Created
October 10, 2019 13:04
-
-
Save nivleshc/926259dbbab22dd4890e0708cf488983 to your computer and use it in GitHub Desktop.
This AWS CloudFormation template deploys an Amazon DynamoDB Table and two AWS Lambda functions. These will be used by the Amazon Connect instance.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: Template for deploying Amazon DynamoDB and AWS Lambda functions that will be used by the Amazon Connect instance | |
Parameters: | |
authorisedUsersTablename: | |
Description: Name of the Amazon DynamoDB Table that will be created to store phone numbers for approved callers to Amazon Connect | |
Type: String | |
Default: amzn-connect-authorisedUsers | |
DynamoDBBillingMode: | |
Description: Billing mode to be used for authorisedUsers Amazon DynamoDB Table | |
Type: String | |
AllowedValues: [PAY_PER_REQUEST] | |
Resources: | |
authoriseCallerLambdaExecutionRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- lambda.amazonaws.com | |
Action: | |
- sts:AssumeRole | |
Path: "/" | |
Policies: | |
- PolicyName: logsStreamAccess | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Action: | |
- logs:CreateLogGroup | |
- logs:CreateLogStream | |
- logs:PutLogEvents | |
Resource: arn:aws:logs:*:*:* | |
- PolicyName: DynamoDBAccess | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Action: | |
- dynamodb:Query | |
Resource: !GetAtt authorisedUsersTable.Arn | |
getInstanceStatusLambdaExecutionRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- lambda.amazonaws.com | |
Action: | |
- sts:AssumeRole | |
Path: "/" | |
Policies: | |
- PolicyName: logsStreamAccess | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Action: | |
- logs:CreateLogGroup | |
- logs:CreateLogStream | |
- logs:PutLogEvents | |
Resource: arn:aws:logs:*:*:* | |
- PolicyName: EC2DescribeAccess | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Action: | |
- "ec2:Describe*" | |
Resource: "*" | |
authoriseCallerFunctionPolicy: | |
Type: AWS::Lambda::Permission | |
Properties: | |
Action: lambda:InvokeFunction | |
FunctionName: !GetAtt | |
- authoriseCaller | |
- Arn | |
Principal: connect.amazonaws.com | |
getInstanceStatusFunctionPolicy: | |
Type: AWS::Lambda::Permission | |
Properties: | |
Action: lambda:InvokeFunction | |
FunctionName: !GetAtt | |
- getInstanceStatus | |
- Arn | |
Principal: connect.amazonaws.com | |
authorisedUsersTable: | |
Type: AWS::DynamoDB::Table | |
Properties: | |
TableName: !Ref authorisedUsersTablename | |
AttributeDefinitions: | |
- AttributeName: phoneNumber | |
AttributeType: S | |
KeySchema: | |
- AttributeName: phoneNumber | |
KeyType: HASH | |
BillingMode: !Ref DynamoDBBillingMode | |
authoriseCaller: | |
Type: AWS::Lambda::Function | |
Properties: | |
FunctionName: "amzn-connect-authoriseCaller" | |
Description: "This function checks if the caller is authorised to use the Amazon Connect Service" | |
Handler: index.lambda_handler | |
Runtime: python3.6 | |
Role: !GetAtt 'authoriseCallerLambdaExecutionRole.Arn' | |
Environment: | |
Variables: | |
AUTHORISEDUSERSTABLE: !Ref authorisedUsersTable | |
Code: | |
ZipFile: | | |
import boto3 | |
import os | |
from boto3.dynamodb.conditions import Key, Attr | |
def lambda_handler(event, context): | |
print("event:",event) | |
print("context:",context) | |
authorisedUsersTable = os.environ['AUTHORISEDUSERSTABLE'] | |
callerID = event["Details"]["ContactData"]["CustomerEndpoint"]["Address"] | |
#Establish connection to dynamoDB and retrieve table | |
dynamodb = boto3.resource('dynamodb') | |
table = dynamodb.Table(authorisedUsersTable) | |
response = table.query(KeyConditionExpression=Key('phoneNumber').eq(callerID)) | |
if (len(response['Items']) > 0): | |
firstName = response['Items'][0]['firstName'] | |
lastName = response['Items'][0]['lastName'] | |
else: | |
firstName = 'unauthorised' | |
lastName = 'unauthorised' | |
callerDetails = { | |
'phoneNumber' : callerID, | |
'firstName' : firstName, | |
'lastName' : lastName | |
} | |
print("CallerDetails:",str(callerDetails)) | |
return callerDetails | |
getInstanceStatus: | |
Type: AWS::Lambda::Function | |
Properties: | |
FunctionName: "amzn-connect-getInstanceStatus" | |
Description: "This function checks and reports the number of EC2 instances that are running and stopped in the AWS region where this AWS Lambda function is running" | |
Handler: index.lambda_handler | |
Runtime: python3.6 | |
Role: !GetAtt 'getInstanceStatusLambdaExecutionRole.Arn' | |
Code: | |
ZipFile: | | |
import boto3 | |
def lambda_handler(event, context): | |
print("event:",event) | |
print("context",context) | |
ec2 = boto3.client("ec2") | |
ec2_status_running = ec2.describe_instances( | |
Filters=[ | |
{ | |
'Name':'instance-state-name', | |
'Values':['running'] | |
} | |
] | |
) | |
ec2_status_running = ec2.describe_instances( | |
Filters=[ | |
{ | |
'Name':'instance-state-name', | |
'Values':['running'] | |
} | |
] | |
) | |
ec2_status_stopped = ec2.describe_instances( | |
Filters=[ | |
{ | |
'Name':'instance-state-name', | |
'Values':['stopped'] | |
} | |
] | |
) | |
num_ec2_running = len(ec2_status_running['Reservations']) | |
num_ec2_stopped = len(ec2_status_stopped['Reservations']) | |
result = { | |
'numberEC2Running': num_ec2_running, | |
'numberEC2Stopped': num_ec2_stopped | |
} | |
print("Number of EC2 instances running:",num_ec2_running) | |
print("Number of EC2 instances stopped:",num_ec2_stopped) | |
return result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment