forked from aws-samples/aws-lex-web-ui
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlexbot.yaml
150 lines (142 loc) · 6.05 KB
/
lexbot.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
AWSTemplateFormatVersion: 2010-09-09
Description: >
This template creates a Lex bot and associated resources.
It uses a custom resource to read the bot definition from a file.
Parameters:
NamePrefix:
Type: String
Description: Prefix to add to Lex resource names
Default: WebUi
MinLength: 3
MaxLength: 32
AllowedPattern: '^[a-zA-Z\._]+$'
ConstraintDescription: >
Must conform with the permitted Lex Bot name pattern.
CustomResourceCodeBucket:
Description: S3 bucket where the Lambda bundle is located
Type: String
Default: aws-bigdata-blog
CustomResourceCodeObject:
Type: String
Description: >
S3 object zip file containing Lambda custom resource functions
Default: artifacts/aws-lex-web-ui/artifacts/custom-resources.zip
ShouldDeleteBot:
Type: String
Default: true
AllowedValues:
- true
- false
Description: >
If set to True, the Lex bot and associated resources will
be deleted when the stack is deleted. Otherwise, the bot
will be preserved.
Resources:
# custom resource to start code build project
LexBot:
Type: Custom::LexBot
Properties:
ServiceToken: !GetAtt LexBotLambda.Arn
NamePrefix: !Ref NamePrefix
ShouldDelete: !Ref ShouldDeleteBot
# Lambda function for custom resource
LexBotLambda:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Ref CustomResourceCodeBucket
S3Key: !Ref CustomResourceCodeObject
Handler: lex-manager.handler
Role: !GetAtt LexBotLambdaRole.Arn
Runtime: python3.8
Timeout: 300
TracingConfig:
Mode: Active
LexBotLambdaRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Principal:
Service:
- lambda.amazonaws.com
Effect: Allow
Action:
- sts:AssumeRole
Policies:
- PolicyName: LogsForLambda
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*"
- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*"
- PolicyName: LexGetLists
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- lex:GetBots
- lex:GetBotAliases
- lex:GetIntents
- lex:GetSlotTypes
Resource:
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:bot:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:intent:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:*"
- PolicyName: LexGet
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- lex:Get*
Resource:
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:bot:${NamePrefix}*:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:intent:${NamePrefix}*:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:${NamePrefix}*:*"
- PolicyName: LexMutating
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- lex:Put*
- lex:Delete*
Resource:
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:bot:${NamePrefix}*:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:intent:${NamePrefix}*:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:*"
- !Sub "arn:aws:lex:${AWS::Region}:${AWS::AccountId}:slottype:${NamePrefix}*:*"
- PolicyName: XRay
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- xray:PutTraceSegments
- xray:PutTelemetryRecords
Resource: "*"
- PolicyName: AllowVPCSupport
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ec2:DescribeNetworkInterfaces
- ec2:CreateNetworkInterface
- ec2:DeleteNetworkInterface
Resource: "*"
Outputs:
BotName:
Description: Lex Bot Name
Value: !Sub "${LexBot.BotName}"