--- AWSTemplateFormatVersion: '2010-09-09' Description: ServiceNow Incident Management integration for Amazon Connect (qs-1oe4gsu1d) Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Amazon Connect Configuration Parameters: - ConnectInstanceId - Label: default: ServiceNow Incident Management Configuration Parameters: - ServiceNowUserName - ServiceNowPassword - ServiceNowHost - Label: default: AWS Quick Start configuration (DO NOT CHANGE UNLESS DEPLOYING FROM YOUR OWN BUCKET) Parameters: - QSS3BucketName Parameters: ServiceNowUserName: Description: ServiceNow User Name AllowedPattern: "^.{5,50}$" ConstraintDescription: User name must be between 5 and 50 characters in length. Type: String ServiceNowPassword: Description: ServiceNow Password ConstraintDescription: Password must contain at least one upper case letter, on lower case letter, and one number. It must be at least 8 characters in length. Type: String NoEcho: true ServiceNowHost: Description: ServiceNow Host (example.service-now.com) AllowedPattern: "^[a-zA-Z0-9-.]+[.]service-now.com$" ConstraintDescription: Endpoint must be a valid ServiceNow API Host URI. For example, example.service-now.com Type: String ConnectInstanceId: Description: Amazon Connect instance ID AllowedPattern: "[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}" ConstraintDescription: Amazon Connect instance ID contains upper and lower case letters, numbers and dashes (-). Type: String QSS3BucketName: AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$" ConstraintDescription: >- Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: >- S3 bucket that you created for your copy of Quick Start assets. Use this if you decide to customize the Quick Start. This bucket name can include numbers, lowercase letters, uppercase letters, and hyphens but should not start or end with a hyphen. Type: String Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, "aws-quickstart"] Resources: InvokeServiceNowIntegrationTestFunction: Type: Custom::InvokeServiceNowIntegrationTestFunction Version: '1.0' DependsOn: ServiceNowIntegrationTest Properties: ServiceToken: Fn::GetAtt: ServiceNowIntegrationTest.Arn SNOW_USERNAME: Fn::Sub: "${ServiceNowUserName}" SNOW_HOST: Fn::Sub: "${ServiceNowHost}" SNOW_PASSWORD: Fn::Sub: "${ServiceNowPassword}" ServiceNowCreateIncidentConnectPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Ref: ServiceNowCreateIncident Principal: connect.amazonaws.com SourceAccount: Ref: AWS::AccountId SourceArn: Fn::Join: - '' - - 'arn:aws:connect:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":instance/" - Ref: ConnectInstanceId ServiceNowCreateIncidentExecutionPolicy: Type: AWS::IAM::Policy Properties: PolicyName: ServiceNowCreateIncidentExecutionPolicy Roles: - Ref: ServiceNowCreateIncidentExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: logs:CreateLogGroup Resource: Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*" - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ServiceNowCreateIncidentExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" ServiceNowCreateIncident: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: connect-integration-servicenow-itsm/functions/packages/CreateIncident/lambda.zip Description: ServiceNow CreateIncident Environment: Variables: SERVICENOW_USERNAME: Fn::Sub: "${ServiceNowUserName}" SERVICENOW_HOST: Fn::Sub: "${ServiceNowHost}" SERVICENOW_PASSWORD: Fn::Sub: "${ServiceNowPassword}" Handler: index.handler MemorySize: 128 Role: Fn::GetAtt: - ServiceNowCreateIncidentExecutionRole - Arn Timeout: 10 Runtime: nodejs14.x KeepServiceNowCreateIncidentWarmEventRule: Type: AWS::Events::Rule Properties: Description: Keeps the lambdas