nivleshc/cfn-amazon-connect-create-lambda-dynamodbTable.yml

## cfn-amazon-connect-create-lambda-dynamodbTable.yml
AWSTemplateFormatVersion: "2010-09-09"
Description: Template for deploying Amazon DynamoDB and AWS Lambda functions that will be used by the Amazon Connect instance

Parameters:
  authorisedUsersTablename:
    Description: Name of the Amazon DynamoDB Table that will be created to store phone numbers for approved callers to Amazon Connect
    Type: String
    Default: amzn-connect-authorisedUsers
  DynamoDBBillingMode:
    Description: Billing mode to be used for authorisedUsers Amazon DynamoDB Table
    Type: String
    AllowedValues: [PAY_PER_REQUEST]

Resources:
  authoriseCallerLambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: "/"
      Policies:
      - PolicyName: logsStreamAccess
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            Resource: arn:aws:logs:*:*:*
      - PolicyName: DynamoDBAccess
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - dynamodb:Query
            Resource: !GetAtt authorisedUsersTable.Arn

  getInstanceStatusLambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: "/"
      Policies:
      - PolicyName: logsStreamAccess
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            Resource: arn:aws:logs:*:*:*
      - PolicyName: EC2DescribeAccess
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - "ec2:Describe*"
            Resource: "*"

  authoriseCallerFunctionPolicy:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt
        - authoriseCaller
        - Arn
      Principal: connect.amazonaws.com

  getInstanceStatusFunctionPolicy:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt
        - getInstanceStatus
        - Arn
      Principal: connect.amazonaws.com

  authorisedUsersTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: !Ref authorisedUsersTablename
      AttributeDefinitions:
        - AttributeName: phoneNumber
          AttributeType: S
      KeySchema:
        - AttributeName: phoneNumber
          KeyType: HASH
      BillingMode: !Ref DynamoDBBillingMode

  authoriseCaller:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: "amzn-connect-authoriseCaller"
      Description: "This function checks if the caller is authorised to use the Amazon Connect Service"
      Handler: index.lambda_handler
      Runtime: python3.6
      Role: !GetAtt 'authoriseCallerLambdaExecutionRole.Arn'
      Environment:
        Variables:
          AUTHORISEDUSERSTABLE: !Ref authorisedUsersTable
      Code:
        ZipFile: |
          import boto3
          import os
          from boto3.dynamodb.conditions import Key, Attr

          def lambda_handler(event, context):
              print("event:",event)
              print("context:",context)

              authorisedUsersTable = os.environ['AUTHORISEDUSERSTABLE']
              callerID = event["Details"]["ContactData"]["CustomerEndpoint"]["Address"]

              #Establish connection to dynamoDB and retrieve table
              dynamodb = boto3.resource('dynamodb')
              table = dynamodb.Table(authorisedUsersTable)

              response = table.query(KeyConditionExpression=Key('phoneNumber').eq(callerID))

              if (len(response['Items']) > 0):
                  firstName = response['Items'][0]['firstName']
                  lastName  = response['Items'][0]['lastName']
              else:
                  firstName = 'unauthorised'
                  lastName = 'unauthorised'

              callerDetails = {
                  'phoneNumber' : callerID,
                  'firstName'   : firstName,
                  'lastName'    : lastName
              }

              print("CallerDetails:",str(callerDetails))
              return callerDetails

  getInstanceStatus:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: "amzn-connect-getInstanceStatus"
      Description: "This function checks and reports the number of EC2 instances that are running and stopped in the AWS region where this AWS Lambda function is running"
      Handler: index.lambda_handler
      Runtime: python3.6
      Role: !GetAtt 'getInstanceStatusLambdaExecutionRole.Arn'
      Code:
        ZipFile: |
          import boto3

          def lambda_handler(event, context):
              print("event:",event)
              print("context",context)
              ec2 = boto3.client("ec2")
              ec2_status_running = ec2.describe_instances(
                  Filters=[
                      {
                        'Name':'instance-state-name',
                        'Values':['running']
                      }
                  ]
              )

              ec2_status_running = ec2.describe_instances(
                  Filters=[
                      {
                        'Name':'instance-state-name',
                        'Values':['running']
                      }
                  ]
              )

              ec2_status_stopped = ec2.describe_instances(
                  Filters=[
                      {
                        'Name':'instance-state-name',
                        'Values':['stopped']
                      }
                  ]
              )
              num_ec2_running = len(ec2_status_running['Reservations'])
              num_ec2_stopped = len(ec2_status_stopped['Reservations'])

              result = {
                  'numberEC2Running': num_ec2_running,
                  'numberEC2Stopped': num_ec2_stopped
              }

              print("Number of EC2 instances running:",num_ec2_running)
              print("Number of EC2 instances stopped:",num_ec2_stopped)

              return result
	AWSTemplateFormatVersion: "2010-09-09"
	Description: Template for deploying Amazon DynamoDB and AWS Lambda functions that will be used by the Amazon Connect instance

