-
Notifications
You must be signed in to change notification settings - Fork 490
/
Copy pathlexbot.yaml
490 lines (462 loc) · 15.7 KB
/
lexbot.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
AWSTemplateFormatVersion: 2010-09-09
Description: >
This template creates a Lex bot and associated resources.
Parameters:
ParentStackName:
Type: String
Description: Parent Stack Name
Default: lex-web-ui-stack
ShouldDeleteBot:
Type: String
Default: true
AllowedValues:
- true
- false
Description: >
If set to True, the Lex bot and associated resources will
be deleted when the stack is deleted. Otherwise, the bot
will be preserved.
AmazonQAppId:
Type: String
Default: ''
Description: Amazon Q Application ID
IDCApplicationARN:
Type: String
Default: ''
Description: ARN of the Identity Center customer managed application created for QBusiness
AmazonQEndpointUrl:
Type: String
Default: ""
Description: (Optional) Amazon Q Endpoint (leave empty for default endpoint)
QBusinessLambdaCodeObject:
Type: String
Description: >
S3 object zip file containing Lambda for QBusiness integration
Default: artifacts/aws-lex-web-ui/artifacts/streaming-lambda.zip
SourceBucket:
Description: S3 bucket where the source is located
Type: String
Default: aws-bigdata-blog
VpcSubnetId:
Type: String
Default: ''
Description: ID of a VPC subnet where all Lambda functions will run, only used if you need Lambda to run in a VPC
VpcSecurityGroupId:
Type: String
Default: ''
Description: ID of a security group where all Lambda functions will run, only used if you need Lambda to run in a VPC
Conditions:
EnableQBusiness: !Not [!Equals [!Ref AmazonQAppId, '']]
ExampleBot: !Equals [!Ref AmazonQAppId, '']
DeleteBot: !Equals [!Ref ShouldDeleteBot, true]
NeedsVpc: !And [ !Not [ !Equals [!Ref VpcSubnetId, ''] ], !Not [ !Equals [!Ref VpcSecurityGroupId, ''] ] ]
Resources:
ExampleBotRuntimeRole:
Type: AWS::IAM::Role
Condition: ExampleBot
DeletionPolicy: !If [DeleteBot, Delete, Retain]
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lexv2.amazonaws.com
Action:
- "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: LexRuntimeRolePolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "polly:SynthesizeSpeech"
- "comprehend:DetectSentiment"
Resource: "*"
OrderFlowersTemplateBot:
DependsOn: ExampleBotRuntimeRole
Type: AWS::Lex::Bot
Condition: ExampleBot
DeletionPolicy: !If [DeleteBot, Delete, Retain]
Properties:
Name: !Join ["-", [!Ref ParentStackName, "OrderFlowers-Bot"]]
RoleArn: !GetAtt ExampleBotRuntimeRole.Arn
DataPrivacy:
ChildDirected: false
IdleSessionTTLInSeconds: 300
Description: "-"
AutoBuildBotLocales: false
BotLocales:
- LocaleId: "en_US"
Description: "OrderFlowers bot Locale"
NluConfidenceThreshold: 0.40
VoiceSettings:
VoiceId: "Ivy"
SlotTypes:
- Name: "FlowerTypes"
Description: "Flower types"
SlotTypeValues:
- SampleValue:
Value: lilies
- SampleValue:
Value: roses
- SampleValue:
Value: tulips
ValueSelectionSetting:
ResolutionStrategy: ORIGINAL_VALUE
Intents:
- Name: "OrderFlowers"
Description: "Intent to order a bouquet of flowers for pick up"
SampleUtterances:
- Utterance: "I would like to pick up flowers"
- Utterance: "I would like to order some flowers"
IntentConfirmationSetting:
PromptSpecification:
MessageGroupsList:
- Message:
PlainTextMessage:
Value: "Okay, your {FlowerType} will be ready for pickup by {PickupTime} on {PickupDate}. Does this sound okay?"
MaxRetries: 3
AllowInterrupt: false
DeclinationResponse:
MessageGroupsList:
- Message:
PlainTextMessage:
Value: "Okay, I will not place your order."
AllowInterrupt: false
SlotPriorities:
- Priority: 2
SlotName: PickupDate
- Priority: 1
SlotName: FlowerType
- Priority: 3
SlotName: PickupTime
Slots:
- Name: "FlowerType"
Description: "something"
SlotTypeName: "FlowerTypes"
ValueElicitationSetting:
SlotConstraint: "Required"
PromptSpecification:
MessageGroupsList:
- Message:
PlainTextMessage:
Value: "What type of flowers would you like to order?"
MaxRetries: 3
AllowInterrupt: false
- Name: "PickupDate"
Description: "something"
SlotTypeName: "AMAZON.Date"
ValueElicitationSetting:
SlotConstraint: "Required"
PromptSpecification:
MessageGroupsList:
- Message:
PlainTextMessage:
Value: "What day do you want the {FlowerType} to be picked up?"
MaxRetries: 3
AllowInterrupt: false
- Name: "PickupTime"
Description: "something"
SlotTypeName: "AMAZON.Time"
ValueElicitationSetting:
SlotConstraint: "Required"
PromptSpecification:
MessageGroupsList:
- Message:
PlainTextMessage:
Value: "At what time do you want the {FlowerType} to be picked up?"
MaxRetries: 3
AllowInterrupt: false
- Name: "FallbackIntent"
Description: "Default intent when no other intent matches"
ParentIntentSignature: "AMAZON.FallbackIntent"
ExampleBotVersion:
DependsOn: OrderFlowersTemplateBot
Type: AWS::Lex::BotVersion
Condition: ExampleBot
Properties:
BotId: !Ref OrderFlowersTemplateBot
BotVersionLocaleSpecification:
- LocaleId: en_US
BotVersionLocaleDetails:
SourceBotVersion: DRAFT
Description: OrderFlowers Version
ExampleBotAlias:
DependsOn: ExampleBotVersion
Type: AWS::Lex::BotAlias
Condition: ExampleBot
Properties:
BotId: !Ref OrderFlowersTemplateBot
BotAliasName: "Prod"
BotVersion: !GetAtt ExampleBotVersion.BotVersion
SentimentAnalysisSettings:
DetectSentiment: true
QBusinessBot:
Type: AWS::Lex::Bot
Condition: EnableQBusiness
Properties:
Name: !Join ["-", [!Ref ParentStackName, "QBusiness-Bot"]]
DataPrivacy:
ChildDirected: false
IdleSessionTTLInSeconds: 300
RoleArn: !GetAtt QBusinessBotServiceRole.Arn
BotLocales:
- LocaleId: "en_US"
Description: "QBusiness bot Locale"
NluConfidenceThreshold: 0.40
VoiceSettings:
VoiceId: "Ivy"
Intents:
- Name: "MainIntent"
Description: "Basic intent"
SampleUtterances:
- Utterance: "Hello"
FulfillmentCodeHook:
Enabled: true
IsActive: true
- Name: "FallbackIntent"
Description: "Default intent when no other intent matches"
ParentIntentSignature: "AMAZON.FallbackIntent"
FulfillmentCodeHook:
Enabled: true
IsActive: true
QBusinessBotServiceRole:
Type: AWS::IAM::Role
Condition: EnableQBusiness
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lexv2.amazonaws.com
Action:
- "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: LexRuntimeRolePolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "polly:SynthesizeSpeech"
- "comprehend:DetectSentiment"
Resource: "*"
BotVersion:
DependsOn: QBusinessBot
Condition: EnableQBusiness
Type: AWS::Lex::BotVersion
Properties:
BotId: !Ref QBusinessBot
BotVersionLocaleSpecification:
- LocaleId: en_US
BotVersionLocaleDetails:
SourceBotVersion: DRAFT
Description: Q Business Bot
BotAlias:
DependsOn: BotVersion
Condition: EnableQBusiness
Type: AWS::Lex::BotAlias
Properties:
BotId: !Ref QBusinessBot
BotAliasName: "Prod"
BotVersion: !GetAtt BotVersion.BotVersion
BotAliasLocaleSettings:
- BotAliasLocaleSetting:
CodeHookSpecification:
LambdaCodeHook:
LambdaArn: !GetAtt QnaBusinessLambdaFulfillmentFunction.Arn
CodeHookInterfaceVersion: '1.0'
Enabled: true
LocaleId: en_US
SentimentAnalysisSettings:
DetectSentiment: true
QManagedPolicy:
Type: AWS::IAM::ManagedPolicy
Condition: EnableQBusiness
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AllowQChat
Effect: Allow
Action:
- "qbusiness:ChatSync"
Resource: !Sub "arn:${AWS::Partition}:qbusiness:${AWS::Region}:${AWS::AccountId}:application/${AmazonQAppId}"
QServiceRole:
Type: AWS::IAM::Role
Condition: EnableQBusiness
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
AWS:
- !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:root
Action:
- sts:AssumeRole
- sts:SetContext
Path: /
ManagedPolicyArns:
- !Ref QManagedPolicy
KMSKey:
Type: 'AWS::KMS::Key'
Condition: EnableQBusiness
Properties:
KeySpec: 'SYMMETRIC_DEFAULT'
KeyUsage: 'ENCRYPT_DECRYPT'
KeyPolicy:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:root'
Action: 'kms:*'
Resource: '*'
CredentialsTable:
Type: AWS::DynamoDB::Table
Condition: EnableQBusiness
Properties:
AttributeDefinitions:
- AttributeName: "jti"
AttributeType: "S"
KeySchema:
- AttributeName: "jti"
KeyType: "HASH"
BillingMode: PAY_PER_REQUEST
SSESpecification:
SSEEnabled: True
TableName: !Join ["-", [!Ref ParentStackName, "CachedCreds-Table"]]
TimeToLiveSpecification:
AttributeName: ExpiresAt
Enabled: true
LambdaFunctionRole:
Type: AWS::IAM::Role
Condition: EnableQBusiness
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
!If
- NeedsVpc
-
- "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Policies:
- PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "qbusiness:ChatSync"
Resource: !Sub "arn:aws:qbusiness:${AWS::Region}:${AWS::AccountId}:application/${AmazonQAppId}"
PolicyName: QBusinessPolicy
- PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "s3:GetObject"
Resource: "arn:aws:s3:::*/*"
PolicyName: S3ImportBucketPolicy
- PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "dynamodb:PutItem"
- "dynamodb:GetItem"
Resource:
- !Sub "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${CredentialsTable}"
PolicyName: DynamoDbPolicy
- PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "kms:Decrypt"
- "kms:Encrypt"
Resource:
- !Sub "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${KMSKey}"
PolicyName: KmsPolicy
- PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "sso-oauth:CreateTokenWithIAM"
Resource: "*"
PolicyName: OICDPolicy
- PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "sts:AssumeRole"
- "sts:SetContext"
Resource:
- !GetAtt QServiceRole.Arn
PolicyName: AllowAssumeQRole
QnaBusinessLambdaFulfillmentFunction:
Type: AWS::Lambda::Function
Condition: EnableQBusiness
Properties:
VpcConfig:
!If
- NeedsVpc
-
SecurityGroupIds:
- !Ref VpcSecurityGroupId
SubnetIds:
- !Ref VpcSubnetId
- !Ref "AWS::NoValue"
FunctionName: !Join ["-", [!Ref ParentStackName, "Fulfillment-Lambda"]]
Handler: index.lambda_handler
Role: !GetAtt 'LambdaFunctionRole.Arn'
Runtime: python3.12
Timeout: 60
MemorySize: 128
Code:
S3Bucket: !Ref SourceBucket
S3Key: !Ref QBusinessLambdaCodeObject
Environment:
Variables:
AWS_DATA_PATH: /opt/model
AMAZONQ_APP_ID: !Ref AmazonQAppId
AMAZONQ_ROLE_ARN: !GetAtt QServiceRole.Arn
DYNAMODB_CACHE_TABLE_NAME: !Ref CredentialsTable
KMS_KEY_ID: !Ref KMSKey
IDC_CLIENT_ID: !Ref IDCApplicationARN
AMAZONQ_ENDPOINT_URL: !Ref AmazonQEndpointUrl
QBusinessBotPermission:
Type: AWS::Lambda::Permission
Condition: EnableQBusiness
Properties:
FunctionName: !Ref QnaBusinessLambdaFulfillmentFunction
Action: 'lambda:InvokeFunction'
Principal: 'lexv2.amazonaws.com'
SourceArn: !GetAtt BotAlias.Arn
Outputs:
BotId:
Value: !If [EnableQBusiness, !Ref QBusinessBot, !Ref OrderFlowersTemplateBot]
Description: Lex Bot Id
BotAlias:
Value: !If [EnableQBusiness, !GetAtt BotAlias.BotAliasId, !GetAtt ExampleBotAlias.BotAliasId]
Description: Lex Bot Alias
QBusinessLambdaRoleARN:
Value: !If [EnableQBusiness, !GetAtt LambdaFunctionRole.Arn, '']
Description: ARN of role created for executing the Q Business Lambda fulfillment function