template.yml

AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Description: Amazon Connect with BankID integration
Parameters:
  ConnectArn:
    Type: String
    Description: The Arn for your existing connect instance. This instance can be in any region.

Globals:
  Function:
    Timeout: 8

Resources:
  #### BankID Authenticator ####
  BankIDAuthFunction:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: bankid-auth
      Description: Triggers a BankID authentication order and polls for status.
      CodeUri: ./code/bankid-auth/
      Handler: lambda_function.lambda_handler
      Runtime: python3.9
      ReservedConcurrentExecutions: 3

  BankIDAuthPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt BankIDAuthFunction.Arn
      Principal: connect.amazonaws.com
      SourceArn: !Ref ConnectArn

  #### Deploy Contact Flow ####
  DeployContactFlowFunction:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: deploy-contact-flow
      Description: Custom resource step to deploy contact flow to Amazon Connect instance
      CodeUri: ./code/deploy-contact-flow/
      Handler: lambda_function.lambda_handler
      Runtime: python3.9
      ReservedConcurrentExecutions: 1
      Policies:
        - Version: 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - connect:ListQueues
                - connect:ListContactFlows
                - connect:CreateContactFlow
                - connect:UpdateContactFlowContent
              Resource: !Sub "${ConnectArn}/*"
      Environment:
        Variables:
          AUTH_ARN: !GetAtt BankIDAuthFunction.Arn
          INSTANCE_ID: !Select [1, !Split ["/", !Ref ConnectArn]]
          CONNECT_REGION: !Select [3, !Split [":", !Ref ConnectArn]]

  ContactFlowDeployment:
    Type: Custom::ContactFlowDeployment
    Properties:
      ServiceToken: !GetAtt DeployContactFlowFunction.Arn
    DeletionPolicy: Retain

Outputs:
  BankIDAuthArn:
    Description: The Arn of the Lambda Function BankIDAuth
    Value: !GetAtt BankIDAuthFunction.Arn

  ContactFlow:
    Description: Response from the custom resource contact flow deployment
    Value: !GetAtt ContactFlowDeployment.Arn