	Parameters:
	authorisedUsersTablename:
	Description: Name of the Amazon DynamoDB Table that will be created to store phone numbers for approved callers to Amazon Connect
	Type: String
	Default: amzn-connect-authorisedUsers
	DynamoDBBillingMode:
	Description: Billing mode to be used for authorisedUsers Amazon DynamoDB Table
	Type: String
	AllowedValues: [PAY_PER_REQUEST]

	Resources:
	authoriseCallerLambdaExecutionRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: "/"
	Policies:
	- PolicyName: logsStreamAccess
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- logs:CreateLogGroup
	- logs:CreateLogStream
	- logs:PutLogEvents
	Resource: arn:aws:logs:::*
	- PolicyName: DynamoDBAccess
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- dynamodb:Query
	Resource: !GetAtt authorisedUsersTable.Arn

	getInstanceStatusLambdaExecutionRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: "/"
	Policies:
	- PolicyName: logsStreamAccess
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- logs:CreateLogGroup
	- logs:CreateLogStream
	- logs:PutLogEvents
	Resource: arn:aws:logs:::*
	- PolicyName: EC2DescribeAccess
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- "ec2:Describe*"
	Resource: "*"

	authoriseCallerFunctionPolicy:
	Type: AWS::Lambda::Permission
	Properties:
	Action: lambda:InvokeFunction
	FunctionName: !GetAtt
	- authoriseCaller
	- Arn
	Principal: connect.amazonaws.com

	getInstanceStatusFunctionPolicy:
	Type: AWS::Lambda::Permission
	Properties:
	Action: lambda:InvokeFunction
	FunctionName: !GetAtt
	- getInstanceStatus
	- Arn
	Principal: connect.amazonaws.com

	authorisedUsersTable:
	Type: AWS::DynamoDB::Table
	Properties:
	TableName: !Ref authorisedUsersTablename
	AttributeDefinitions:
	- AttributeName: phoneNumber
	AttributeType: S
	KeySchema:
	- AttributeName: phoneNumber
	KeyType: HASH
	BillingMode: !Ref DynamoDBBillingMode

	authoriseCaller:
	Type: AWS::Lambda::Function
	Properties:
	FunctionName: "amzn-connect-authoriseCaller"
	Description: "This function checks if the caller is authorised to use the Amazon Connect Service"
	Handler: index.lambda_handler
	Runtime: python3.6
	Role: !GetAtt 'authoriseCallerLambdaExecutionRole.Arn'
	Environment:
	Variables:
	AUTHORISEDUSERSTABLE: !Ref authorisedUsersTable
	Code:
	ZipFile: \|
	import boto3
	import os
	from boto3.dynamodb.conditions import Key, Attr

	def lambda_handler(event, context):
	print("event:",event)
	print("context:",context)

	authorisedUsersTable = os.environ['AUTHORISEDUSERSTABLE']
	callerID = event["Details"]["ContactData"]["CustomerEndpoint"]["Address"]

	#Establish connection to dynamoDB and retrieve table
	dynamodb = boto3.resource('dynamodb')
	table = dynamodb.Table(authorisedUsersTable)

	response = table.query(KeyConditionExpression=Key('phoneNumber').eq(callerID))

	if (len(response['Items']) > 0):
	firstName = response['Items'][0]['firstName']
	lastName = response['Items'][0]['lastName']
	else:
	firstName = 'unauthorised'
	lastName = 'unauthorised'

	callerDetails = {
	'phoneNumber' : callerID,
	'firstName' : firstName,
	'lastName' : lastName
	}

	print("CallerDetails:",str(callerDetails))
	return callerDetails

	getInstanceStatus:
	Type: AWS::Lambda::Function
	Properties:
	FunctionName: "amzn-connect-getInstanceStatus"
	Description: "This function checks and reports the number of EC2 instances that are running and stopped in the AWS region where this AWS Lambda function is running"
	Handler: index.lambda_handler
	Runtime: python3.6
	Role: !GetAtt 'getInstanceStatusLambdaExecutionRole.Arn'
	Code:
	ZipFile: \|
	import boto3

	def lambda_handler(event, context):
	print("event:",event)
	print("context",context)
	ec2 = boto3.client("ec2")
	ec2_status_running = ec2.describe_instances(
	Filters=[
	{
	'Name':'instance-state-name',
	'Values':['running']
	}
	]
	)

	ec2_status_running = ec2.describe_instances(
	Filters=[
	{
	'Name':'instance-state-name',
	'Values':['running']
	}
	]
	)

	ec2_status_stopped = ec2.describe_instances(
	Filters=[
	{
	'Name':'instance-state-name',
	'Values':['stopped']
	}
	]
	)
	num_ec2_running = len(ec2_status_running['Reservations'])
	num_ec2_stopped = len(ec2_status_stopped['Reservations'])

	result = {
	'numberEC2Running': num_ec2_running,
	'numberEC2Stopped': num_ec2_stopped
	}

	print("Number of EC2 instances running:",num_ec2_running)
	print("Number of EC2 instances stopped:",num_ec2_stopped)

	return result