AWSTemplateFormatVersion: "2010-09-09" Description: Validate Boomi platform license (qs-1r813c2of). Parameters: QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-eks-boomi-molecule/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String BoomiUsername: Description: The email account associated with the Boomi account. Type: String NoEcho: true BoomiPassword: Description: The password associated with the Boomi account. Type: String NoEcho: true Default: "" BoomiAccountID: Description: The Boomi account ID that you want to associate with the new Molecule cluster. Type: String NoEcho: true BoomiMFAAPIToken: Description: An MFA API token generated by your Boomi administrator. Type: String NoEcho: true Default: "" Rules: PasswordOrMFAToken: Assertions: - Assert: !Or - !And - !Equals [!Ref BoomiPassword, ''] - !Not [!Equals [!Ref BoomiMFAAPIToken, '']] - !And - !Not [!Equals [!Ref BoomiPassword, '']] - !Equals [!Ref BoomiMFAAPIToken, ''] AssertDescription: You must supply either a password *or* an MFA installation and API token. Conditions: APITokenProvided: !Not [!Equals [!Ref BoomiMFAAPIToken, '']] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, "aws-quickstart"] Mappings: Config: Prefix: { Value: 'boomi-eks-quickstart' } Resources: BoomiVerifyLicense: Type: Custom::BoomiVerifyLicense Properties: ServiceToken: !GetAtt "BoomiVerifyLicenseFunction.Arn" BoomiUsername: !If - APITokenProvided - !Sub "BOOMI_TOKEN.${BoomiUsername}" - !Ref "BoomiUsername" BoomiPassword: !If - APITokenProvided - !Ref "BoomiMFAAPIToken" - !Ref "BoomiPassword" BoomiAccountID: !Ref "BoomiAccountID" TokenType: "Molecule" TokenTimeout: 90 BoomiVerifyLicenseFunction: Type: AWS::Lambda::Function Properties: Description: Verifies account has available molecule licenses. Handler: lambda_function.lambda_handler Runtime: python3.7 Role: !GetAtt "BoomiAPIRole.Arn" Timeout: 240 Code: S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Key: !Sub '${QSS3KeyPrefix}functions/packages/LicenseVerificationAndTokenGenerator/lambda.zip' BoomiAPIRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Policies: - PolicyName: !Sub ['${Prefix}-lambda-zips-s3-read-${AWS::Region}', {Prefix: !FindInMap [Config, Prefix, Value]}] PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: s3:GetObject Resource: - !Sub 'arn:${AWS::Partition}:s3:::${QSS3BucketName}/*' - !Sub 'arn:${AWS::Partition}:s3:::${QSS3BucketName}' Outputs: BoomiMFAInstallToken: Description: An MFA installation token generated by Lambda Value: !If [APITokenProvided, !GetAtt BoomiVerifyLicense.InstallToken, ""]