-
Notifications
You must be signed in to change notification settings - Fork 500
/
Copy pathcodebuild-deploy.yaml
1373 lines (1266 loc) · 53.1 KB
/
codebuild-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
AWSTemplateFormatVersion: 2010-09-09
Description: >
This template creates a CodeBuild project used to configure and deploy
the chatbot UI
Parameters:
CodeBuildName:
Type: String
Description: CodeBuild project used to configure and deploy the Lex Web UI
Default: lex-web-ui-conf-deploy
MinLength: 2
MaxLength: 255
AllowedPattern: '^[A-Za-z0-9][A-Za-z0-9\-_]{1,254}$'
ConstraintDescription: >
Should start with Alphanumeric. May contain alphanumeric, underscore
and dash.
SourceBucket:
Description: S3 bucket where the source is located
Type: String
Default: aws-bigdata-blog
SourcePrefix:
Description: Prefix key to reference yaml templates
Type: String
Default: artifacts
SourceObject:
Description: S3 object zip file containing the project source
Type: String
Default: artifacts/aws-lex-web-ui/artifacts/src.zip
CustomResourceCodeObject:
Type: String
Description: >
S3 object zip file containing Lambda custom resource functions
Default: artifacts/aws-lex-web-ui/artifacts/custom-resources.zip
InitiateChatLambdaCodeObject:
Type: String
Description: >
S3 object zip file containing Lambda custom resource functions
Default: artifacts/aws-lex-web-ui/artifacts/initiate-chat-lambda.zip
StreamingLambdaCodeObject:
Type: String
Description: >
S3 object zip file containing Lambda custom resource functions
Default: artifacts/aws-lex-web-ui/artifacts/streaming-lambda.zip
CleanupBuckets:
Type: String
Default: true
AllowedValues:
- true
- false
Description: >
If set to True, buckets and their associated data will be deleted on
CloudFormation stack delete. If set to False, S3 buckets will be retained.
ShouldEnableCognitoLogin:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to True, a menu with a login action will be displayed
in the Lex Web Ui. This feature uses Cognito User Pools with
hosted login pages. After login, the menu will switch to logout.
ShouldForceCognitoLogin:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to True, the menu with a login action will not be displayed
in the Lex Web Ui, and the Cognito login will be executed automatically.
EnableMarkdownSupport:
Type: String
Default: true
AllowedValues:
- true
- false
Description: >
If set to True, Markdown formatting in ResponseCards will be enabled.
MarkdownSupportDomains:
Type: String
Default: ''
Description: >
If enabling Markdown support, provide a space-seperated list of allowable sources
for content (images/video). Any domain not listed here will be blocked by Content Security Policy.
ReInitSessionAttributesOnRestart:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to True, session attributes sent on each request to Lex are reset. Use a value
of false, if session attributes need to be supported on subsequent Lex requests. The
default is false.
ShouldLoadIframeMinimized:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to True and running embedded as an Iframe on a web page, minimize the
LexWebUi when first launched. If set to False, the Iframe will be maximized
on the hosting page.
ShowResponseCardTitle:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to True, the ResponseCard title is displayed in the UI. When set to false,
a ResponseCard title is not displayed in the UI. Default is false. Note at the
present time this is a global setting. Should the UI need to display some form
of a title, use the optional sub-title property of a ResponseCard.
CognitoIdentityPoolId:
Type: String
Description: >
Cognito Identity Pool Id to used in the web app configuration.
MinLength: 1
MaxLength: 55
AllowedPattern: '^[\w-]+:[0-9a-f-]+$'
ConstraintDescription: >
Alphanumeric followed by a column and ending with a hex uuid type.
CognitoAppUserPoolClientId:
Type: String
Description: >
Cognito App User Pool Client Id to used in the web app configuration.
CognitoUserPoolId:
Type: String
Description: >
Cognito App User Pool Id
ConnectContactFlowId:
Type: String
Description: >
Connect Contract Flow Id
ConnectInstanceId:
Type: String
Description: >
Connect Instance Id
ConnectPromptForNameMessage:
Type: String
Description: >
Message to display prompting the user for a name
ConnectWaitForAgentMessage:
Type: String
Description: >
Message to display every message interval while waiting for an agent to connect
ConnectWaitForAgentMessageIntervalInSeconds:
Type: Number
Description: >
Interval in seconds between successive ConnectWaitForAgentMessage
ConnectLiveChatTerms:
Type: String
Description: >
Command separated list of terms that can be used to start Live Chat mode
ConnectAgentJoinedMessage:
Type: String
Description: >
Message to play when an agent joins the chat. {Agent} will be replaced with the Agent's name.
Default: "{Agent} has joined."
ConnectAgentLeftMessage:
Type: String
Description: >
Message to play when an agent leaves the chat. {Agent} will be replaced with the Agent's name.
Default: "{Agent} has left."
ConnectChatEndedMessage:
Type: String
Description: >
Message to play when a chat session has ended.
Default: "Chat ended."
ConnectAttachChatTranscript:
Type: String
Default: true
AllowedValues:
- true
- false
Description: >
Attach chat transcript as file. This only works if you enable
ConnectStartLiveChatLabel:
Type: String
Description: >
Label used in Menu to start connect live chat
Default: "Start Live Chat"
ConnectStartLiveChatIcon:
Type: String
Description: >
Icon to use in menu to start connect live chat
Default: "people_alt"
ConnectEndLiveChatLabel:
Type: String
Description: >
Label to use in menu and toolbar to end connect live chat
Default: "End Live Chat"
ConnectEndLiveChatIcon:
Type: String
Description: >
Icon to use in menu and toolbar to end connect live chat
Default: "call_end"
ConnectEndLiveChatUtterance:
Type: String
Description: >
Optional utterance to send to bot after ending a live chat session
Default: ''
ConnectTranscriptMessageDelayInMsec:
Type: Number
Description: >
Delay to insert between each transcript message send to Connect in msec.
Default: 150
ConnectTranscriptRedactRegex:
Type: String
Description: >
Optional regex used to redact entire lines in transcript sent to agent
Default: ''
LexV2BotId:
Description: >
Bot ID (not bot name) of an existing Lex V2 Bot to be used by the web ui. NOTE: You must
also enter your Bot alias ID in the LexV2BotAliasId field below.
Type: String
Default: ''
MaxLength: 50
AllowedPattern: '(^$|^[a-zA-Z0-9]+((_[a-zA-Z0-9]+)*|([a-zA-Z0-9]+_)*|_))'
ConstraintDescription: >
Must conform with the permitted Lex V2 Bot name pattern.
LexV2BotAliasId:
Description: >
Use your Lex V2 bot's alias id (not alias name) here.
Type: String
Default: ''
MinLength: 0
MaxLength: 50
AllowedPattern: '(^$|^[$a-zA-Z0-9]+((_[$a-zA-Z0-9]+)*|([$a-zA-Z0-9]+_)*|_))'
ConstraintDescription: >
Must conform with the permitted Lex V2 Alias name pattern.
LexV2BotLocaleId:
Description: >
Use your bot's locale id here. By default this is en_US. Lex V2 supported values are
en_AU, en_GB, es_419, es_ES, es_US, fr_CA, fr_FR, it_IT.
See "https://docs.aws.amazon.com/lexv2/latest/dg/lex2.0.pdf"
for details on supported languages and locales.
Type: String
Default: 'en_US'
MinLength: 2
MaxLength: 50
BotName:
Description: >
Name of an existing Lex Bot to be used by the web ui. NOTE: You must
also enter your published bot alias in the BotAlias field below.
(If BotName is left empty, a Bot based on the OrderFlowers sample will be
automatically created.)
Type: String
Default: ''
MinLength: 0
MaxLength: 50
BotAlias:
Description: >
WARNING: For production deployments, use your bot's published alias here.
The $LATEST alias should only be used for manual testing. Amazon Lex limits
the number of runtime requests that you can make to the $LATEST version of
the bot.
Type: String
Default: '$LATEST'
MinLength: 2
MaxLength: 50
AllowedPattern: '(^$|^[$a-zA-Z]+((_[$a-zA-Z]+)*|([$a-zA-Z]+_)*|_))'
ConstraintDescription: >
Must conform with the permitted Lex Alias name pattern.
ParentOrigin:
Type: String
Description: >
Browser origin (e.g. http://mysite.example.com:8080) of an
existing site that is allowed to send/receive data and events
from the web ui in an iframe setup. This is an optional
parameter. If left empty, an S3 bucket will be created to
host a sample parent site embedding the webapp as an iframe.
AllowedPattern: '(^$|^https?://[\w\.-]+(:\d+)?$)'
ConstraintDescription: Empty or valid browser origin
WebAppConfBotInitialText:
Type: String
Default: >
You can ask me for help ordering flowers. Just type "Buy
flowers" or click on the mic and say it.
Description: First bot message displayed in the chatbot UI
WebAppConfBotInitialSpeech:
Type: String
Default: Say 'Buy Flowers' to get started.
Description: >
Message spoken by bot when the microphone is first pressed
in a conversation
WebAppConfBotInitialUtterance:
Type: String
Default: ''
Description: >
Text to use to send as first utterance to bot
WebAppConfNegativeFeedback:
Type: String
Default: Thumbs down
Description: >
This optional parameter defines the message to be sent by the user upon pressing
a feedback button signaling a negative feedback.
If left empty feedback buttons will be disabled on the UI.
WebAppConfPositiveFeedback:
Type: String
Default: Thumbs up
Description: >
This optional parameter defines the message to be sent by the user upon pressing
a feedback button signaling a positive feedback.
If left empty feedback buttons will be disabled on the UI.
WebAppConfHelp:
Type: String
Default: Help
Description: >
This is an optional parameter, when defined with a value, a help button will display on the chat bot toolbar.
When pressed the button will send the entered string to the bot as a help message. If left empty
the help button will be disabled.
WebAppConfToolbarTitle:
Type: String
Default: Order Flowers
Description: Title displayed in the chatbot UI toolbar
WebAppConfCname:
Type: String
Default: ""
Description: This optional parameter allows a single CNAME to be defined and used as an alias to
the cloudfront distribution that is created by this template. If a CNAME is provided, a
WebAppAcmCertificateArn must also be provided.
WebAppAcmCertificateArn:
Type: String
Default: ""
Description: This optional parameter allows a AcmCertificateArn to be provided for use in the Cloudfront
distribution created by this template. if a AcmCertificateArn is provided, a WebAppConfCname must also
be provided.
WebAppWafAclArn:
Type: String
Default: ""
Description: This optional parameter allows a AWS WAF web ACL to be specified in ARN formation. This supports
AWS WAF V2.
SaveHistory:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
This is an optional parameter, if set to True, the history of the chat is maintained over sessions.
A item to clean the chat will appear at the menu.
ShouldEnableLiveChat:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
This is an optional parameter, if set to True, the AWS Connect live Chat functionality will be available.
A item to start a live chat will appear at the menu.
HideButtonMessageBubble:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to true, hide the message bubble on a response card button press
MessageMenu:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to true, each message will have an additional clickable menu on
messages sent to the bot allowing you to repeat that message.
BackButton:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to true, will show a back button to go back to a previous message.
MinimizedButtonContent:
Type: String
Default: ''
Description: >
This is an optional parameter, if populated will display provided text when chat window is minimized.
retryOnLexPostTextTimeout:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
When set to true, operations against the Lex PostText API that result in a timeout
will be retried up the the defined retry count. This is useful to enable if 30 second
timeouts in Lex are frequently observed and subsequent operations will must likely succeed.
retryCountPostTextTimeout:
Type: Number
Default: 1
Description: >
Defines the number of times the lex-web-ui will retry the Lex post text API operation when an exception
is detected.
Timestamp:
Type: Number
Description: >
This is a required parameter. It defines a timestamp allow the codebuild to execute as long as the
timestamp from master.yaml varies.
ResourcePrefix:
Type: String
Description: >
This will be a prefix for resources that must have unique names.
## CSS Configuration Options
MessageTextColor:
Type: String
Default: ''
Description: >
Optional parameter, leave empty to retain previous settings.
Sets the color of the message text, can be a valid CSS color or Hex value
MessageFont:
Type: String
Default: ''
Description: >
Sets the font style of the messages sent by the agent and customer
ChatBackgroundColor:
Type: String
Default: ''
Description: >
Optional parameter, leave empty to retain previous settings.
Sets the background color of the message area, can be a valid CSS color or Hex value
ToolbarColor:
Type: String
Default: ''
Description: >
Optional parameter, leave empty to retain previous settings.
Sets the background color of the toolbar, can be a valid CSS color or Hex value
BotChatBubble:
Type: String
Default: ''
Description: >
Optional parameter, leave empty to retain previous settings.
Sets the background color of the bubble for the bot, can be a valid CSS color or Hex value
CustomerChatBubble:
Type: String
Default: ''
Description: >
Optional parameter, leave empty to retain previous settings.
Sets the background color of the bubble for the customer, can be a valid CSS color or Hex value.
MinimizedButtonColor:
Type: String
Default: ''
Description: >
Optional parameter, leave empty to retain previous settings.
Sets the background color of the button displayed when the chat is minimized, can be a valid CSS color or Hex value.
TitleLogoImgUrl:
Type: String
Default: ''
Description: >
This is an optional parameter, when set to an image URL that is accessible by the application it will
display the image left of the toolbar title. Image must be formatted to the correct size for display.
BotAvatarImgUrl:
Type: String
Default: ''
Description: >
This is an optional parameter, when set to an image URL that is accessible by the application it will
display on the left of all bot messages
AllowStreamingResponses:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to True, a websocket API Gateway will be established and messages will be sent to this web socket
in addition to the Lex bot directly.
StreamingWebSocketEndpoint:
Type: String
Default: ''
Description: >
If you have an existing WebSocket API Gateway endpoint, you can specify it using this parameter. This requires parameter AllowStreamingResponses set to True.
ShouldEnableUpload:
Type: String
Default: false
AllowedValues:
- true
- false
Description: >
If set to True, the upload document functionality will be available. The icon for uploading documents
will appear in the UI.
UploadBucket:
Type: String
Default: ''
Description: >
If enabling upload, the name of the S3 bucket where uploaded documents should be stored
VpcSubnetId:
Type: String
Default: ''
Description: ID of a VPC subnet where all Lambda functions will run, only used if you need Lambda to run in a VPC
VpcSecurityGroupId:
Type: String
Default: ''
Description: ID of a security group where all Lambda functions will run, only used if you need Lambda to run in a VPC
Conditions:
NeedsParentOrigin: !Equals [!Ref ParentOrigin, '']
ShouldCleanupBuckets: !Equals [!Ref CleanupBuckets, true]
EnableLiveChat: !Equals [!Ref ShouldEnableLiveChat, true]
UseDefaultCloudfrontUrl: !Or [ !Equals [!Ref WebAppConfCname, ''], !Equals [!Ref WebAppAcmCertificateArn, ''] ]
ShouldNotSpecifyWafAcl: !Equals [!Ref WebAppWafAclArn, '']
EnableStreaming: !Equals [!Ref AllowStreamingResponses, true]
DeployStreamingStack: !And [!Equals [!Ref AllowStreamingResponses, true], !Equals [!Ref StreamingWebSocketEndpoint, ""]]
EnableUpload: !Equals [!Ref ShouldEnableUpload, true]
NeedsVpc: !And [ !Not [ !Equals [!Ref VpcSubnetId, ''] ], !Not [ !Equals [!Ref VpcSecurityGroupId, ''] ] ]
Resources:
# Bucket where S3 access logs are stored
S3ServerAccessLogs:
Type: AWS::S3::Bucket
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Properties:
VersioningConfiguration:
Status: Enabled
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
# Bucket where the web app is deployed
WebAppBucket:
Type: AWS::S3::Bucket
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Properties:
WebsiteConfiguration:
IndexDocument: index.html
VersioningConfiguration:
Status: Enabled
LoggingConfiguration:
DestinationBucketName: !Ref S3ServerAccessLogs
LogFilePrefix: "webappbucket/"
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
CorsConfiguration:
!If
- NeedsParentOrigin
- !Ref AWS::NoValue
- CorsRules:
- AllowedMethods:
- GET
AllowedOrigins:
- !Ref ParentOrigin
S3ServerAccessLogsBucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket:
Ref: "S3ServerAccessLogs"
PolicyDocument:
Statement:
- Effect: "Allow"
Action:
- "s3:PutObject"
Resource:
- !Sub "arn:aws:s3:::${S3ServerAccessLogs}/*"
Principal:
Service: "logging.s3.amazonaws.com"
Condition:
ArnLike:
aws:SourceArn:
- !Sub "arn:aws:s3:::${WebAppBucket}"
StringEquals:
aws:SourceAccount:
- !Sub "${AWS::AccountId}"
# Bucket for CloudFrontDistributionLogs
LexWebUiCloudFrontDistributionLogsBucket:
Type: AWS::S3::Bucket
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Properties:
OwnershipControls:
Rules:
- ObjectOwnership: BucketOwnerPreferred
VersioningConfiguration:
Status: Enabled
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
WebAppBucketOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Sub "access-identity-${WebAppBucket}"
WebAppBucketBucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket:
Ref: "WebAppBucket"
PolicyDocument:
Statement:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource:
- !Sub "arn:aws:s3:::${WebAppBucket}/*"
Principal:
CanonicalUser: !GetAtt WebAppBucketOriginAccessIdentity.S3CanonicalUserId
LexWebUIResponseHeaderPolicy:
Type : "AWS::CloudFront::ResponseHeadersPolicy"
Properties:
ResponseHeadersPolicyConfig:
Comment: "Response header policy for LexWebUI"
Name: !Join ["-", [!Ref ResourcePrefix, "LexWebUIResponseHeaderPolicy"]]
CorsConfig:
AccessControlAllowOrigins:
Items:
- !If
- NeedsParentOrigin
- "*"
- !Ref ParentOrigin
AccessControlAllowHeaders:
Items:
- "*"
AccessControlAllowMethods:
Items:
- "GET"
AccessControlAllowCredentials: False
AccessControlMaxAgeSec: 600
OriginOverride: true
SecurityHeadersConfig:
XSSProtection:
Override: False
Protection: True
ModeBlock: True
ReferrerPolicy:
Override: False
ReferrerPolicy: "strict-origin-when-cross-origin"
ContentTypeOptions:
Override: false
StrictTransportSecurity:
Override: False
IncludeSubdomains: True
Preload: False
AccessControlMaxAgeSec: 47304000
LexWebUiDistribution:
Type: AWS::CloudFront::Distribution
DependsOn:
- WebAppBucket
Properties:
DistributionConfig:
Origins:
- DomainName: !Sub "${WebAppBucket}.s3.${AWS::Region}.amazonaws.com"
S3OriginConfig:
OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${WebAppBucketOriginAccessIdentity}"
Id: webuiorigin
Enabled: True
Comment: cloudfront distribution for lex-web-ui
DefaultRootObject: index.html
Logging:
Bucket: !GetAtt LexWebUiCloudFrontDistributionLogsBucket.DomainName
IncludeCookies: True
Prefix: "lexwebui/"
CustomErrorResponses:
# Send errors to index file
# TODO move TTL to mapping or parameter
- ErrorCachingMinTTL: 300
ErrorCode: 403
ResponseCode: 200
ResponsePagePath: /index.html
- ErrorCachingMinTTL: 300
ErrorCode: 404
ResponseCode: 200
ResponsePagePath: /index.html
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
- OPTIONS
CachedMethods:
- GET
- HEAD
- OPTIONS
Compress: true
TargetOriginId: webuiorigin
CachePolicyId: "658327ea-f89d-4fab-a63d-7e88639e58f6"
OriginRequestPolicyId: "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf"
ViewerProtocolPolicy: redirect-to-https
ResponseHeadersPolicyId: !GetAtt LexWebUIResponseHeaderPolicy.Id
Aliases:
!If
- UseDefaultCloudfrontUrl
- !Ref AWS::NoValue
- [ !Ref WebAppConfCname ]
ViewerCertificate:
!If
- UseDefaultCloudfrontUrl
- CloudFrontDefaultCertificate: true
- AcmCertificateArn: !Ref WebAppAcmCertificateArn
MinimumProtocolVersion: TLSv1.2_2018
SslSupportMethod: sni-only
WebACLId:
!If
- ShouldNotSpecifyWafAcl
- !Ref AWS::NoValue
- !Ref WebAppWafAclArn
HttpVersion: http2
IPV6Enabled: true
RestApi:
Type: AWS::CloudFormation::Stack
Condition: EnableLiveChat
Properties:
TimeoutInMinutes: 15
TemplateURL: !Sub "https://${SourceBucket}.s3.${AWS::Region}.amazonaws.com/${SourcePrefix}/templates/restapi.yaml"
Parameters:
ParentStackName: !Ref "AWS::StackName"
SourceBucket: !Ref SourceBucket
InitiateChatLambdaCodeObject: !Ref InitiateChatLambdaCodeObject
ConnectContactFlowId: !Ref ConnectContactFlowId
ConnectInstanceId: !Ref ConnectInstanceId
VpcSubnetId: !Ref VpcSubnetId
VpcSecurityGroupId: !Ref VpcSecurityGroupId
ParentOrigin:
!If
- UseDefaultCloudfrontUrl
- !Sub "https://${LexWebUiDistribution.DomainName}"
- !Sub "https://${WebAppConfCname}"
