_TEXT", "IntegrationResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET'" }, "ResponseTemplates": { "application/json": "#set($origin = $input.params(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params(\"origin\")) #end\n#if($origin.matches(\".+\")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end" } } ] }, "ResourceId": { "Ref": "ApiGatewayResourceAgents" }, "RestApiId": { "Ref": "ApiGatewayRestApi" } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W59", "reason": "Options method cannot have an authorizer." } ] } } }, "ApiGatewayMethodAgentsAgentidVarOptions": { "Type": "AWS::ApiGateway::Method", "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "MethodResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": true, "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true }, "ResponseModels": {} } ], "RequestParameters": {}, "Integration": { "Type": "MOCK", "RequestTemplates": { "application/json": "{statusCode:200}" }, "ContentHandling": "CONVERT_TO_TEXT", "IntegrationResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,POST'" }, "ResponseTemplates": { "application/json": "#set($origin = $input.params(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params(\"origin\")) #end\n#if($origin.matches(\".+\")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end" } } ] }, "ResourceId": { "Ref": "ApiGatewayResourceAgentsAgentidVar" }, "RestApiId": { "Ref": "ApiGatewayRestApi" } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W59", "reason": "Options method cannot have an authorizer." } ] } } }, "ApiGatewayMethodGlobalSettingsOptions": { "Type": "AWS::ApiGateway::Method", "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "MethodResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": true, "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true }, "ResponseModels": {} } ], "RequestParameters": {}, "Integration": { "Type": "MOCK", "RequestTemplates": { "application/json": "{statusCode:200}" }, "ContentHandling": "CONVERT_TO_TEXT", "IntegrationResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,POST'" }, "ResponseTemplates": { "application/json": "#set($origin = $input.params(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params(\"origin\")) #end\n#if($origin.matches(\".+\")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end" } } ] }, "ResourceId": { "Ref": "ApiGatewayResourceGlobalSettings" }, "RestApiId": { "Ref": "ApiGatewayRestApi" } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W59", "reason": "Options method cannot have an authorizer." } ] } } }, "ApiGatewayMethodContactFlowOptions": { "Type": "AWS::ApiGateway::Method", "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "MethodResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": true, "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true }, "ResponseModels": {} } ], "RequestParameters": {}, "Integration": { "Type": "MOCK", "RequestTemplates": { "application/json": "{statusCode:200}" }, "ContentHandling": "CONVERT_TO_TEXT", "IntegrationResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,POST'" }, "ResponseTemplates": { "application/json": "#set($origin = $input.params(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params(\"origin\")) #end\n#if($origin.matches(\".+\")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end" } } ] }, "ResourceId": { "Ref": "ApiGatewayResourceContactFlow" }, "RestApiId": { "Ref": "ApiGatewayRestApi" } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W59", "reason": "Options method cannot have an authorizer." } ] } } }, "ApiGatewayMethodAgentsSyncOptions": { "Type": "AWS::ApiGateway::Method", "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "MethodResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": true, "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true }, "ResponseModels": {} } ], "RequestParameters": {}, "Integration": { "Type": "MOCK", "RequestTemplates": { "application/json": "{statusCode:200}" }, "ContentHandling": "CONVERT_TO_TEXT", "IntegrationResponses": [ { "StatusCode": "200", "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,POST'" }, "ResponseTemplates": { "application/json": "#set($origin = $input.params(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params(\"origin\")) #end\n#if($origin.matches(\".+\")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end" } } ] }, "ResourceId": { "Ref": "ApiGatewayResourceAgentsSync" }, "RestApiId": { "Ref": "ApiGatewayRestApi" } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W59", "reason": "Options method cannot have an authorizer." } ] } } }, "ApiGatewayMethodAgentsGet": { "Type": "AWS::ApiGateway::Method", "Properties": { "HttpMethod": "GET", "RequestParameters": {}, "ResourceId": { "Ref": "ApiGatewayResourceAgents" }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "ApiKeyRequired": false, "AuthorizationType": "CUSTOM", "AuthorizerId": { "Ref": "AuthorizerApiGatewayAuthorizer" }, "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "AgentsGetLambdaFunction", "Arn" ] }, "/invocations" ] ] } }, "MethodResponses": [] }, "DependsOn": "AuthorizerApiGatewayAuthorizer" }, "ApiGatewayMethodAgentsAgentidVarPost": { "Type": "AWS::ApiGateway::Method", "Properties": { "HttpMethod": "POST", "RequestParameters": {}, "ResourceId": { "Ref": "ApiGatewayResourceAgentsAgentidVar" }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "ApiKeyRequired": false, "AuthorizationType": "CUSTOM", "AuthorizerId": { "Ref": "AuthorizerApiGatewayAuthorizer" }, "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "AgentsUpdateByIdLambdaFunction", "Arn" ] }, "/invocations" ] ] } }, "MethodResponses": [] }, "DependsOn": "AuthorizerApiGatewayAuthorizer" }, "ApiGatewayMethodAgentsAgentidVarGet": { "Type": "AWS::ApiGateway::Method", "Properties": { "HttpMethod": "GET", "RequestParameters": {}, "ResourceId": { "Ref": "ApiGatewayResourceAgentsAgentidVar" }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "ApiKeyRequired": false, "AuthorizationType": "CUSTOM", "AuthorizerId": { "Ref": "AuthorizerApiGatewayAuthorizer" }, "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "AgentsGetByIdLambdaFunction", "Arn" ] }, "/invocations" ] ] } }, "MethodResponses": [] }, "DependsOn": "AuthorizerApiGatewayAuthorizer" }, "ApiGatewayMethodGlobalSettingsPost": { "Type": "AWS::ApiGateway::Method", "Properties": { "HttpMethod": "POST", "RequestParameters": {}, "ResourceId": { "Ref": "ApiGatewayResourceGlobalSettings" }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "ApiKeyRequired": false, "AuthorizationType": "CUSTOM", "AuthorizerId": { "Ref": "AuthorizerApiGatewayAuthorizer" }, "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "GlobalSettingsUpdateLambdaFunction", "Arn" ] }, "/invocations" ] ] } }, "MethodResponses": [] }, "DependsOn": "AuthorizerApiGatewayAuthorizer" }, "ApiGatewayMethodGlobalSettingsGet": { "Type": "AWS::ApiGateway::Method", "Properties": { "HttpMethod": "GET", "RequestParameters": {}, "ResourceId": { "Ref": "ApiGatewayResourceGlobalSettings" }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "ApiKeyRequired": false, "AuthorizationType": "CUSTOM", "AuthorizerId": { "Ref": "AuthorizerApiGatewayAuthorizer" }, "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "GlobalSettingsGetLambdaFunction", "Arn" ] }, "/invocations" ] ] } }, "MethodResponses": [] }, "DependsOn": "AuthorizerApiGatewayAuthorizer" }, "ApiGatewayMethodContactFlowPost": { "Type": "AWS::ApiGateway::Method", "Properties": { "HttpMethod": "POST", "RequestParameters": {}, "ResourceId": { "Ref": "ApiGatewayResourceContactFlow" }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "ApiKeyRequired": false, "AuthorizationType": "CUSTOM", "AuthorizerId": { "Ref": "AuthorizerApiGatewayAuthorizer" }, "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "BuildContactFlowLambdaFunction", "Arn" ] }, "/invocations" ] ] } }, "MethodResponses": [] }, "DependsOn": "AuthorizerApiGatewayAuthorizer" }, "ApiGatewayMethodAgentsSyncPost": { "Type": "AWS::ApiGateway::Method", "Properties": { "HttpMethod": "POST", "RequestParameters": {}, "ResourceId": { "Ref": "ApiGatewayResourceAgentsSync" }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "ApiKeyRequired": false, "AuthorizationType": "CUSTOM", "AuthorizerId": { "Ref": "AuthorizerApiGatewayAuthorizer" }, "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "ConnectSyncRequestLambdaFunction", "Arn" ] }, "/invocations" ] ] } }, "MethodResponses": [] }, "DependsOn": "AuthorizerApiGatewayAuthorizer" }, "AuthorizerApiGatewayAuthorizer": { "Type": "AWS::ApiGateway::Authorizer", "Properties": { "AuthorizerResultTtlInSeconds": 300, "IdentitySource": "method.request.header.Authorization", "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-", "authorizer" ] ] }, "RestApiId": { "Ref": "ApiGatewayRestApi" }, "IdentityValidationExpression": "Bearer (.*)", "AuthorizerUri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "AuthorizerLambdaFunction", "Arn" ] }, "/invocations" ] ] }, "Type": "TOKEN" } }, "ApiGatewayDeployment1627667883720": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ApiGatewayRestApi" }, "StageName": "prod" }, "DependsOn": [ "ApiGatewayMethodAgentsOptions", "ApiGatewayMethodAgentsAgentidVarOptions", "ApiGatewayMethodGlobalSettingsOptions", "ApiGatewayMethodContactFlowOptions", "ApiGatewayMethodAgentsSyncOptions", "ApiGatewayMethodAgentsGet", "ApiGatewayMethodAgentsAgentidVarPost", "ApiGatewayMethodAgentsAgentidVarGet", "ApiGatewayMethodGlobalSettingsPost", "ApiGatewayMethodGlobalSettingsGet", "ApiGatewayMethodContactFlowPost", "ApiGatewayMethodAgentsSyncPost" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W45", "reason": "Updating this field prevents stack updates." } ] } } }, "ApiGatewayApiKey1": { "Type": "AWS::ApiGateway::ApiKey", "Properties": { "Enabled": true, "StageKeys": [ { "RestApiId": { "Ref": "ApiGatewayRestApi" }, "StageName": "prod" } ] }, "DependsOn": "ApiGatewayDeployment1627667883720" }, "ApiGatewayUsagePlan": { "Type": "AWS::ApiGateway::UsagePlan", "DependsOn": "ApiGatewayDeployment1627667883720", "Properties": { "ApiStages": [ { "ApiId": { "Ref": "ApiGatewayRestApi" }, "Stage": "prod" } ], "Description": "Usage plan for aws-connect-vm prod stage", "Throttle": { "BurstLimit": 500, "RateLimit": 50.0 } } }, "ApiGatewayUsagePlanKey1": { "Type": "AWS::ApiGateway::UsagePlanKey", "Properties": { "KeyId": { "Ref": "ApiGatewayApiKey1" }, "KeyType": "API_KEY", "UsagePlanId": { "Ref": "ApiGatewayUsagePlan" } } }, "AgentsGetLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "AgentsGetLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "AuthorizerLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "AuthorizerLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "AgentsUpdateByIdLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "AgentsUpdateByIdLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "AgentsGetByIdLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "AgentsGetByIdLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "GlobalSettingsUpdateLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "GlobalSettingsUpdateLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "GlobalSettingsGetLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "GlobalSettingsGetLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "BuildContactFlowLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "BuildContactFlowLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "ConnectSyncRequestLambdaPermissionApiGateway": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "ConnectSyncRequestLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "ApiGatewayRestApi" }, "/*/*" ] ] } } }, "ContactVoicemailStreamEventSourceMappingDynamodbContactVoicemailTable": { "Type": "AWS::Lambda::EventSourceMapping", "DependsOn": "ContactVoicemailStreamIamRole", "Properties": { "BatchSize": 10, "EventSourceArn": { "Fn::GetAtt": [ "ContactVoicemailTable", "StreamArn" ] }, "FunctionName": { "Fn::GetAtt": [ "ContactVoicemailStreamLambdaFunction", "Arn" ] }, "StartingPosition": "TRIM_HORIZON", "Enabled": true } }, "KvsProcessRecordingEventSourceMappingKinesisDataStream": { "Type": "AWS::Lambda::EventSourceMapping", "DependsOn": "KvsProcessRecordingIamRole", "Properties": { "BatchSize": 10, "EventSourceArn": { "Fn::GetAtt": [ "DataStream", "Arn" ] }, "FunctionName": { "Fn::GetAtt": [ "KvsProcessRecordingLambdaFunction", "Arn" ] }, "StartingPosition": "TRIM_HORIZON", "Enabled": true, "MaximumBatchingWindowInSeconds": 1 } }, "TranscriptionEventsEventsRuleCloudWatchEvent1": { "Type": "AWS::Events::Rule", "Properties": { "EventPattern": { "source": [ "aws.transcribe" ], "detail-type": [ "Transcribe Job State Change" ], "detail": { "TranscriptionJobStatus": [ "COMPLETED", "FAILED" ] } }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "TranscriptionEventsLambdaFunction", "Arn" ] }, "Id": "TranscriptionEventsCloudWatchEvent" } ] } }, "TranscriptionEventsLambdaPermissionEventsRuleCloudWatchEvent1": { "Type": "AWS::Lambda::Permission", "Properties": { "FunctionName": { "Fn::GetAtt": [ "TranscriptionEventsLambdaFunction", "Arn" ] }, "Action": "lambda:InvokeFunction", "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "TranscriptionEventsEventsRuleCloudWatchEvent1", "Arn" ] } } }, "CognitoUserPoolUserPool": { "Type": "AWS::Cognito::UserPool", "Properties": { "UsernameAttributes": [ "email" ], "Schema": [ { "AttributeDataType": "String", "Mutable": true, "Name": "roles" }, { "AttributeDataType": "String", "Name": "email", "Mutable": { "Ref": "IsSamlInstance" }, "Required": true } ], "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": true }, "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED" } } }, "UserPoolDomain": { "Type": "AWS::Cognito::UserPoolDomain", "Properties": { "Domain": { "Ref": "UserPoolDomainName" }, "UserPoolId": { "Ref": "CognitoUserPoolUserPool" } } }, "UserPoolAdminGroup": { "Type": "AWS::Cognito::UserPoolGroup", "Properties": { "GroupName": "Admin", "UserPoolId": { "Ref": "CognitoUserPoolUserPool" } } }, "UserPoolManagerGroup": { "Type": "AWS::Cognito::UserPoolGroup", "Properties": { "GroupName": "Manager", "UserPoolId": { "Ref": "CognitoUserPoolUserPool" } } }, "AmazonConnectGetAgentLambdaRights": { "Type": "AWS::Lambda::Permission", "Description": "Allows amazon connect to invoke the GetAgentByExtension lambda", "Properties": { "FunctionName": { "Ref": "GetAgentByExtensionLambdaFunction" }, "Action": "lambda:InvokeFunction", "Principal": "connect.amazonaws.com" } }, "CognitoUsersConfig": { "Type": "Custom::CognitoUsersConfig", "DependsOn": [ "CognitoUserPoolUserPool" ], "Properties": { "ServiceToken": { "Fn::GetAtt": [ "CognitoUsersConfigLambdaFunction", "Arn" ] }, "UUID": "f77c3128-fbed-4795-a477-24c3a6417d09", "AdminEmail": { "Ref": "AdminEmail" }, "AdminFirstName": { "Ref": "AdminFirstName" }, "AdminLastName": { "Ref": "AdminLastName" }, "ManagerEmail": { "Ref": "ManagerEmail" }, "ManagerFirstName": { "Ref": "ManagerFirstName" }, "ManagerLastName": { "Ref": "ManagerLastName" } } }, "UsersTable": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "agentId", "AttributeType": "S" }, { "AttributeName": "extension", "AttributeType": "S" } ], "KeySchema": [ { "AttributeName": "agentId", "KeyType": "HASH" } ], "BillingMode": "PAY_PER_REQUEST", "GlobalSecondaryIndexes": [ { "IndexName": "AgentExtensionIndex", "KeySchema": [ { "AttributeName": "extension", "KeyType": "HASH" } ], "Projection": { "ProjectionType": "ALL" } } ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "SSEEnabled": true } } }, "GlobalTable": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "instanceArn", "AttributeType": "S" } ], "KeySchema": [ { "AttributeName": "instanceArn", "KeyType": "HASH" } ], "BillingMode": "PAY_PER_REQUEST", "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "SSEEnabled": true } } }, "ContactVoicemailTable": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "contactId", "AttributeType": "S" }, { "AttributeName": "readerId", "AttributeType": "S" }, { "AttributeName": "assigneeId", "AttributeType": "S" } ], "KeySchema": [ { "AttributeName": "contactId", "KeyType": "HASH" }, { "AttributeName": "readerId", "KeyType": "RANGE" } ], "BillingMode": "PAY_PER_REQUEST", "SSESpecification": { "SSEEnabled": true }, "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "StreamSpecification": { "StreamViewType": "NEW_AND_OLD_IMAGES" }, "GlobalSecondaryIndexes": [ { "IndexName": "AssigneeIdIndex", "KeySchema": [ { "AttributeName": "assigneeId", "KeyType": "HASH" } ], "Projection": { "ProjectionType": "ALL" } } ] } }, "DataStream": { "Type": "AWS::Kinesis::Stream", "Properties": { "RetentionPeriodHours": { "Ref": "DataStreamRetention" }, "ShardCount": { "Ref": "DataStreamShardCount" }, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" } } }, "AudioRecordingsBucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "LogDeliveryWrite", "VersioningConfiguration": { "Status": "Enabled" }, "OwnershipControls":{ "Rules": [ { "ObjectOwnership": "BucketOwnerPreferred" } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "CorsConfiguration": { "CorsRules": [ { "AllowedOrigins": [ "*" ], "AllowedHeaders": [ "*" ], "AllowedMethods": [ "PUT", "HEAD" ], "MaxAge": "3000" } ] }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "VoicemailAccessLogBucket" }, "LogFilePrefix": "audio-recording-bucket-logs" } } }, "ApiAccessLogGroup": { "Type": "AWS::Logs::LogGroup", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W84", "reason": "CloudWatchLogs LogGroup will not specify a KMS Key Id to encrypt the log data for now." }, { "id": "W86", "reason": "CloudWatchLogs LogGroup will not specify RetentionInDays to expire the log data for now." } ] } } }, "ApiGwIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "apigateway.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" ] } }, "ApiGwAccountConfig": { "Type": "AWS::ApiGateway::Account", "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "ApiGwIamRole", "Arn" ] } } }, "ContactVoicemailStreamIamRole": { "DependsOn": [ "VoicemailSecret" ], "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "ContactVoicemailStreamPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "ses:SendRawEmail" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "NotResource": "arn:aws:sns:*:*:*" }, { "Effect": "Allow", "Action": [ "transcribe:GetTranscriptionJob" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams" ], "Resource": [ { "Fn::GetAtt": [ "ContactVoicemailTable", "StreamArn" ] } ] }, { "Effect": "Allow", "Action": [ "dynamodb:GetItem" ], "Resource": [ { "Fn::GetAtt": [ "GlobalTable", "Arn" ] }, { "Fn::GetAtt": [ "UsersTable", "Arn" ] } ] }, { "Effect": "Allow", "Action": [ "connect:DescribeUser" ], "Resource": { "Fn::Join": [ "", [ { "Ref": "AmazonConnectInstanceArn" }, "/agent/*" ] ] } }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetSignedUrl" ], "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AudioRecordingsBucket", "Arn" ] }, "/*" ] ] } }, { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": { "Ref": "VoicemailSecret" } } ] } } ] }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W21", "reason": "NotResource needed to send SMS from SNS." }, { "id": "W11", "reason": "Must allow all resources for transcribe." }, { "id": "W76", "reason": "IAM policy needs the verbosity." } ] } } }, "TranscriptionEventsIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "TranscriptionEventsPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:Query", "dynamodb:UpdateItem" ], "Resource": { "Fn::GetAtt": [ "ContactVoicemailTable", "Arn" ] } } ] } } ] } }, "GetAgentByExtensionIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "GetAgentByExtensionPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:Query" ], "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "UsersTable", "Arn" ] }, "/index/*" ] ] } }, { "Effect": "Allow", "Action": [ "connect:ListUsers", "connect:DescribeUser" ], "Resource": [ { "Ref": "AmazonConnectInstanceArn" }, { "Fn::Join": [ "", [ { "Ref": "AmazonConnectInstanceArn" }, "/agent/*" ] ] } ] } ] } } ] } }, "CognitoUsersConfigIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "CognitoUsersConfigPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "cognito-idp:AdminCreateUser", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminGetUser", "cognito-idp:AdminAddUserToGroup" ], "Resource": { "Fn::GetAtt": [ "CognitoUserPoolUserPool", "Arn" ] } }, { "Effect": "Allow", "Action": [ "dynamodb:PutItem" ], "Resource": [ { "Fn::GetAtt": [ "GlobalTable", "Arn" ] } ] } ] } } ] } }, "AuthorizerIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "AuthorizerPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] } ] } } ] } }, "AgentsGetIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "AgentsGetPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:Scan" ], "Resource": [ { "Fn::GetAtt": [ "UsersTable", "Arn" ] } ] } ] } } ] } }, "AgentsUpdateByIdIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "AgentsUpdateByIdPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:UpdateItem" ], "Resource": [ { "Fn::GetAtt": [ "UsersTable", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "UsersTable", "Arn" ] }, "/index/*" ] ] } ] }, { "Effect": "Allow", "Action": [ "connect:DescribeUser" ], "Resource": { "Fn::Join": [ "", [ { "Ref": "AmazonConnectInstanceArn" }, "/agent/*" ] ] } } ] } } ] } }, "AgentsGetByIdIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "AgentsGetByIdPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem" ], "Resource": [ { "Fn::GetAtt": [ "UsersTable", "Arn" ] } ] }, { "Effect": "Allow", "Action": [ "connect:ListUsers", "connect:DescribeUser" ], "Resource": { "Fn::Join": [ "", [ { "Ref": "AmazonConnectInstanceArn" }, "/agent/*" ] ] } } ] } } ] } }, "GlobalSettingsUpdateIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "GlobalSettingsUpdatePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:UpdateItem" ], "Resource": [ { "Fn::GetAtt": [ "GlobalTable", "Arn" ] } ] } ] } } ] } }, "GlobalSettingsGetIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "GlobalSettingsGetPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:GetItem" ], "Resource": [ { "Fn::GetAtt": [ "GlobalTable", "Arn" ] } ] } ] } } ] } }, "BuildContactFlowIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "BuildContactFlowPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "connect:ListQueues" ], "Resource": { "Fn::Join": [ "", [ { "Ref": "AmazonConnectInstanceArn" }, "/queue/*" ] ] } } ] } } ] } }, "KvsProcessRecordingIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "KvsProcessRecordingPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "transcribe:GetTranscriptionJob", "transcribe:StartTranscriptionJob" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesis:GetMedia", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:DescribeStream", "kinesis:ListStreams" ], "Resource": { "Fn::GetAtt": [ "DataStream", "Arn" ] } }, { "Effect": "Allow", "Action": [ "dynamodb:PutItem" ], "Resource": { "Fn::GetAtt": [ "ContactVoicemailTable", "Arn" ] } }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:PutObjectAcl" ], "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AudioRecordingsBucket", "Arn" ] }, "/*" ] ] } }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetMedia", "kinesisvideo:GetDataEndpoint" ], "Resource": "*" } ] } } ] }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W11", "reason": "Must allow all resources for kinesis video streams." } ] } } }, "ConnectSyncRequestIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "ConnectSyncRequestPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:Scan", "dynamodb:BatchWriteItem" ], "Resource": [ { "Fn::GetAtt": [ "UsersTable", "Arn" ] } ] }, { "Effect": "Allow", "Action": [ "connect:ListUsers" ], "Resource": { "Ref": "AmazonConnectInstanceArn" } } ] } } ] } }, "ConnectSyncIamRole": { "Type": "AWS::IAM::Role", "Properties": { "Path": "/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "ConnectSyncPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ { "Fn::Sub": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*" } ] }, { "Effect": "Allow", "Action": [ "dynamodb:Scan", "dynamodb:BatchWriteItem" ], "Resource": [ { "Fn::GetAtt": [ "UsersTable", "Arn" ] } ] }, { "Effect": "Allow", "Action": [ "connect:ListUsers" ], "Resource": { "Ref": "AmazonConnectInstanceArn" } } ] } } ] } }, "VoicemailIamUser": { "DependsOn": [ "VoicemailIamUserGroup" ], "Type": "AWS::IAM::User", "Properties": { "Groups": [ { "Ref": "VoicemailIamUserGroup" } ] } }, "VoicemailIamUserGroup": { "Type": "AWS::IAM::Group", "Properties": { "Policies": [ { "PolicyName": "VoicemailIamPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetSignedUrl" ], "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AudioRecordingsBucket", "Arn" ] }, "/*" ] ] } } ] } } ] } }, "VoicemailIamUserAccessKey": { "DependsOn": [ "VoicemailIamUser" ], "Type": "AWS::IAM::AccessKey", "Properties": { "UserName": { "Ref": "VoicemailIamUser" } } }, "VoicemailSecret": { "DependsOn": [ "VoicemailIamUser", "VoicemailIamUserAccessKey" ], "Type": "AWS::SecretsManager::Secret", "Properties": { "Description": "IAM Access Key Secret", "SecretString": { "Fn::Join": [ "", [ "{\"accessKeyId\":", "\"", { "Ref": "VoicemailIamUserAccessKey" }, "\"", ",\"secretAccessKey\":", "\"", { "Fn::GetAtt": [ "VoicemailIamUserAccessKey", "SecretAccessKey" ] }, "\"}" ] ] } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W77", "reason": "Uses the account's default AWS managed CMK for Secrets Manager\u00b7" } ] } } }, "AudioRecordingsBucketReadPolicy": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "AudioRecordingsBucket" }, "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "AWS": { "Ref": "AWS::AccountId" } }, "Action": "s3:GetObject", "Resource": { "Fn::Sub": "arn:aws:s3:::${AudioRecordingsBucket}/*" } }, { "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": { "Fn::Sub": "arn:aws:s3:::${AudioRecordingsBucket}/*" }, "Condition": { "Bool": { "aws:SecureTransport": "false" } } } ] } } } }, "Outputs": { "ServerlessDeploymentBucketName": { "Value": { "Ref": "ServerlessDeploymentBucket" } }, "ServiceEndpoint": { "Description": "URL of the service endpoint", "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "ApiGatewayRestApi" }, ".execute-api.", { "Ref": "AWS::Region" }, ".", { "Ref": "AWS::URLSuffix" }, "/prod" ] ] } }, "ApiGatewayApiKey": { "Value": { "Ref": "ApiGatewayApiKey1" } }, "CognitoDomain": { "Value": { "Fn::Sub": "${UserPoolDomain}.auth.${AWS::Region}.amazoncognito.com" } }, "UserPoolId": { "Value": { "Ref": "CognitoUserPoolUserPool" } }, "UserPoolArn": { "Value": { "Fn::GetAtt": [ "CognitoUserPoolUserPool", "Arn" ] } } }, "Parameters": { "AmazonConnectInstanceArn": { "Type": "String", "Default": "", "Description": "The ARN of your Amazon Connect Instance" }, "DataStreamRetention": { "Description": "Data Stream Retention in Hours", "Default": 24, "Type": "Number" }, "DataStreamShardCount": { "Description": "Number of shards for the Data Stream", "Default": 1, "Type": "Number" }, "DeliveryEmail": { "Description": "Transcription delivery email. Make sure this email is verified", "Default": "", "Type": "String" }, "AvailableSMSCountries": { "Default": "us,ca", "Type": "String" }, "AdminEmail": { "Default": "", "Type": "String" }, "AdminFirstName": { "Default": "", "Type": "String" }, "AdminLastName": { "Default": "", "Type": "String" }, "ManagerEmail": { "Default": "", "Type": "String" }, "ManagerFirstName": { "Default": "", "Type": "String" }, "ManagerLastName": { "Default": "", "Type": "String" }, "SignedRecordingUrlExpiration": { "Default": 900, "Type": "String" }, "UserPoolDomainName": { "Default": "", "Type": "String" }, "SolutionId": { "Default": "", "Type": "String" }, "Uuid": { "Default": "", "Type": "String" }, "VoicemailAccessLogBucket": { "Default": "VoicemailAccessLogBucket", "Type": "String" }, "SendAnonymousData": { "Default": "", "Type": "String" }, "IsSamlInstance": { "Default": false, "Type": "String", "AllowedValues": [ true, false ] }, "ServerlessDeploymentBucket": { "Type": "String", "Default": "", "Description": "The bucket to which the lambda zips are deployed to" }, "LambdaDeploymentJarPackageVersion": { "Type": "String", "Default": "", "Description": "S3 Object Version of the Lambda Deployment Jar Package" }, "LambdaDeploymentZipPackageVersion": { "Type": "String", "Default": "", "Description": "S3 Object Version of the Lambda Deployment Zip Package" } } }