{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "How service providers can use natural language processing to gain insights from customer free-text requests", "Parameters": { "OperationScoreThreshold": { "Default": 0.5, "Type": "Number", "MinValue": 0, "MaxValue": 1, "Description": "Threshold for operation classification score. If the classification score is below than this, the recommendation will not be provided as the classification may be incorrect." }, "ResourceScoreThreshold": { "Default": 0.5, "Type": "Number", "MinValue": 0, "MaxValue": 1, "Description": "Threshold for resource classification score. If the classification score is below than this, the recommendation will not be provided as the classification may be incorrect." }, "ComprehendTicketOperationClassifierEndpoint": { "Default": "ticket-classification-operation", "Type": "String", "AllowedPattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9]){1,64}$", "Description": "The endpoint name of Amazon Comprehend ticket operation classifier." }, "ComprehendTicketResourceClassifierEndpoint": { "Default": "ticket-classification-resource", "Type": "String", "AllowedPattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9]){1,64}$", "Description": "The endpoint name of Amazon Comprehend ticket resource classifier." }, "ClassificationDeliveryStreamName": { "Default": "ticketclassification", "Type": "String", "AllowedPattern": "^[a-zA-Z0-9_.-]{1,64}$", "Description": "The name of Amazon Kinesis Data Firehose delivery steam. Kinesis Data Firehose is used to push the classification data into Amazon Redshift cluster." }, "ClassificationRedshiftClusterUsername": { "Type": "String", "AllowedPattern": "^([a-z])([a-z]|[0-9]){0,127}$", "Description": "The user name associated with the admin user account for Amazon Redshift cluster." }, "ClassificationRedshiftClusterPasswordSecretName": { "Default": "ClassificationRedshiftClusterPassword", "Type": "String", "AllowedPattern": "^[a-zA-Z0-9/_+=.@-]{1,128}$", "Description": "Secret name of AWS Secrets Manager which store Redshift Cluster Password." }, "ClassificationRedshiftClusterDBName": { "Default": "ticketclassification", "Type": "String", "AllowedPattern": "^[a-z0-9]{1,64}$", "Description": "The name of the first database to be created when Amazon Redshift cluster is created. In this walk-through, we will use the first database." }, "ClassificationRedshiftClusterPort": { "Default": 5440, "MinValue": 0, "MaxValue": 65535, "Type": "Number", "Description": "The port number on which Amazon Redshift cluster accepts incoming connections." }, "ClassificationRedshiftClusterNodeType": { "Default": "dc2.large", "Type": "String", "AllowedValues": ["ds2.xlarge", "ds2.8xlarge", "dc1.large", "dc1.8xlarge", "dc2.large", "dc2.8xlarge", "ra3.xlplus", "ra3.4xlarge", "ra3.16xlarge"], "Description": "The node type to be provisioned for Amazon Redshift cluster. For information about node types, go to https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#how-many-nodes." }, "ClassificationRedshiftClusterVpcId": { "Type": "AWS::EC2::VPC::Id", "Description": "The ID of the VPC for the security group associated with Amazon Redshift cluster." }, "ClassificationRedshiftClusterSubnetId": { "Type": "AWS::EC2::Subnet::Id", "Description": "VPC subnet ID associated with Amazon Redshift cluster. In this walk-through, we will use single subnet for Amazon Redshift cluster." }, "QuickSightRegion": { "Default": "us-east-1", "Type": "String", "AllowedValues": ["us-east-1", "us-east-2", "us-west-2", "eu-west-1", "eu-west-2", "eu-central-1"], "Description": "Region which will host Amazon QuickSight." }, "LambdaCodeS3Bucket": { "Type": "String", "AllowedPattern": "^[0-9A-Za-z\\.\\-_]*(? 0", "Namespace": "AWS/Lambda", "Period": 60, "ComparisonOperator": "GreaterThanThreshold", "Statistic": "Sum", "Threshold": 0, "MetricName": "Errors" } }, "TicketHandlerLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Ref": "LambdaCodeS3Bucket" }, "S3Key": { "Ref": "LambdaCodeS3Key" } }, "MemorySize": 128, "Environment": { "Variables": { "CLASSIFICATION_STREAM_ARN": { "Fn::GetAtt": [ "ClassificationDeliveryStream", "Arn" ] } } }, "Handler": "ticket_handler.main", "Role": { "Fn::GetAtt": [ "TicketHandlerLambdaRole", "Arn" ] }, "Timeout": 180, "Runtime": "python3.6" } }, "TicketHandlerLambdaTooManyErrorsAlarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "EvaluationPeriods": 2, "TreatMissingData": "notBreaching", "Dimensions": [ { "Name": "FunctionName", "Value": { "Ref": "TicketHandlerLambdaFunction" } } ], "AlarmDescription": "TicketHandler Lambda Function Errors > 0", "Namespace": "AWS/Lambda", "Period": 60, "ComparisonOperator": "GreaterThanThreshold", "Statistic": "Sum", "Threshold": 0, "MetricName": "Errors" } }, "TicketHandlerLambdaRole": { "Type": "AWS::IAM::Role", "Properties": { "Policies": [ { "PolicyName": "CWLogs", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*", "Effect": "Allow" } ] } } ], "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] } } ] } } }, "TicketHandlerLambdaLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "LogGroupName": { "Fn::Sub": "/aws/lambda/${TicketHandlerLambdaFunction}" } }, "DependsOn": "TicketHandlerLambdaFunction" }, "ClassificationRedshiftCluster": { "Type": "AWS::Redshift::Cluster", "Properties": { "AllowVersionUpgrade": true, "DBName": { "Ref": "ClassificationRedshiftClusterDBName" }, "Port": { "Ref": "ClassificationRedshiftClusterPort" }, "MasterUsername": { "Ref": "ClassificationRedshiftClusterUsername" }, "MasterUserPassword": { "Fn::Sub": "{{resolve:secretsmanager:${ClassificationRedshiftClusterPasswordSecretName}:SecretString:password}}" }, "NodeType": { "Ref": "ClassificationRedshiftClusterNodeType" }, "ClusterType": "single-node", "ClusterParameterGroupName": { "Ref": "ClassificationRedshiftClusterParameterGroup" }, "ClusterSubnetGroupName": { "Ref": "ClassificationRedshiftClusterSubnetGroup" }, "PubliclyAccessible": true, "VpcSecurityGroupIds": [ { "Ref": "ClassificationRedshiftClusterSecurityGroup" } ], "IamRoles": [ { "Fn::GetAtt": "ClassificationDeliveryStreamRole.Arn" } ], "Encrypted": true } }, "ClassificationRedshiftClusterParameterGroup": { "Type": "AWS::Redshift::ClusterParameterGroup", "Properties": { "Description": "Parameter Group for Classification Redshift Cluster.", "ParameterGroupFamily": "redshift-1.0", "Parameters": [ { "ParameterName" : "require_ssl", "ParameterValue" : "true" }, { "ParameterName" : "enable_user_activity_logging", "ParameterValue" : "true" } ] } }, "ClassificationRedshiftClusterSubnetGroup": { "Type": "AWS::Redshift::ClusterSubnetGroup", "Properties": { "Description": "ClassificationRedshiftClusterSubnetGroup", "SubnetIds": [ { "Ref": "ClassificationRedshiftClusterSubnetId" } ] } }, "ClassificationRedshiftClusterSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Allow Kinesis Firehose to access Redshift cluster.", "VpcId": { "Ref": "ClassificationRedshiftClusterVpcId" }, "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": { "Ref": "ClassificationRedshiftClusterPort" }, "ToPort": { "Ref": "ClassificationRedshiftClusterPort" }, "CidrIp": { "Fn::FindInMap" : [ "KinesisFirehoseIPRange", { "Ref" : "AWS::Region" }, "CIDRBlock"] }, "Description": "Kinesis Firehose IP Ranges for Redshift access" }, { "IpProtocol": "tcp", "FromPort": { "Ref": "ClassificationRedshiftClusterPort" }, "ToPort": { "Ref": "ClassificationRedshiftClusterPort" }, "CidrIp": { "Fn::FindInMap" : [ "QuickSightIPRange", { "Ref" : "QuickSightRegion" }, "CIDRBlock"] }, "Description": "QuickSight IP Ranges for Redshift access" } ], "SecurityGroupEgress": [ ] } }, "ClassificationDeliveryStreamS3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "BucketKeyEnabled": true, "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "LifecycleConfiguration": { "Rules": [ { "Id": "Delete", "Status": "Enabled", "ExpirationInDays": 1, "NoncurrentVersionExpiration": { "NoncurrentDays": 1 }, "Prefix": "kinesisfirehose" } ] }, "LoggingConfiguration": { "LogFilePrefix": "logs" }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true } } }, "ClassificationDeliveryStreamS3BucketPolicy": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "ClassificationDeliveryStreamS3Bucket" }, "PolicyDocument": { "Id": "SecureTransport", "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSSLRequestsOnly", "Action": "s3:*", "Effect": "Deny", "Resource": [ { "Fn::Sub": "arn:aws:s3:::${ClassificationDeliveryStreamS3Bucket}" }, { "Fn::Sub": "arn:aws:s3:::${ClassificationDeliveryStreamS3Bucket}/*" } ], "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Principal": "*" } ] } } }, "ClassificationDeliveryStream": { "Type": "AWS::KinesisFirehose::DeliveryStream", "Properties": { "DeliveryStreamEncryptionConfigurationInput": { "KeyType": "AWS_OWNED_CMK" }, "DeliveryStreamName": { "Ref": "ClassificationDeliveryStreamName" }, "DeliveryStreamType": "DirectPut", "RedshiftDestinationConfiguration": { "ClusterJDBCURL": { "Fn::Sub": "jdbc:redshift://${ClassificationRedshiftCluster.Endpoint.Address}:${ClassificationRedshiftClusterPort}/${ClassificationRedshiftClusterDBName}" }, "CopyCommand": { "CopyOptions": "FORMAT AS JSON 'auto' GZIP", "DataTableColumns": "id,title,description,creation_time,operation,resource", "DataTableName": "tickets" }, "Password": { "Fn::Sub": "{{resolve:secretsmanager:${ClassificationRedshiftClusterPasswordSecretName}:SecretString:password}}" }, "RoleARN": { "Fn::GetAtt": [ "ClassificationDeliveryStreamRole", "Arn" ] }, "Username": { "Ref": "ClassificationRedshiftClusterUsername" }, "S3Configuration": { "BucketARN": { "Fn::GetAtt": [ "ClassificationDeliveryStreamS3Bucket", "Arn" ] }, "CompressionFormat": "GZIP", "Prefix": "kinesisfirehose", "RoleARN": { "Fn::GetAtt": [ "ClassificationDeliveryStreamRole", "Arn" ] } }, "CloudWatchLoggingOptions": { "Enabled": true, "LogGroupName": { "Ref": "ClassificationDeliveryStreamLogGroup" }, "LogStreamName": { "Ref": "ClassificationDeliveryStreamLogStream" } } } } }, "ClassificationDeliveryStreamLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "LogGroupName": { "Fn::Sub": "/aws/kinesisfirehose/${ClassificationDeliveryStreamName}" } } }, "ClassificationDeliveryStreamLogStream": { "Type": "AWS::Logs::LogStream", "Properties": { "LogGroupName": { "Ref": "ClassificationDeliveryStreamLogGroup" } } }, "ClassificationDeliveryStreamRole": { "Type": "AWS::IAM::Role", "Properties": { "Policies": [ { "PolicyName": "CloudWatchLogs", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*", "Effect": "Allow" } ] } }, { "PolicyName": "S3", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject" ], "Resource": [ { "Fn::GetAtt": [ "ClassificationDeliveryStreamS3Bucket", "Arn" ] }, { "Fn::Sub": "${ClassificationDeliveryStreamS3Bucket.Arn}/*" } ] } ] } }, { "PolicyName": "Kinesis", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesis:DescribeStream", "kinesis:GetShardIterator", "kinesis:GetRecords", "kinesis:ListShards" ], "Resource": [ { "Fn::Sub": "arn:aws:firehose:${AWS::Region}:${AWS::AccountId}:deliverystream/${ClassificationDeliveryStreamName}" } ] } ] } } ], "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "firehose.amazonaws.com" ] } } ] } } } } }