StreamingSupport:
Type: AWS::CloudFormation::Stack
Condition: DeployStreamingStack
Properties:
TimeoutInMinutes: 15
TemplateURL: !Sub "https://${SourceBucket}.s3.${AWS::Region}.amazonaws.com/${SourcePrefix}/templates/streaming-support.yaml"
Parameters:
ParentStackName: !Ref "AWS::StackName"
SourceBucket: !Ref SourceBucket
StreamingLambdaCodeObject: !Ref StreamingLambdaCodeObject
TableName: !Join ["-", [!Ref "AWS::StackName", "streaming"]]
VpcSubnetId: !Ref VpcSubnetId
VpcSecurityGroupId: !Ref VpcSecurityGroupId
ParentOrigin:
!If
- UseDefaultCloudfrontUrl
- !Sub "https://${LexWebUiDistribution.DomainName}"
- !Sub "https://${WebAppConfCname}"
CodeBuild:
Type: AWS::CodeBuild::Project
Properties:
Name: !Ref CodeBuildName
Description: Used to configure and deploy the Lex Web UI
Artifacts:
Type: NO_ARTIFACTS
Environment:
Type: LINUX_CONTAINER
Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: BUILD_TYPE
Value: dist
- Name: POOL_ID
Value: !Ref CognitoIdentityPoolId
- Name: CONNECT_CONTACT_FLOW_ID
Value: !Ref ConnectContactFlowId
- Name: CONNECT_INSTANCE_ID
Value: !Ref ConnectInstanceId
- Name: CONNECT_API_GATEWAY_ENDPOINT
Value: !If [EnableLiveChat, !Sub "https://${RestApi.Outputs.RestApiId}.execute-api.${AWS::Region}.amazonaws.com/Prod/livechat", ""]
- Name: CONNECT_PROMPT_FOR_NAME_MESSAGE
Value: !Ref ConnectPromptForNameMessage
- Name: CONNECT_WAIT_FOR_AGENT_MESSAGE
Value: !Ref ConnectWaitForAgentMessage
- Name: CONNECT_WAIT_FOR_AGENT_MESSAGE_INTERVAL_IN_SECONDS
Value: !Ref ConnectWaitForAgentMessageIntervalInSeconds
- Name: CONNECT_LIVE_CHAT_TERMS
Value: !Ref ConnectLiveChatTerms
- Name: CONNECT_AGENT_JOINED_MESSAGE
Value: !Ref ConnectAgentJoinedMessage
- Name: CONNECT_AGENT_LEFT_MESSAGE
Value: !Ref ConnectAgentLeftMessage
- Name: CONNECT_CHAT_ENDED_MESSAGE
Value: !Ref ConnectChatEndedMessage
- Name: CONNECT_ATTACH_CHAT_TRANSCRIPT
Value: !Ref ConnectAttachChatTranscript
- Name: CONNECT_START_LIVE_CHAT_LABEL
Value: !Ref ConnectStartLiveChatLabel
- Name: CONNECT_START_LIVE_CHAT_ICON
Value: !Ref ConnectStartLiveChatIcon
- Name: CONNECT_END_LIVE_CHAT_LABEL
Value: !Ref ConnectEndLiveChatLabel
- Name: CONNECT_END_LIVE_CHAT_ICON
Value: !Ref ConnectEndLiveChatIcon
- Name: CONNECT_END_LIVE_CHAT_UTTERANCE
Value: !Ref ConnectEndLiveChatUtterance
- Name: CONNECT_TRANSCRIPT_MESSAGE_DELAY_IN_MSEC
Value: !Ref ConnectTranscriptMessageDelayInMsec
- Name: CONNECT_TRANSCRIPT_REDACT_REGEX
Value: !Ref ConnectTranscriptRedactRegex
- Name: APP_USER_POOL_CLIENT_ID
Value: !Ref CognitoAppUserPoolClientId
- Name: APP_USER_POOL_NAME
Value: !Ref CognitoUserPoolId
- Name: WEBAPP_BUCKET
Value: !Ref WebAppBucket
- Name: AWS_DEFAULT_REGION
Value: !Sub "${AWS::Region}"
- Name: V2_BOT_ID
Value: !Ref LexV2BotId
- Name: V2_BOT_ALIAS_ID
Value: !Ref LexV2BotAliasId
- Name: V2_BOT_LOCALE_ID
Value: !Ref LexV2BotLocaleId
- Name: BOT_NAME
Value: !Ref BotName
- Name: BOT_ALIAS
Value: !Ref BotAlias
- Name: BOT_INITIAL_TEXT
Value: !Ref WebAppConfBotInitialText
- Name: BOT_INITIAL_SPEECH
