AWSTemplateFormatVersion: "2010-09-09" Description: "(SO0042) - aws-content-analysis %%VERSION%%. This is the base AWS CloudFormation template that provisions resources for the AWS Content Analysis solution." Parameters: AdminEmail: Description: "Email address of the AWS Content Analysis administrator" Type: String OpensearchNodeSize: Description: "The node type to be provisioned for the Opensearch cluster" Type: String Default: "t3.small.search" AllowedValues: - "t3.small.search" - "m4.large.search" - "m4.xlarge.search" - "c4.large.search" - "c4.xlarge.search" - "r4.large.search" - "r4.xlarge.search" Conditions: EnableAnonymousData: !Equals [ !FindInMap [AnonymousData,SendAnonymousData,Data], "Yes"] Mappings: MediaInsightsEngine: Release: Version: "v5.1.2" Application: SourceCode: GlobalS3Bucket: "%%GLOBAL_BUCKET_NAME%%" TemplateKeyPrefix: "content-analysis-on-aws/%%VERSION%%" RegionalS3Bucket: "%%REGIONAL_BUCKET_NAME%%" CodeKeyPrefix: "content-analysis-on-aws/%%VERSION%%" Version: "%%VERSION%%" AnonymousData: SendAnonymousData: Data: "Yes" Resources: # Deploy MIE Framework MieStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Join - "" - - "https://solutions-reference.s3.amazonaws.com/media-insights-on-aws/" - !FindInMap - MediaInsightsEngine - Release - Version - "/media-insights-on-aws-stack.template" Parameters: DeployAnalyticsPipeline: "Yes" DeployTestResources: "No" MaxConcurrentWorkflows: 5 EnableXrayTrace: "Yes" SendAnonymousData: !FindInMap [AnonymousData,SendAnonymousData,Data] SolutionId: SO0042 SolutionVersion: "%%VERSION%%" # Deploy Opensearch OpensearchStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Join - "" - - "https://" - !FindInMap - Application - SourceCode - GlobalS3Bucket - ".s3.amazonaws.com/" - !FindInMap - Application - SourceCode - TemplateKeyPrefix - "/aws-content-analysis-opensearch.template" Parameters: AnalyticsStreamArn: !GetAtt MieStack.Outputs.AnalyticsStreamArn MieDataplaneBucket: !GetAtt MieStack.Outputs.DataplaneBucket NodeType: !Ref OpensearchNodeSize MieKMSKeyArn: !GetAtt MieStack.Outputs.MieKMSArn # Deploy Auth stack AuthStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Join - "" - - "https://" - !FindInMap - Application - SourceCode - GlobalS3Bucket - ".s3.amazonaws.com/" - !FindInMap - Application - SourceCode - TemplateKeyPrefix - "/aws-content-analysis-auth.template" Parameters: AdminEmail: !Ref AdminEmail WorkflowApiId: !GetAtt MieStack.Outputs.WorkflowApiRestID DataplaneApiId: !GetAtt MieStack.Outputs.DataplaneApiRestID SearchDomainArn: !GetAtt OpensearchStack.Outputs.DomainArn DataplaneBucket: !GetAtt MieStack.Outputs.DataplaneBucket ParentStackName: !Ref MieStack MieKMSKeyArn: !GetAtt MieStack.Outputs.MieKMSArn WebStack: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Join - "" - - "https://" - !FindInMap - Application - SourceCode - GlobalS3Bucket - ".s3.amazonaws.com/" - !FindInMap - Application - SourceCode - TemplateKeyPrefix - "/aws-content-analysis-web.template" Parameters: DataplaneEndpoint: !GetAtt MieStack.Outputs.DataplaneApiEndpoint WorkflowEndpoint: !GetAtt MieStack.Outputs.WorkflowApiEndpoint SearchEndpoint: !GetAtt OpensearchStack.Outputs.DomainEndpoint DataplaneBucket: !GetAtt MieStack.Outputs.DataplaneBucket UserPoolId: !GetAtt AuthStack.Outputs.UserPoolId IdentityPoolId: !GetAtt AuthStack.Outputs.IdentityPoolId PoolClientId: !GetAtt AuthStack.Outputs.UserPoolClientId # Deploy video workflow CompleteVideoWorkflow: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Join - "" - - "https://" - !FindInMap - Application - SourceCode - GlobalS3Bucket - ".s3.amazonaws.com/" - !FindInMap - Application - SourceCode - TemplateKeyPrefix - "/aws-content-analysis-video-workflow.template" Parameters: WorkflowCustomResourceArn: Fn::GetAtt: - MieStack - Outputs.WorkflowCustomResourceArn OperatorLibraryStack: Fn::GetAtt: - MieStack - Outputs.OperatorLibraryStack # Deploy image workflow CompleteImageWorkflow: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Join - "" - - "https://" - !FindInMap - Application - SourceCode - GlobalS3Bucket - ".s3.amazonaws.com/" - !FindInMap - Application - SourceCode - TemplateKeyPrefix - "/aws-content-analysis-image-workflow.template" Parameters: WorkflowCustomResourceArn: Fn::GetAtt: - MieStack - Outputs.WorkflowCustomResourceArn OperatorLibraryStack: Fn::GetAtt: - MieStack - Outputs.OperatorLibraryStack AnonymousDataCustomResourceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" Policies: - PolicyName: !Sub "${AWS::StackName}-anonymous-data-logger" PolicyDocument: Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: - !Join ["", ["arn:aws:logs:", Ref: "AWS::Region", ":", Ref: "AWS::AccountId", ":log-group:/aws/lambda/*"]] - Effect: Allow Action: - ssm:PutParameter Resource: - !Join ["", ["arn:aws:ssm:", Ref: "AWS::Region", ":", Ref: "AWS::AccountId", ":parameter/*"]] AnonymousDataCustomResource: Type: AWS::Lambda::Function Metadata: cfn_nag: rules_to_suppress: - id: W89 reason: "This Lambda function does not need to access any resource provisioned within a VPC." - id: W92 reason: "This function does not require performance optimization, so the default concurrency limits suffice." Properties: FunctionName: !Sub ${AWS::StackName}-anonymous-data Description: Used to send anonymous data Handler: anonymous-data-logger.handler Role: !GetAtt AnonymousDataCustomResourceRole.Arn Code: S3Bucket: !Join [ "-", [ !FindInMap [ "Application", "SourceCode", "RegionalS3Bucket" ], Ref: "AWS::Region" ] ] S3Key: !Join [ "/", [ !FindInMap [ "Application", "SourceCode", "CodeKeyPrefix" ], "anonymous-data-logger.zip" ] ] Runtime: python3.8 Timeout: 180 # SendAnonymousData AnonymousDataUuid: Condition: EnableAnonymousData Type: "Custom::UUID" Properties: ServiceToken: !GetAtt AnonymousDataCustomResource.Arn Resource: UUID AnonymousMetric: Condition: EnableAnonymousData Type: "Custom::AnonymousMetric" Properties: ServiceToken: !GetAtt AnonymousDataCustomResource.Arn Resource: AnonymousMetric SolutionId: "SO0042" UUID: !GetAtt AnonymousDataUuid.UUID Version: !FindInMap ["Application", "SourceCode", "Version"] Outputs: ContentAnalyisSolution: Value: !GetAtt WebStack.Outputs.CloudfrontUrl