warm by pinging them every (n)minutes. ScheduleExpression: rate(10 minutes) State: ENABLED Targets: - Arn: Fn::GetAtt: - ServiceNowCreateIncident - Arn Id: ServiceNowCreateIncident Input: '{ "keepwarm": true }' PermissionForServiceNowCreateIncidentEventRuleToInvokeLambda: Type: AWS::Lambda::Permission Properties: FunctionName: Ref: ServiceNowCreateIncident Action: lambda:InvokeFunction Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - KeepServiceNowCreateIncidentWarmEventRule - Arn ServiceNowCreateIncidentByPhoneConnectPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Ref: ServiceNowCreateIncidentByPhone Principal: connect.amazonaws.com SourceAccount: Ref: AWS::AccountId SourceArn: Fn::Join: - '' - - 'arn:aws:connect:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":instance/" - Ref: ConnectInstanceId ServiceNowCreateIncidentByPhoneExecutionPolicy: Type: AWS::IAM::Policy Properties: PolicyName: ServiceNowCreateIncidentByPhoneExecutionPolicy Roles: - Ref: ServiceNowCreateIncidentByPhoneExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: logs:CreateLogGroup Resource: Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*" - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ServiceNowCreateIncidentByPhoneExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" ServiceNowCreateIncidentByPhone: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: connect-integration-servicenow-itsm/functions/packages/CreateIncidentByPhone/lambda.zip Description: ServiceNow CreateIncidentByPhone Environment: Variables: SERVICENOW_USERNAME: Fn::Sub: "${ServiceNowUserName}" SERVICENOW_HOST: Fn::Sub: "${ServiceNowHost}" SERVICENOW_PASSWORD: Fn::Sub: "${ServiceNowPassword}" Handler: index.handler MemorySize: 128 Role: Fn::GetAtt: - ServiceNowCreateIncidentByPhoneExecutionRole - Arn Timeout: 10 Runtime: nodejs14.x KeepServiceNowCreateIncidentByPhoneWarmEventRule: Type: AWS::Events::Rule Properties: Description: Keeps the lambdas warm by pinging them every (n)minutes. ScheduleExpression: rate(10 minutes) State: ENABLED Targets: - Arn: Fn::GetAtt: - ServiceNowCreateIncidentByPhone - Arn Id: ServiceNowCreateIncidentByPhone Input: '{ "keepwarm": true }' PermissionForServiceNowCreateIncidentByPhoneEventRuleToInvokeLambda: Type: AWS::Lambda::Permission Properties: FunctionName: Ref: ServiceNowCreateIncidentByPhone Action: lambda:InvokeFunction Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - KeepServiceNowCreateIncidentByPhoneWarmEventRule - Arn ServiceNowGetIncidentByPhoneConnectPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Ref: ServiceNowGetIncidentByPhone Principal: connect.amazonaws.com SourceAccount: Ref: AWS::AccountId SourceArn: Fn::Join: - '' - - 'arn:aws:connect:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":instance/" - Ref: ConnectInstanceId ServiceNowGetIncidentByPhoneExecutionPolicy: Type: AWS::IAM::Policy Properties: PolicyName: ServiceNowGetIncidentByPhoneExecutionPolicy Roles: - Ref: ServiceNowGetIncidentByPhoneExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: logs:CreateLogGroup Resource: Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*" - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ServiceNowGetIncidentByPhoneExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" ServiceNowGetIncidentByPhone: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: connect-integration-servicenow-itsm/functions/packages/GetIncidentByPhone/lambda.zip Description: ServiceNow GetIncidentByPhone Environment: Variables: SERVICENOW_USERNAME: Fn::Sub: "${ServiceNowUserName}" SERVICENOW_HOST: Fn::Sub: "${ServiceNowHost}" SERVICENOW_PASSWORD: Fn::Sub: "${ServiceNowPassword}" Handler: index.handler MemorySize: 128 Role: Fn::GetAtt: - ServiceNowGetIncidentByPhoneExecutionRole - Arn Timeout: 10 Runtime: nodejs14.x KeepServiceNowGetIncidentByPhoneWarmEventRule: Type: AWS::Events::Rule Properties: Description: Keeps the lambdas warm by pinging them every (n)minutes. ScheduleExpression: rate(10 minutes) State: ENABLED Targets: - Arn: Fn::GetAtt: - ServiceNowGetIncidentByPhone - Arn Id: ServiceNowGetIncidentByPhone Input: '{ "keepwarm": true }' PermissionForServiceNowGetIncidentByPhoneEventRuleToInvokeLambda: Type: AWS::Lambda::Permission Properties: FunctionName: Ref: ServiceNowGetIncidentByPhone Action: lambda:InvokeFunction Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - KeepServiceNowGetIncidentByPhoneWarmEventRule - Arn ServiceNowGetIncidentStateConnectPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Ref: ServiceNowGetIncidentState Principal: connect.amazonaws.com SourceAccount: Ref: AWS::AccountId SourceArn: Fn::Join: - '' - - 'arn:aws:connect:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":instance/" - Ref: ConnectInstanceId ServiceNowGetIncidentStateExecutionPolicy: Type: AWS::IAM::Policy Properties: PolicyName: ServiceNowGetIncidentStateExecutionPolicy Roles: - Ref: ServiceNowGetIncidentStateExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: logs:CreateLogGroup Resource: Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*" - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ServiceNowGetIncidentStateExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" ServiceNowGetIncidentState: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: connect-integration-servicenow-itsm/functions/packages/GetIncidentState/lambda.zip Description: ServiceNow GetIncidentState Environment: Variables: SERVICENOW_USERNAME: Fn::Sub: "${ServiceNowUserName}" SERVICENOW_HOST: Fn::Sub: "${ServiceNowHost}" SERVICENOW_PASSWORD: Fn::Sub: "${ServiceNowPassword}" Handler: index.handler MemorySize: 128 Role: Fn::GetAtt: - ServiceNowGetIncidentStateExecutionRole - Arn Timeout: 10 Runtime: nodejs14.x KeepServiceNowGetIncidentStateWarmEventRule: Type: AWS::Events::Rule Properties: Description: Keeps the lambdas warm by pinging them every (n)minutes. ScheduleExpression: rate(10 minutes) State: ENABLED Targets: - Arn: Fn::GetAtt: - ServiceNowGetIncidentState - Arn Id: ServiceNowGetIncidentState Input: '{ "keepwarm": true }' PermissionForServiceNowGetIncidentStateEventRuleToInvokeLambda: Type: AWS::Lambda::Permission Properties: FunctionName: Ref: ServiceNowGetIncidentState Action: lambda:InvokeFunction Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - KeepServiceNowGetIncidentStateWarmEventRule - Arn ServiceNowGetLatestStateByPhoneConnectPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Ref: ServiceNowGetLatestStateByPhone Principal: connect.amazonaws.com SourceAccount: Ref: AWS::AccountId SourceArn: Fn::Join: - '' - - 'arn:aws:connect:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":instance/" - Ref: ConnectInstanceId ServiceNowGetLatestStateByPhoneExecutionPolicy: Type: AWS::IAM::Policy Properties: PolicyName: ServiceNowGetLatestStateByPhoneExecutionPolicy Roles: - Ref: ServiceNowGetLatestStateByPhoneExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: logs:CreateLogGroup Resource: Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*" - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ServiceNowGetLatestStateByPhoneExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" ServiceNowGetLatestStateByPhone: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: connect-integration-servicenow-itsm/functions/packages/GetLatestStateByPhone/lambda.zip Description: ServiceNow GetLatestStateByPhone Environment: Variables: SERVICENOW_USERNAME: Fn::Sub: "${ServiceNowUserName}" SERVICENOW_HOST: Fn::Sub: "${ServiceNowHost}" SERVICENOW_PASSWORD: Fn::Sub: "${ServiceNowPassword}" Handler: index.handler MemorySize: 128 Role: Fn::GetAtt: - ServiceNowGetLatestStateByPhoneExecutionRole - Arn Timeout: 10 Runtime: nodejs14.x KeepServiceNowGetLatestStateByPhoneWarmEventRule: Type: AWS::Events::Rule Properties: Description: Keeps the lambdas warm by pinging them every (n)minutes. ScheduleExpression: rate(10 minutes) State: ENABLED Targets: - Arn: Fn::GetAtt: - ServiceNowGetLatestStateByPhone - Arn Id: ServiceNowGetLatestStateByPhone Input: '{"keepwarm": true}' PermissionForServiceNowGetLatestStateByPhoneEventRuleToInvokeLambda: Type: AWS::Lambda::Permission Properties: FunctionName: Ref: ServiceNowGetLatestStateByPhone Action: lambda:InvokeFunction Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - KeepServiceNowGetLatestStateByPhoneWarmEventRule - Arn ServiceNowIntegrationTestConnectPermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: Ref: ServiceNowIntegrationTest Principal: connect.amazonaws.com SourceAccount: Ref: AWS::AccountId SourceArn: Fn::Join: - '' - - 'arn:aws:connect:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":instance/" - Ref: ConnectInstanceId ServiceNowIntegrationTestExecutionPolicy: Type: AWS::IAM::Policy Properties: PolicyName: ServiceNowIntegrationTestExecutionPolicy Roles: - Ref: ServiceNowIntegrationTestExecutionRole PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: logs:CreateLogGroup Resource: Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:*" - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - Fn::Sub: "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ServiceNowIntegrationTestExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" ServiceNowIntegrationTest: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: connect-integration-servicenow-itsm/functions/packages/integrationTest/lambda.zip Description: ServiceNow IntegrationTest Environment: Variables: SERVICENOW_USERNAME: Fn::Sub: "${ServiceNowUserName}" SERVICENOW_HOST: Fn::Sub: "${ServiceNowHost}" SERVICENOW_PASSWORD: Fn::Sub: "${ServiceNowPassword}" Handler: index.handle MemorySize: 128 Role: Fn::GetAtt: - ServiceNowIntegrationTestExecutionRole - Arn Timeout: 10 Runtime: nodejs14.x KeepServiceNowIntegrationTestWarmEventRule: Type: AWS::Events::Rule Properties: Description: Keeps the lambdas warm by pinging them every (n)minutes. ScheduleExpression: rate(10 minutes) State: ENABLED Targets: - Arn: Fn::GetAtt: - ServiceNowIntegrationTest - Arn Id: ServiceNowIntegrationTest Input: '{"keepwarm": true}' PermissionForServiceNowIntegrationTestEventRuleToInvokeLambda: Type: AWS::Lambda::Permission Properties: FunctionName: Ref: ServiceNowIntegrationTest Action: lambda:InvokeFunction Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - KeepServiceNowIntegrationTestWarmEventRule - Arn Outputs: ServiceNowCreateIncidentArnOutput: Description: The ARN of the CreateIncident Lambda Value: Fn::GetAtt: - ServiceNowCreateIncident - Arn ServiceNowCreateIncidentByPhoneArnOutput: Description: The ARN of the CreateIncidentByPhone Lambda Value: Fn::GetAtt: - ServiceNowCreateIncidentByPhone - Arn ServiceNowGetIncidentByPhoneArnOutput: Description: The ARN of the GetIncidentByPhone Lambda Value: Fn::GetAtt: - ServiceNowGetIncidentByPhone - Arn ServiceNowGetIncidentStateArnOutput: Description: The ARN of the GetIncidentState Lambda Value: Fn::GetAtt: - ServiceNowGetIncidentState - Arn ServiceNowGetLatestStateByPhoneArnOutput: Description: The ARN of the GetLatestStateByPhone Lambda Value: Fn::GetAtt: - ServiceNowGetLatestStateByPhone - Arn