Value: !Ref WebAppConfBotInitialSpeech
- Name: BOT_INITIAL_UTTERANCE
Value: !Ref WebAppConfBotInitialUtterance
- Name: NEGATIVE_INTENT
Value: !Ref WebAppConfNegativeFeedback
- Name: POSITIVE_INTENT
Value: !Ref WebAppConfPositiveFeedback
- Name: HELP_INTENT
Value: !Ref WebAppConfHelp
- Name: HIDE_BUTTON_MESSAGE_BUBBLE
Value: !Ref HideButtonMessageBubble
- Name: MESSAGE_MENU
Value: !Ref MessageMenu
- Name: BACK_BUTTON
Value: !Ref BackButton
- Name: MIN_BUTTON_CONTENT
Value: !Ref MinimizedButtonContent
- Name: UI_TOOLBAR_TITLE
Value: !Ref WebAppConfToolbarTitle
- Name: ENABLE_LOGIN
Value: !Ref ShouldEnableCognitoLogin
- Name: FORCE_LOGIN
Value: !Ref ShouldForceCognitoLogin
- Name: REINIT_SESSION_ATTRIBUTES_ON_RESTART
Value: !Ref ReInitSessionAttributesOnRestart
- Name: ENABLE_MARKDOWN_SUPPORT
Value: !Ref EnableMarkdownSupport
- Name: IFRAME_LOAD_MINIMIZED
Value: !Ref ShouldLoadIframeMinimized
- Name: SHOW_RESPONSE_CARD_TITLE
Value: !Ref ShowResponseCardTitle
- Name: PARENT_ORIGIN
Value: !If
- NeedsParentOrigin
- !Sub "https://${LexWebUiDistribution.DomainName}"
- !Ref ParentOrigin
- Name: IFRAME_ORIGIN
Value: !Sub "https://${LexWebUiDistribution.DomainName}"
- Name: WEBAPP_BUCKET_REGIONALDOMAINNAME
Value: !Sub "${WebAppBucket.RegionalDomainName}"
- Name: CLOUDFRONT_DOMAIN
Value: !Sub "${LexWebUiDistribution.DomainName}"
- Name: SAVE_HISTORY
Value: !Ref SaveHistory
- Name: ENABLE_LIVE_CHAT
Value: !Ref ShouldEnableLiveChat
- Name: BOT_RETRY_ON_LEX_POST_TEXT_TIMEOUT
Value: !Ref retryOnLexPostTextTimeout
- Name: BOT_RETRY_COUNT_POST_TEXT_TIMEOUT
Value: !Ref retryCountPostTextTimeout
- Name: TIMESTAMP
Value: !Ref Timestamp
- Name: MESSAGE_TEXT_COLOR
Value: !Ref MessageTextColor
- Name: MESSAGE_FONT
Value: !Ref MessageFont
- Name: CHAT_BACKGROUND_COLOR
Value: !Ref ChatBackgroundColor
- Name: TOOLBAR_COLOR
Value: !Ref ToolbarColor
- Name: AGENT_CHAT_BUBBLE
Value: !Ref BotChatBubble
- Name: CUSTOMER_CHAT_BUBBLE
Value: !Ref CustomerChatBubble
- Name: MINIMIZED_BUTTON_COLOR
Value: !Ref MinimizedButtonColor
- Name: UI_TOOLBAR_LOGO
Value: !Ref TitleLogoImgUrl
- Name: BOT_AVATAR_IMG_URL
Value: !Ref BotAvatarImgUrl
- Name: ALLOW_STREAMING_RESPONSES
Value: !Ref AllowStreamingResponses
- Name: STREAMING_WEB_SOCKET_ENDPOINT
Value: !If [DeployStreamingStack, !Sub "wss://${StreamingSupport.Outputs.WebSocketId}.execute-api.${AWS::Region}.amazonaws.com/Prod", !If [EnableStreaming, !Ref StreamingWebSocketEndpoint, ""]]
- Name: STREAMING_DYNAMO_TABLE
Value: !If [DeployStreamingStack, !Sub "${StreamingSupport.Outputs.DynamoTableName}", ""]
- Name: ENABLE_UPLOAD
Value: !Ref ShouldEnableUpload
- Name: UPLOAD_BUCKET_NAME
Value: !Ref UploadBucket
ServiceRole: !GetAtt CodeBuildRole.Arn
TimeoutInMinutes: 10
Source:
Type: S3
Location: !Sub "${SourceBucket}/${SourceObject}"
BuildSpec: !Sub |
version: 0.1
phases:
pre_build:
commands:
- aws configure set region "$AWS_DEFAULT_REGION"
- make load-current-config
- npm install
- make config
post_build:
commands: