// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`test Text Analysis Fireshose Stream Creation 1`] = ` { "Mappings": { "ServiceprincipalMap": { "af-south-1": { "states": "states.af-south-1.amazonaws.com", }, "ap-east-1": { "states": "states.ap-east-1.amazonaws.com", }, "ap-northeast-1": { "states": "states.ap-northeast-1.amazonaws.com", }, "ap-northeast-2": { "states": "states.ap-northeast-2.amazonaws.com", }, "ap-northeast-3": { "states": "states.ap-northeast-3.amazonaws.com", }, "ap-south-1": { "states": "states.ap-south-1.amazonaws.com", }, "ap-southeast-1": { "states": "states.ap-southeast-1.amazonaws.com", }, "ap-southeast-2": { "states": "states.ap-southeast-2.amazonaws.com", }, "ap-southeast-3": { "states": "states.ap-southeast-3.amazonaws.com", }, "ca-central-1": { "states": "states.ca-central-1.amazonaws.com", }, "cn-north-1": { "states": "states.cn-north-1.amazonaws.com", }, "cn-northwest-1": { "states": "states.cn-northwest-1.amazonaws.com", }, "eu-central-1": { "states": "states.eu-central-1.amazonaws.com", }, "eu-north-1": { "states": "states.eu-north-1.amazonaws.com", }, "eu-south-1": { "states": "states.eu-south-1.amazonaws.com", }, "eu-south-2": { "states": "states.eu-south-2.amazonaws.com", }, "eu-west-1": { "states": "states.eu-west-1.amazonaws.com", }, "eu-west-2": { "states": "states.eu-west-2.amazonaws.com", }, "eu-west-3": { "states": "states.eu-west-3.amazonaws.com", }, "me-south-1": { "states": "states.me-south-1.amazonaws.com", }, "sa-east-1": { "states": "states.sa-east-1.amazonaws.com", }, "us-east-1": { "states": "states.us-east-1.amazonaws.com", }, "us-east-2": { "states": "states.us-east-2.amazonaws.com", }, "us-gov-east-1": { "states": "states.us-gov-east-1.amazonaws.com", }, "us-gov-west-1": { "states": "states.us-gov-west-1.amazonaws.com", }, "us-iso-east-1": { "states": "states.amazonaws.com", }, "us-iso-west-1": { "states": "states.amazonaws.com", }, "us-isob-east-1": { "states": "states.amazonaws.com", }, "us-west-1": { "states": "states.us-west-1.amazonaws.com", }, "us-west-2": { "states": "states.us-west-2.amazonaws.com", }, }, }, "Parameters": { "AssetParameters5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9ArtifactHash32683187": { "Description": "Artifact hash for asset "5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9"", "Type": "String", }, "AssetParameters5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9S3BucketAC3F2800": { "Description": "S3 bucket for asset "5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9"", "Type": "String", }, "AssetParameters5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9S3VersionKey1A88747F": { "Description": "S3 key for asset version "5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9"", "Type": "String", }, "AssetParametersf97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319ArtifactHashCD6D92C0": { "Description": "Artifact hash for asset "f97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319"", "Type": "String", }, "AssetParametersf97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319S3BucketF39E83D7": { "Description": "S3 bucket for asset "f97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319"", "Type": "String", }, "AssetParametersf97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319S3VersionKey4FA0E541": { "Description": "S3 key for asset version "f97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319"", "Type": "String", }, "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fArtifactHash5A5E5F70": { "Description": "Artifact hash for asset "fc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172f"", "Type": "String", }, "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3BucketF2871FA7": { "Description": "S3 bucket for asset "fc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172f"", "Type": "String", }, "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3VersionKey06956216": { "Description": "S3 key for asset version "fc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172f"", "Type": "String", }, }, "Resources": { "AccessLogD598EBE9": { "DeletionPolicy": "Retain", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "AccessLogPolicy4B3DB856": { "Properties": { "Bucket": { "Ref": "AccessLogD598EBE9", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "AccessLogD598EBE9", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AccessLogD598EBE9", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "s3:PutObject", "Condition": { "ArnLike": { "aws:SourceArn": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, ], }, "StringEquals": { "aws:SourceAccount": { "Ref": "AWS::AccountId", }, }, }, "Effect": "Allow", "Principal": { "Service": "logging.s3.amazonaws.com", }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AccessLogD598EBE9", "Arn", ], }, "/TestTopicOrchestration-TopicIngestion*", ], ], }, "Sid": "TestTopicOrchestration-TopicIngestionAccessLogsPolicy", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "EventBus7B8748AA": { "Properties": { "Name": "EventBus", }, "Type": "AWS::Events::EventBus", }, "RawBucket0C3EE094": { "DeletionPolicy": "Retain", "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "TestTopicOrchestrationCheckStatusLambdaFunctionA7FE15A7": { "DependsOn": [ "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleDefaultPolicy40B1AC57", "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleFC3D008E", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersf97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319S3BucketF39E83D7", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersf97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319S3VersionKey4FA0E541", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersf97d71ed668637029e397729342c34c997f1e5275bfccbd327e16328ccc52319S3VersionKey4FA0E541", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "SOURCE_PREFIX": "TWITTER", }, }, "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleFC3D008E", "Arn", ], }, "Runtime": "nodejs14.x", "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleDefaultPolicy40B1AC57": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleDefaultPolicy40B1AC57", "Roles": [ { "Ref": "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleFC3D008E", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleFC3D008E": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationLambdaComprehendPassPolicy21453497": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "iam:GetRole", "iam:PassRole", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "TestTopicOrchestrationTopicAnalysisRoleA05A37B7", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationLambdaComprehendPassPolicy21453497", "Roles": [ { "Ref": "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRole9B98F733", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationLambdaDescribeJobPolicy08843BA7": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "The * resource allows lambda function to access Amazon Comprehend services for Topic Detection. The Comprehend services not have a resource arn. This permission is retricted to the lambda function responsible for accessing the Amazon Comprehend service", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "comprehend:DescribeTopicsDetectionJob", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationLambdaDescribeJobPolicy08843BA7", "Roles": [ { "Ref": "TestTopicOrchestrationCheckStatusLambdaFunctionServiceRoleFC3D008E", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationLambdaEventBusPolicy03772C08": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "events:PutEvents", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "EventBus7B8748AA", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationLambdaEventBusPolicy03772C08", "Roles": [ { "Ref": "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleA93DCFF6", }, { "Ref": "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleCADCA216", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationLambdaSubmitJobPolicy86E8696F": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "The * resource allows lambda function to access Amazon Comprehend services for Topic Detection. The Comprehend services not have a resource arn. This permission is retricted to the lambda function responsible for accessing the Amazon Comprehend service", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "comprehend:StartTopicsDetectionJob", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationLambdaSubmitJobPolicy86E8696F", "Roles": [ { "Ref": "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRole9B98F733", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationPublishTopicMappingLambdaFunctionC85663AB": { "DependsOn": [ "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleDefaultPolicyCCA1993C", "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleA93DCFF6", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3BucketF2871FA7", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3VersionKey06956216", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3VersionKey06956216", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "EVENT_BUS_NAME": { "Ref": "EventBus7B8748AA", }, "RAW_DATA_FEED": { "Ref": "RawBucket0C3EE094", }, "SOURCE_PREFIX": "TWITTER", "TOPICS_EVENT_NAMESPACE": "com.test.topic", "TOPIC_MAPPINGS_EVENT_NAMESPACE": "com.test.mappings", }, }, "Handler": "lambda_function.topic_mapping_handler", "MemorySize": 256, "Role": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleA93DCFF6", "Arn", ], }, "Runtime": "python3.8", "Timeout": 900, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleA93DCFF6": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleDefaultPolicyCCA1993C": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", "Arn", ], }, }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "RawBucket0C3EE094", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "RawBucket0C3EE094", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleDefaultPolicyCCA1993C", "Roles": [ { "Ref": "TestTopicOrchestrationPublishTopicMappingLambdaFunctionServiceRoleA93DCFF6", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationPublishTopicMappingLambdaFunctionSqsEventSourceTestTopicOrchestrationPublishTopicMappingqueueCB3900F7B3D796BD": { "Properties": { "BatchSize": 1, "EventSourceArn": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", "Arn", ], }, "FunctionName": { "Ref": "TestTopicOrchestrationPublishTopicMappingLambdaFunctionC85663AB", }, }, "Type": "AWS::Lambda::EventSourceMapping", }, "TestTopicOrchestrationPublishTopicMappingdeadLetterQueue8801FDAD": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "TestTopicOrchestrationPublishTopicMappingdeadLetterQueuePolicy320AC862": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingdeadLetterQueue8801FDAD", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingdeadLetterQueue8801FDAD", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "TestTopicOrchestrationPublishTopicMappingdeadLetterQueue8801FDAD", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", "RedrivePolicy": { "deadLetterTargetArn": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingdeadLetterQueue8801FDAD", "Arn", ], }, "maxReceiveCount": 15, }, "VisibilityTimeout": 7200, }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "TestTopicOrchestrationPublishTopicMappingqueuePolicy75E7B202": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "TestTopicOrchestrationSubmitTopicLambdaFunctionAF8CDE7C": { "DependsOn": [ "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRoleDefaultPolicyF32FE4DE", "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRole9B98F733", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9S3BucketAC3F2800", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9S3VersionKey1A88747F", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters5eb138bcabdac206282a06f2998fc828103a57d765d20f360f86a7b7b46cf9f9S3VersionKey1A88747F", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "DATA_ACCESS_ARN": { "Fn::GetAtt": [ "TestTopicOrchestrationTopicAnalysisRoleA05A37B7", "Arn", ], }, "INGESTION_S3_BUCKET_NAME": { "Ref": "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", }, "INGESTION_WINDOW": "2", "NUMBER_OF_TOPICS": "10", "RAW_BUCKET_FEED": { "Ref": "RawBucket0C3EE094", }, "S3_BUCKET_NAME": { "Ref": "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", }, "SOURCE_PREFIX": "TWITTER", "STACK_NAME": { "Ref": "AWS::StackName", }, }, }, "Handler": "index.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": [ "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRole9B98F733", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 600, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRole9B98F733": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRoleDefaultPolicyF32FE4DE": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject*", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, "/*", ], ], }, ], }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "RawBucket0C3EE094", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "RawBucket0C3EE094", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRoleDefaultPolicyF32FE4DE", "Roles": [ { "Ref": "TestTopicOrchestrationSubmitTopicLambdaFunctionServiceRole9B98F733", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionE1F9A9BF": { "DependsOn": [ "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleDefaultPolicy469B0CAF", "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleCADCA216", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3BucketF2871FA7", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3VersionKey06956216", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3VersionKey06956216", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "EVENT_BUS_NAME": { "Ref": "EventBus7B8748AA", }, "QUEUE_NAME": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", "QueueName", ], }, "RAW_DATA_FEED": { "Ref": "RawBucket0C3EE094", }, "SOURCE_PREFIX": "TWITTER", "TOPICS_EVENT_NAMESPACE": "com.test.topic", "TOPIC_MAPPINGS_EVENT_NAMESPACE": "com.test.mappings", }, }, "Handler": "lambda_function.topic_terms_handler", "Role": { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleCADCA216", "Arn", ], }, "Runtime": "python3.8", "Timeout": 900, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleCADCA216": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleDefaultPolicy469B0CAF": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "RawBucket0C3EE094", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "RawBucket0C3EE094", "Arn", ], }, "/*", ], ], }, ], }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleDefaultPolicy469B0CAF", "Roles": [ { "Ref": "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionServiceRoleCADCA216", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionADF218D4": { "DependsOn": [ "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionServiceRoleDefaultPolicyE4EA3CC8", "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionServiceRole8173FF8E", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3BucketF2871FA7", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3VersionKey06956216", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersfc3bb7675d8c2d1f45dc47e762cbd94c8c15c3d3db103dec9060f8794c47172fS3VersionKey06956216", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "EVENT_BUS_NAME": { "Ref": "EventBus7B8748AA", }, "QUEUE_NAME": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", "QueueName", ], }, "RAW_DATA_FEED": { "Ref": "RawBucket0C3EE094", }, "SOURCE_PREFIX": "TWITTER", "TOPICS_EVENT_NAMESPACE": "com.test.topic", "TOPIC_MAPPINGS_EVENT_NAMESPACE": "com.test.mappings", }, }, "Handler": "lambda_function.topic_handler", "MemorySize": 256, "Role": { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionServiceRole8173FF8E", "Arn", ], }, "Runtime": "python3.8", "Timeout": 900, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionServiceRole8173FF8E": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionServiceRoleDefaultPolicyE4EA3CC8": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, "/*", ], ], }, ], }, { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "TestTopicOrchestrationPublishTopicMappingqueue0E95A5DA", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionServiceRoleDefaultPolicyE4EA3CC8", "Roles": [ { "Ref": "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionServiceRole8173FF8E", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationTopicAnalysisRoleA05A37B7": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "comprehend.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationTopicAnalysisRoleDefaultPolicy7273C9AF": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject*", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationTopicAnalysisRoleDefaultPolicy7273C9AF", "Roles": [ { "Ref": "TestTopicOrchestrationTopicAnalysisRoleA05A37B7", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57": { "DeletionPolicy": "Retain", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "AccessLogD598EBE9", }, "LogFilePrefix": "TestTopicOrchestration-TopicIngestion/", }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "TestTopicOrchestrationTopicIngestionS3BucketPolicy4681CCF5": { "Properties": { "Bucket": { "Ref": "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationTopicIngestionS3Bucket953D8D57", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "TestTopicOrchestrationTopicModelWFStateMachineLogPolicyA30F4823": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationTopicModelWFStateMachineLogPolicyA30F4823", "Roles": [ { "Ref": "TestTopicOrchestrationTopicModelWFStateMachineRole30F829E0", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationTopicModelWFStateMachineRole30F829E0": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": { "Fn::Join": [ "", [ "states.", { "Ref": "AWS::Region", }, ".amazonaws.com", ], ], }, }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationTopicModelWFWorkflowEngineD9D94961": { "DependsOn": [ "TestTopicOrchestrationTopicModelWFStateMachineRole30F829E0", "TestTopicOrchestrationTopicModelWFWorkflowEngineRoleDefaultPolicy2B38430E", "TestTopicOrchestrationTopicModelWFWorkflowEngineRoleC78D5F5C", ], "Properties": { "DefinitionString": { "Fn::Join": [ "", [ "{"StartAt":"Submit","States":{"Submit":{"Next":"JobSubmitted?","Retry":[{"ErrorEquals":["Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],"IntervalSeconds":2,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"SubmitTopicTaskFailed"}],"Type":"Task","HeartbeatSeconds":900,"OutputPath":"$.Payload","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::lambda:invoke","Parameters":{"FunctionName":"", { "Fn::GetAtt": [ "TestTopicOrchestrationSubmitTopicLambdaFunctionAF8CDE7C", "Arn", ], }, "","Payload.$":"$"}},"JobSubmitted?":{"Type":"Choice","Comment":"Check if the topic modeling job is submitted","InputPath":"$","Choices":[{"Variable":"$.JobStatus","StringEquals":"NO_DATA","Next":"NoData"},{"Variable":"$.JobStatus","StringEquals":"FAILED","Next":"SubmitFailed"}],"Default":"Check Status"},"Check Status":{"Next":"JobComplete?","Retry":[{"ErrorEquals":["Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],"IntervalSeconds":2,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"CheckStatusTaskFailed"}],"Type":"Task","HeartbeatSeconds":900,"InputPath":"$","OutputPath":"$.Payload","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::lambda:invoke","Parameters":{"FunctionName":"", { "Fn::GetAtt": [ "TestTopicOrchestrationCheckStatusLambdaFunctionA7FE15A7", "Arn", ], }, "","Payload.$":"$"}},"Wait":{"Type":"Wait","Seconds":600,"Next":"Check Status"},"JobComplete?":{"Type":"Choice","Comment":"Check if the topic modeling job is complete","InputPath":"$","Choices":[{"Variable":"$.JobStatus","StringEquals":"COMPLETED","Next":"PublishTopic"},{"Variable":"$.JobStatus","StringEquals":"IN_PROGRESS","Next":"Wait"},{"Variable":"$.JobStatus","StringEquals":"SUBMITTED","Next":"Wait"}],"Default":"JobFailed"},"JobFailed":{"Type":"Fail"},"PublishTopic":{"Type":"Parallel","Comment":"Parallely process various platform types","End":true,"InputPath":"$","OutputPath":"$","Branches":[{"StartAt":"PublishTopicForTWITTER","States":{"PublishTopicForTWITTER":{"Type":"Parallel","Comment":"Parallely process topic inferences for TWITTER","End":true,"InputPath":"$","OutputPath":"$","Branches":[{"StartAt":"Publish Topic Terms for TWITTER","States":{"Publish Topic Terms for TWITTER":{"End":true,"Retry":[{"ErrorEquals":["Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],"IntervalSeconds":2,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"TWITTERPublishTopicTermsTaskFailed"}],"Type":"Task","HeartbeatSeconds":900,"OutputPath":"$.Payload","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::lambda:invoke","Parameters":{"FunctionName":"", { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionE1F9A9BF", "Arn", ], }, "","Payload.$":"$"}},"TWITTERPublishTopicTermsTaskFailed":{"Type":"Fail","Cause":"$.cause"}}},{"StartAt":"Publish Topics for TWITTER","States":{"Publish Topics for TWITTER":{"End":true,"Retry":[{"ErrorEquals":["Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],"IntervalSeconds":2,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"TWITTERPublishTopicsTaskFailed"}],"Type":"Task","HeartbeatSeconds":900,"OutputPath":"$.Payload","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::lambda:invoke","Parameters":{"FunctionName":"", { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionADF218D4", "Arn", ], }, "","Payload.$":"$"}},"TWITTERPublishTopicsTaskFailed":{"Type":"Fail","Cause":"$.cause"}}}]}}}]},"CheckStatusTaskFailed":{"Type":"Fail","Cause":"$.cause"},"NoData":{"Type":"Fail"},"SubmitFailed":{"Type":"Fail"},"SubmitTopicTaskFailed":{"Type":"Fail","Cause":"$.cause"}}}", ], ], }, "RoleArn": { "Fn::GetAtt": [ "TestTopicOrchestrationTopicModelWFWorkflowEngineRoleC78D5F5C", "Arn", ], }, }, "Type": "AWS::StepFunctions::StateMachine", }, "TestTopicOrchestrationTopicModelWFWorkflowEngineEventsRole086D2595": { "DependsOn": [ "TestTopicOrchestrationTopicModelWFStateMachineRole30F829E0", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationTopicModelWFWorkflowEngineEventsRoleDefaultPolicyFF7DB817": { "DependsOn": [ "TestTopicOrchestrationTopicModelWFStateMachineRole30F829E0", ], "Properties": { "PolicyDocument": { "Statement": [ { "Action": "states:StartExecution", "Effect": "Allow", "Resource": { "Ref": "TestTopicOrchestrationTopicModelWFWorkflowEngineD9D94961", }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationTopicModelWFWorkflowEngineEventsRoleDefaultPolicyFF7DB817", "Roles": [ { "Ref": "TestTopicOrchestrationTopicModelWFWorkflowEngineEventsRole086D2595", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationTopicModelWFWorkflowEngineRoleC78D5F5C": { "DependsOn": [ "TestTopicOrchestrationTopicModelWFStateMachineRole30F829E0", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": { "Fn::FindInMap": [ "ServiceprincipalMap", { "Ref": "AWS::Region", }, "states", ], }, }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "TestTopicOrchestrationTopicModelWFWorkflowEngineRoleDefaultPolicy2B38430E": { "DependsOn": [ "TestTopicOrchestrationTopicModelWFStateMachineRole30F829E0", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W76", "reason": "The statemachine invokes multiple lambdas and the policy is narrowed down to the specific lambda resource arn. Hence it has multiple policy statements resulting in a higher SPCM value", }, { "id": "W12", "reason": "The "LogDelivery" actions do not support resource-level authorization", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationSubmitTopicLambdaFunctionAF8CDE7C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationSubmitTopicLambdaFunctionAF8CDE7C", "Arn", ], }, ":*", ], ], }, ], }, { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationCheckStatusLambdaFunctionA7FE15A7", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationCheckStatusLambdaFunctionA7FE15A7", "Arn", ], }, ":*", ], ], }, ], }, { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionE1F9A9BF", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicTermsLambdaFunctionE1F9A9BF", "Arn", ], }, ":*", ], ], }, ], }, { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionADF218D4", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestTopicOrchestrationTWITTERPublishTopicsLambdaFunctionADF218D4", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "TestTopicOrchestrationTopicModelWFWorkflowEngineRoleDefaultPolicy2B38430E", "Roles": [ { "Ref": "TestTopicOrchestrationTopicModelWFWorkflowEngineRoleC78D5F5C", }, ], }, "Type": "AWS::IAM::Policy", }, "TestTopicOrchestrationTopicSchedule5DE8B730": { "Properties": { "ScheduleExpression": "(5 */2 * * ? *)", "State": "ENABLED", "Targets": [ { "Arn": { "Ref": "TestTopicOrchestrationTopicModelWFWorkflowEngineD9D94961", }, "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ "TestTopicOrchestrationTopicModelWFWorkflowEngineEventsRole086D2595", "Arn", ], }, }, ], }, "Type": "AWS::Events::Rule", }, }, } `;