templates/master.yaml

AWSTemplateFormatVersion: 2010-09-09
Description: |
    Master Lex Web UI CloudFormation template (v0.21.6)
    The Lex Web Ui can be deployed to operate against either a Lex V2 Bot OR a Lex V1 Bot BUT NOT BOTH.
    Please configure either the Lex V2 bot information OR the Lex V1 bot information and leave the other
    version input parameters as defaulted.
    A deployment of Lex Web Ui can not be switched between V2 and V1 by updating the stack with different parameters.
    It deploys:
        - S3 buckets to host the web application
        - CodeBuild project to build the configuration and deploy to S3
        - Optional Lex Bot (based on OrderFlowers example)
        - Optional Cognito Identity Pool for unauthenticated identities
        - Optional Lambda function to delete S3 buckets
        - CloudWatch Logs groups related to Lambda functions
        - Associated IAM roles

Parameters:
    LexV2BotId:
        Description: >
            Bot ID (not bot name) of an existing Lex V2 Bot to be used by the web ui. NOTE: You must
            also enter your Bot alias ID in the LexV2BotAliasId field below. DO NOT MODIFY this value if
            configuring a V1 Bot.
        Type: String
        Default: ''
        MaxLength: 50
        AllowedPattern: '(^$|^[a-zA-Z0-9]+((_[a-zA-Z0-9]+)*|([a-zA-Z0-9]+_)*|_))'
        ConstraintDescription: >
            Must conform with the permitted Lex V2 Bot name pattern.

    LexV2BotAliasId:
        Description: >
            Use your Lex V2 Bot's alias id (not alias name) here. DO NOT MODIFY this value if
            configuring a V1 Bot.
        Type: String
        Default: ''
        MinLength: 0
        MaxLength: 50
        AllowedPattern: '(^$|^[$a-zA-Z0-9]+((_[$a-zA-Z0-9]+)*|([$a-zA-Z0-9]+_)*|_))'
        ConstraintDescription: >
            Must conform with the permitted Lex V2 Alias name pattern.

    LexV2BotLocaleId:
        Description: >
            Specify your bot's supported locale ids. By default this list contains only en_US. Other Lex V2
            supported values are de_DE, en_AU, en_GB, es_419, es_ES, es_US, fr_CA, fr_FR, it_IT, ja_JP. A comma
            separated list of values can be supplied with the first value in the list being the default value. The
            remaining items can be selected in the Lex Web Ui menu.
            See "https://docs.aws.amazon.com/lexv2/latest/dg/lex2.0.pdf"
            for details on supported languages and locales. DO NOT MODIFY this value if
            configuring a V1 Bot.
        Type: String
        Default: 'en_US'
        MinLength: 2
        MaxLength: 50

    BotName:
        Description: >
            Name of an existing Lex Bot to be used by the web ui. NOTE: You must
            also enter your published bot alias in the BotAlias field below. DO NOT MODIFY this value if
            configuring a V2 Bot.
        Type: String
        Default: ''
        MinLength: 0
        MaxLength: 50
        AllowedPattern: '(^$|^[a-zA-Z]+((_[a-zA-Z]+)*|([a-zA-Z]+_)*|_))'
        ConstraintDescription: >
            Must conform with the permitted Lex Bot name pattern.

    BotAlias:
        Description: >
            WARNING: For production deployments, use your bot's published alias here.
            The $LATEST alias should only be used for manual testing. Amazon Lex limits
            the number of runtime requests that you can make to the $LATEST version of
            the bot. DO NOT MODIFY this value if configuring a V2 Bot.
        Type: String
        Default: '$LATEST'
        MinLength: 2
        MaxLength: 50
        AllowedPattern: '(^$|^[$a-zA-Z]+((_[$a-zA-Z]+)*|([$a-zA-Z]+_)*|_))'
        ConstraintDescription: >
            Must conform with the permitted Lex Alias name pattern.

    ShouldDeleteBot:
        Type: String
        Default: true
        AllowedValues:
          - true
          - false
        Description: >
            If set to True, the Optional Sample Lex bot and associated resources will
            be deleted when the stack is deleted. Otherwise, the bot
            will be preserved. Only applies if the bot is created by
            this stack.

    EnableCognitoLogin:
        Type: String
        Default: false
        AllowedValues:
          - true
          - false
        Description: >
            If set to True, a menu with a login action will be displayed
            in the Lex Web Ui. This feature uses Cognito User Pools with
            hosted login pages. After login, the menu will switch to logout.

    ForceCognitoLogin:
        Type: String
        Default: false
        AllowedValues:
          - true
          - false
        Description: >
            If set to True, the menu with a login action will not be displayed
            in the Lex Web Ui, and the Cognito login will be executed automatically. This implicitly sets
            EnableCognitoLogin to be true.

    AllowedSignUpEmailDomain:
        Type: String
        Default: ''
        Description: >-
            Email address domain (example.com) or comma separated list of email domains 
            (example1.com, example2.com) allowed to signin and signup using the web UI.
            If left empty, signup via the web UI is disabled and users will have to be created using
            Cognito.
        AllowedPattern: '^(|([\w-]+\.)+[\w-]{2,6}(, *([\w-]+\.)+[\w-]{2,6})*)$'

    SaveHistory:
        Type: String
        Default: false
        AllowedValues:
            - true
            - false
        Description: >
            This is an optional parameter, if set to True, the history of the chat is maintained over sessions.
            A item to clean the chat will appear at the menu.

    ShouldEnableLiveChat:
        Type: String
        Default: false
        AllowedValues:
          - true
          - false
        Description: >
          This is an optional parameter, if set to True, the AWS Connect live Chat functionality will be available.
          A item to start a live chat will appear at the menu.

    CodeBuildName:
        Type: String
        Description: >
            Name of the CodeBuild project to be created. Used to
            configure and directly deploy the web app to S3. Must be
            unique per region
        Default: lex-web-ui
        MinLength: 2
        MaxLength: 255
        AllowedPattern: '^[A-Za-z0-9][A-Za-z0-9\-_]{1,254}$'
        ConstraintDescription: >
            Should start with Alphanumeric. May contain alphanumeric, undescore
            and dash.

    WebAppParentOrigin:
        Type: String
        Description: >
            Browser origin (e.g. http://mysite.example.com:8080)
            of an existing site where you want to place the chat bot UI.
            This is an optional parameter. If left empty, the sample parent page
            will be hosted in the same S3 bucket as the iframe
        Default: ''
        AllowedPattern: '(^$|^https?://[\w\.-]+(:\d+)?$)'
        ConstraintDescription: Empty or valid browser origin

    WebAppPath:
        Type: String
        Default: '/parent.html'
        Description: >
            Path to the page (or pages) under WebAppParentOrigin used to host
            the chatbot UI. Multiple paths can be specified as a comma separated
            list.

    CognitoIdentityPoolId:
        Type: String
        Description: >
            Id of an existing Cognito Identity Pool. This is an optional
            parameter. If left empty, a Cognito Identity Pool will be
            automatically created. The pool ID is used by the web ui
            to get AWS credentials for making calls to Lex and Polly.
        Default: ''
        AllowedPattern: '(^$|^[\w-]+:[0-9a-f-]+$)'
        ConstraintDescription: Empty or a valid Cognito Identity Pool ID

    CognitoIdentityPoolName:
        Type: String
        Description: >
            Name of Cognito identity pool to be created to provide
            AWS credentials to the web ui. Only used if the
            CognitoIdentityPoolId parameter is left empty (default).
        Default: Lex Web UI
        MinLength: 1
        MaxLength: 128
        AllowedPattern: '^[\w ]+$'
        ConstraintDescription: Alphanumeric and spaces.

    CleanupBuckets:
        Type: String
        Default: true
        AllowedValues:
          - true
          - false
        Description: >
            If set to True, buckets created for the Pipeline and to store the
            web application will be deleted on CloudFormation stack delete.
            If set to False, S3 buckets will be retained.

    EnableMarkdownSupport:
        Type: String
        Default: true
        AllowedValues:
        - true
        - false
        Description: >
            If set to True, enable optional Markdown formatting.
            Warning: Improper use of the Markdown/html feature can open you up to a cross-site
            scripting (XSS) attack from insecure Bots. Make sure you trust the Bot being used
            by the LexWebUi.

    ReInitSessionAttributesOnRestart:
        Type: String
        Default: false
        AllowedValues:
        - true
        - false
        Description: >
            If set to True, session attributes sent on each request to Lex are reset. Use a value
            of false, if session attributes need to be supported on subsequent Lex requests. The
            default is false.

    ShouldLoadIframeMinimized:
        Type: String
        Default: false
        AllowedValues:
        - true
        - false
        Description: >
            If set to True and running embedded as an Iframe on a web page, minimize the
            LexWebUi when first launched. If set to False, the Iframe will be maximized
            on the hosting page.

    ShowResponseCardTitle:
        Type: String
        Default: false
        AllowedValues:
        - true
        - false
        Description: >
            If set to True, the ResponseCard title is displayed in the UI. When set to false,
            a ResponseCard title is not displayed in the UI. Default is false. Note at the
            present time this is a global setting. Should the UI need to display some form
            of a title, use the optional sub-title property of a ResponseCard.

    # Sub-templates and source artifacts are hosted in this bucket.
    # The content of this bucket is maintained outside of this template
    # by using the Makefile under the build directory of this project.
    # See the README.md file for instructions on how to use your own bucket.
    BootstrapBucket:
        Type: String
        Default: aws-bigdata-blog
        Description: >
            S3 bucket containing pre-staged nested templates and source artifacts
    BootstrapPrefix:
        Type: String
        Default: artifacts/aws-lex-web-ui/artifacts
        Description: >
            S3 prefix where the templates and source are stored under

    WebAppConfBotInitialText:
        Type: String
        Default: >
            You can ask me for help ordering flowers. Just type "Buy
            flowers" or click on the mic and say it.
        Description: First bot message displayed in the chatbot UI

    WebAppConfBotInitialSpeech:
        Type: String
        Default: Say 'Buy Flowers' to get started.
        Description: >
            Message spoken by bot when the microphone is first pressed in
            a conversation

    WebAppConfBotInitialUtterance:
        Type: String
        Default: ''
        Description: >
            Text to use to send as first utterance to bot

    WebAppConfNegativeFeedback:
        Type: String
        Default: Thumbs down
        Description: >
            This optional parameter defines the message to be sent by the user upon pressing
            a feedback button signaling a negative feedback.
            If left empty feedback buttons will be disabled on the UI.

    WebAppConfPositiveFeedback:
        Type: String
        Default: Thumbs up
        Description: >
            This optional parameter defines the message to be sent by the user upon pressing
            a feedback button signaling a positive feedback.
            If left empty feedback buttons will be disabled on the UI.

    WebAppConfHelp:
        Type: String
        Default: Help
        Description: >
            This is an optional parameter, when defined with a value, a help button will display on the chat bot toolbar.
            When pressed the button will send the entered string to the bot as a help message.  If left empty
            the help button will be disabled.

    WebAppConfToolbarTitle:
        Type: String
        Default: Order Flowers
        Description: Title displayed in the chatbot UI toolbar

    WebAppConfCname:
        Type: String
        Default: ""
        Description: This optional parameter allows a single CNAME to be defined and used as an alias to
            the cloudfront distribution that is created by this template. If a CNAME is provided, a
            WebAppAcmCertificateArn must also be provided.

    WebAppAcmCertificateArn:
        Type: String
        Default: ""
        Description: This optional parameter allows a AcmCertificateArn to be provided for use in the Cloudfront
            distribution created by this template. if a AcmCertificateArn is provided, a WebAppConfCname must also
            be provided.

    WebAppWafAclArn:
        Type: String
        Default: ""
        Description: This optional parameter allows a AWS WAF web ACL to be specified in ARN formation. This supports
            AWS WAF V2.

    HideButtonMessageBubble:
        Type: String
        Default: false
        AllowedValues:
          - true
          - false
        Description: >
         If set to true, hide the message bubble on a response card button press
    
    MessageMenu:
        Type: String
        Default: false
        AllowedValues:
          - true
          - false
        Description: >
          If set to true, each message will have an additional clickable menu on messages 
          sent to the bot allowing you to repeat that message.

    BackButton:
        Type: String
        Default: false
        AllowedValues:
          - true
          - false
        Description: >
          If set to true, will show a back button to go back to a previous message.

    MinimizedButtonContent:
        Type: String
        Default: ''
        Description: >
          This is an optional parameter, if populated will display provided text when chat window is minimized.

    retryOnLexPostTextTimeout:
        Type: String
        Default: false
        AllowedValues:
            - true
            - false
        Description: >
            When set to true, operations against the Lex PostText API that result in a timeout
            will be retried up the the defined retry count. This is useful to enable if 30 second
            timeouts in Lex are frequently observed and subsequent operations will must likely succeed.

    retryCountPostTextTimeout:
        Type: Number
        Default: 1
        Description: >
            Defines the number of times the lex-web-ui will retry the Lex PostText API operation when an exception
            is detected.

    ConnectContactFlowId:
        Type: String
        Description: >
            Connect Contract Flow Id
        Default: ''

    ConnectInstanceId:
        Type: String
        Description: >
            Connect Instance Id
        Default: ''

    ConnectPromptForNameMessage:
        Type: String
        Description: >
            Message to display prompting the user for a name
        Default: Before starting a live chat, please tell me your name?

    ConnectWaitForAgentMessage:
        Type: String
        Description: >
            Message to display every message interval while waiting for an agent to connect
        Default: Thanks for waiting. An agent will be with you when available.

    ConnectAttachChatTranscript:
        Type: String
        Default: false
        AllowedValues:
        - true
        - false
        Description: >
            Attach chat transcript as file. This only works if you enable attachments in Amazon Connect.

    ConnectAgentJoinedMessage:
        Type: String
        Description: >
            Message to play when an agent joins the chat. {Agent} will be replaced with the Agent's name.
        Default: "{Agent} has joined."

    ConnectAgentLeftMessage:
        Type: String
        Description: >
            Message to play when an agent leaves the chat. {Agent} will be replaced with the Agent's name.
        Default: "{Agent} has left."
    
    ConnectChatEndedMessage:
        Type: String
        Description: >
            Message to play when a chat session has ended.
        Default: "Chat ended."

    ConnectWaitForAgentMessageIntervalInSeconds:
        Type: Number
        Description: >
            Interval in seconds between successive ConnectWaitForAgentMessage. 0 to disable interval.
        Default: 60

    ConnectLiveChatTerms:
        Type: String
        Description: >
            Command separated list of terms that can be used to start Live Chat mode
        Default: "live chat"

    ConnectTranscriptMessageDelayInMsec:
        Type: Number
        Description: >
            Delay to insert between each transcript message send to Connect in msec.
        Default: 150

    ConnectStartLiveChatLabel:
        Type: String
        Description: >
            Label used in Menu to start connect live chat
        Default: "Start Live Chat"

    ConnectStartLiveChatIcon:
        Type: String
        Description: >
            Icon to use in menu to start connect live chat
        Default: "people_alt"

    ConnectEndLiveChatLabel:
        Type: String
        Description: >
            Label to use in menu and toolbar to end connect live chat
        Default: "End Live Chat"

    ConnectEndLiveChatIcon:
        Type: String
        Description: >
            Icon to use in menu and toolbar to end connect live chat
        Default: "call_end"

    ## CSS Configuration Options
    MessageTextColor:
        Type: String
        Default: ''
        Description: >
         Optional parameter, leave empty to retain previous settings. 
         Sets the color of the message text, can be a valid CSS color (red, green, etc) or Hex value (#FF0000, #ADD8E6, etc)

    MessageFont:
        Type: String
        Default: ''
        Description: >
         Sets the font style of the messages sent by the agent and customer

    ChatBackgroundColor:
        Type: String
        Default: ''
        Description: >
         Optional parameter, leave empty to retain previous settings. 
         Sets the background color of the message area, can be a valid CSS color (red, green, etc) or Hex value (#FF0000, #ADD8E6, etc)

    ToolbarColor:
        Type: String
        Default: ''
        Description: >
         Optional parameter, leave empty to retain previous settings. 
         Sets the background color of the toolbar, can be a valid CSS color (red, green, etc) or Hex value (#FF0000, #ADD8E6, etc)

    BotChatBubble:
        Type: String
        Default: ''
        Description: >
         Optional parameter, leave empty to retain previous settings. 
         Sets the background color of the bubble for the bot, can be a valid CSS color (red, green, etc) or Hex value (#FF0000, #ADD8E6, etc)
    
    CustomerChatBubble:
        Type: String
        Default: ''
        Description: >
         Optional parameter, leave empty to retain previous settings. 
         Sets the background color of the bubble for the customer, can be a valid CSS color (red, green, etc) or Hex value (#FF0000, #ADD8E6, etc)

    MinimizedButtonColor:
        Type: String
        Default: ''
        Description: >
         Optional parameter, leave empty to retain previous settings. 
         Sets the background color of the button displayed when the chat is minimized, can be a valid CSS color (red, green, etc) or Hex value (#FF0000, #ADD8E6, etc)

    TitleLogoImgUrl:
        Type: String
        Description: >
         This is an optional parameter, when set to an image URL that is accessible by the application it will 
         display the image left of the toolbar title. Image must be formatted to the correct size for display.

    BotAvatarImgUrl:
        Type: String
        Description: >
         This is an optional parameter, when set to an image URL that is accessible by the application it will 
         display on the left of all bot messages

    AllowStreamingResponses:
        Type: String
        Default: false
        AllowedValues:
        - true
        - false
        Description: >
            If set to True, a websocket API Gateway will be established and messages will be sent to this web socket
            in addition to the Lex bot directly. More details on how to configure your bot for streaming intereactions
            can be found here: https://github.com/zhengjie28/lex-web-ui-websocket
    
    ShouldEnableUpload:
        Type: String
        Default: false
        AllowedValues:
          - true
          - false
        Description: >
          If set to True, the upload document functionality will be available. The icon for uploading documents
          will appear in the UI and an API Gateway endpoint will be deployed for generating pre-signed URLs for the UI
          to utilize for uploading documents. By default, pre-signed URLs have a TTL of 60 seconds.

    UploadBucket:
        Type: String
        Default: ''
        Description: >
            If enabling upload, the name of the S3 bucket where uploaded documents should be stored

    AmazonQAppId:
        Type: String
        Default: ''
        Description: Amazon Q Application ID. This option will automatically create a bot and the V1/V2 bot fields should be left blank.

    IDCApplicationARN:
        Type: String
        Default: ''
        Description: >
            ARN of the Identity Center customer managed application created for QBusiness. This will need to be configured
            manually after initial UI deployment. The value from manual creation will need to be supplied here and the template updated.
            This process is not automated because in many use cases Identity Center will not be in the same account as the bot.
            Manual set-up instructions can be found here: https://github.com/aws-samples/aws-lex-web-ui/blob/master/README-qbusiness.md

    VpcSubnetId:
        Type: String
        Default: ''
        Description: ID of a VPC subnet where all Lambda functions will run, only used if you need Lambda to run in a VPC

    VpcSecurityGroupId:
        Type: String
        Default: ''
        Description: ID of a security group where all Lambda functions will run, only used if you need Lambda to run in a VPC

    
Rules:
  ValidateEitherV1orV2:
    RuleCondition: !Not 
        - !Equals
            - !Ref BotName
            - ''
    Assertions:
      - Assert: !Equals 
            - !Ref LexV2BotId
            - ''
        AssertDescription: 'Template cannot contain both Lex V1 and Lex V2 information'

Metadata:
    AWS::CloudFormation::Interface:
        ParameterGroups:
            - Label:
                default: Deployment Parameters
              Parameters:
                  - CodeBuildName
                  - CleanupBuckets
                  - BootstrapBucket
                  - BootstrapPrefix
            - Label:
                default: Lex V1 Bot Configuration Parameters
              Parameters:
                  - BotName
                  - BotAlias
            - Label:
                default: Lex V2 Bot Configuration Parameters
              Parameters:
                  - LexV2BotId
                  - LexV2BotAliasId
                  - LexV2BotLocaleId
            - Label:
                default: Optional Sample Bot
              Parameters:
                  - ShouldDeleteBot
            - Label:
                default: Bot Behavior Parameters
              Parameters:
                  - EnableCognitoLogin
                  - ForceCognitoLogin
                  - AllowedSignUpEmailDomain
                  - EnableMarkdownSupport
                  - ReInitSessionAttributesOnRestart
                  - ShowResponseCardTitle
                  - SaveHistory
                  - retryOnLexPostTextTimeout
                  - retryCountPostTextTimeout
                  - AllowStreamingResponses
                  - ShouldEnableUpload
                  - UploadBucket
            - Label:
                default: Cognito Parameters
              Parameters:
                  - CognitoIdentityPoolId
                  - CognitoIdentityPoolName
            - Label:
                default: Web Application Parameters
              Parameters:
                  - WebAppParentOrigin
                  - WebAppPath
                  - WebAppConfBotInitialText
                  - WebAppConfBotInitialSpeech
                  - WebAppConfBotInitialUtterance
                  - WebAppConfNegativeFeedback
                  - WebAppConfPositiveFeedback
                  - WebAppConfHelp
                  - WebAppAcmCertificateArn
                  - WebAppConfCname
                  - WebAppWafAclArn
                  - HideButtonMessageBubble
                  - MessageMenu
                  - BackButton
                  - MinimizedButtonContent
                  - WebAppConfToolbarTitle
                  - ShouldLoadIframeMinimized
                  - TitleLogoImgUrl
                  - BotAvatarImgUrl
            - Label:
                default: Connect Live Chat Parameters
              Parameters:
                  - ShouldEnableLiveChat
                  - ConnectLiveChatTerms
                  - ConnectInstanceId
                  - ConnectContactFlowId
                  - ConnectPromptForNameMessage
                  - ConnectWaitForAgentMessage
                  - ConnectWaitForAgentMessageIntervalInSeconds
                  - ConnectAgentJoinedMessage
                  - ConnectAgentLeftMessage
                  - ConnectChatEndedMessage
                  - ConnectAttachChatTranscript
                  - ConnectStartLiveChatLabel
                  - ConnectStartLiveChatIcon
                  - ConnectEndLiveChatLabel
                  - ConnectEndLiveChatIcon
                  - ConnectTranscriptMessageDelayInMsec
            - Label:
                default: CSS Customization Parameters
              Parameters:
                  - MessageTextColor
                  - MessageFont
                  - ChatBackgroundColor
                  - ToolbarColor
                  - BotChatBubble
                  - CustomerChatBubble
                  - MinimizedButtonColor
            - Label:
                default: Lambda VPC Support
              Parameters:
                  - VpcSubnetId
                  - VpcSecurityGroupId 
            - Label:
                default: Q Business Parameters
              Parameters:
                  - AmazonQAppId
                  - IDCApplicationARN                 

Conditions:
    IsLexV2: !Not [ !Equals [!Ref LexV2BotId, ''] ]
    NeedsBot:  !And [ !Equals [!Ref BotName, ''], !Equals [!Ref LexV2BotId, ''] ]
    NeedsVpc:  !And [ !Not [ !Equals [!Ref VpcSubnetId, ''] ], !Not [ !Equals [!Ref VpcSecurityGroupId, ''] ] ] 
    NeedsCognito: !Equals [!Ref CognitoIdentityPoolId, '']
    NeedsParentOrigin: !Equals [!Ref WebAppParentOrigin, '']
    ShouldForceCognitoLogin: !Equals [!Ref ForceCognitoLogin, true]
    EnableLiveChat: !Equals [!Ref ShouldEnableLiveChat, true]

Resources:
    Bot:
        Type: AWS::CloudFormation::Stack
        Condition: NeedsBot
        Properties:
            TimeoutInMinutes: 15
            TemplateURL: !Sub "https://${BootstrapBucket}.s3.${AWS::Region}.amazonaws.com/${BootstrapPrefix}/templates/lexbot.yaml"
            Parameters:
                ShouldDeleteBot: !Ref ShouldDeleteBot
                ParentStackName: !Ref "AWS::StackName"
                SourceBucket: !Ref BootstrapBucket
                QBusinessLambdaLayerObject: !Sub "${BootstrapPrefix}/layers.zip"
                QBusinessLambdaCodeObject: !Sub "${BootstrapPrefix}/qbusiness-lambda-v0.21.6.zip"
                AmazonQAppId: !Ref AmazonQAppId
                IDCApplicationARN: !Ref IDCApplicationARN
                VpcSubnetId: !Ref VpcSubnetId
                VpcSecurityGroupId: !Ref VpcSecurityGroupId

    CognitoIdentityPool:
        Type: AWS::CloudFormation::Stack
        Condition: NeedsCognito
        Properties:
            TemplateURL: !Sub "https://${BootstrapBucket}.s3.${AWS::Region}.amazonaws.com/${BootstrapPrefix}/templates/cognito.yaml"
            Parameters:
                CognitoIdentityPoolName: !Ref CognitoIdentityPoolName
                ForceCognitoLogin: !Ref ForceCognitoLogin
                LexBotName: !Ref BotName
                LexV2BotId: 
                    !If
                      - NeedsBot
                      - !GetAtt Bot.Outputs.BotId
                      - !Ref LexV2BotId
                LexV2BotAliasId:
                    !If
                      - NeedsBot
                      - !GetAtt Bot.Outputs.BotAlias
                      - !Ref LexV2BotAliasId                    
                ShouldEnableLiveChat: !Ref ShouldEnableLiveChat
                ShouldEnableUpload: !Ref ShouldEnableUpload
                UploadBucket: !Ref UploadBucket
                AllowStreamingResponses: !Ref AllowStreamingResponses
                AllowedSignUpEmailDomain: !Ref AllowedSignUpEmailDomain

    ##########################################################################
    # Simplified deployment using CodeBuild to build config and push to S3
    ##########################################################################
    CodeBuildDeploy:
        Type: AWS::CloudFormation::Stack
        Properties:
            TemplateURL: !Sub "https://${BootstrapBucket}.s3.${AWS::Region}.amazonaws.com/${BootstrapPrefix}/templates/codebuild-deploy.yaml"
            Parameters:
                ResourcePrefix: !Ref "AWS::StackName"
                CodeBuildName: !Ref CodeBuildName
                SourceBucket: !Ref BootstrapBucket
                SourcePrefix: !Ref BootstrapPrefix
                SourceObject: !Sub "${BootstrapPrefix}/src-v0.21.6.zip"
                CustomResourceCodeObject: !Sub "${BootstrapPrefix}/custom-resources-v0.21.6.zip"
                InitiateChatLambdaCodeObject: !Sub "${BootstrapPrefix}/initiate-chat-lambda-v0.21.6.zip"
                StreamingLambdaCodeObject: !Sub "${BootstrapPrefix}/streaming-lambda-v0.21.6.zip"
                CleanupBuckets: !Ref CleanupBuckets
                BotName:
                    !If
                      - IsLexV2
                      - !Ref LexV2BotId
                      - !If
                          - NeedsBot
                          - !GetAtt Bot.Outputs.BotId
                          - !Ref BotName
                BotAlias: !Ref BotAlias
                LexV2BotId: 
                    !If
                      - NeedsBot
                      - !GetAtt Bot.Outputs.BotId
                      - !Ref LexV2BotId
                LexV2BotAliasId:
                    !If
                      - NeedsBot
                      - !GetAtt Bot.Outputs.BotAlias
                      - !Ref LexV2BotAliasId  
                LexV2BotLocaleId: !Ref LexV2BotLocaleId
                CognitoIdentityPoolId:
                    !If
                      - NeedsCognito
                      - !GetAtt CognitoIdentityPool.Outputs.CognitoIdentityPoolId
                      - !Ref CognitoIdentityPoolId
                ParentOrigin: !Ref WebAppParentOrigin
                WebAppConfBotInitialText: !Ref WebAppConfBotInitialText
                WebAppConfBotInitialSpeech: !Ref WebAppConfBotInitialSpeech
                WebAppConfBotInitialUtterance: !Ref WebAppConfBotInitialUtterance
                WebAppConfNegativeFeedback: !Ref WebAppConfNegativeFeedback
                WebAppConfPositiveFeedback: !Ref WebAppConfPositiveFeedback
                WebAppConfHelp: !Ref WebAppConfHelp
                WebAppConfCname: !Ref WebAppConfCname
                WebAppAcmCertificateArn: !Ref WebAppAcmCertificateArn
                WebAppWafAclArn: !Ref WebAppWafAclArn
                HideButtonMessageBubble: !Ref HideButtonMessageBubble
                MessageMenu: !Ref MessageMenu
                BackButton: !Ref BackButton
                MinimizedButtonContent: !Ref MinimizedButtonContent
                WebAppConfToolbarTitle: !Ref WebAppConfToolbarTitle
                SaveHistory: !Ref SaveHistory
                ShouldEnableLiveChat: !Ref ShouldEnableLiveChat
                ShouldEnableCognitoLogin:
                  !If
                    - ShouldForceCognitoLogin
                    - true
                    - !Ref EnableCognitoLogin
                ShouldForceCognitoLogin: !Ref ForceCognitoLogin
                ReInitSessionAttributesOnRestart: !Ref ReInitSessionAttributesOnRestart
                EnableMarkdownSupport: !Ref EnableMarkdownSupport
                ShouldLoadIframeMinimized: !Ref ShouldLoadIframeMinimized
                ShowResponseCardTitle: !Ref ShowResponseCardTitle
                CognitoAppUserPoolClientId:
                    !If
                      - NeedsCognito
                      - !GetAtt CognitoIdentityPool.Outputs.CognitoUserPoolClientId
                      - "UserMustSupply"
                CognitoUserPoolId:
                    !If
                      - NeedsCognito
                      - !GetAtt CognitoIdentityPool.Outputs.CognitoUserPoolId
                      - "UserMustSupply"
                retryOnLexPostTextTimeout: !Ref retryOnLexPostTextTimeout
                retryCountPostTextTimeout: !Ref retryCountPostTextTimeout
                ConnectContactFlowId: !Ref ConnectContactFlowId
                ConnectInstanceId: !Ref ConnectInstanceId
                ConnectPromptForNameMessage: !Ref ConnectPromptForNameMessage
                ConnectWaitForAgentMessage: !Ref ConnectWaitForAgentMessage
                ConnectWaitForAgentMessageIntervalInSeconds: !Ref ConnectWaitForAgentMessageIntervalInSeconds
                ConnectAgentJoinedMessage: !Ref ConnectAgentJoinedMessage
                ConnectAgentLeftMessage: !Ref ConnectAgentLeftMessage
                ConnectChatEndedMessage: !Ref ConnectChatEndedMessage
                ConnectAttachChatTranscript: !Ref ConnectAttachChatTranscript
                ConnectLiveChatTerms: !Ref ConnectLiveChatTerms
                ConnectStartLiveChatLabel: !Ref ConnectStartLiveChatLabel
                ConnectStartLiveChatIcon: !Ref ConnectStartLiveChatIcon
                ConnectEndLiveChatLabel: !Ref ConnectEndLiveChatLabel
                ConnectEndLiveChatIcon: !Ref ConnectEndLiveChatIcon
                ConnectTranscriptMessageDelayInMsec: !Ref ConnectTranscriptMessageDelayInMsec
                MessageTextColor: !Ref MessageTextColor
                MessageFont: !Ref MessageFont
                ChatBackgroundColor: !Ref ChatBackgroundColor
                ToolbarColor: !Ref ToolbarColor
                BotChatBubble: !Ref BotChatBubble
                CustomerChatBubble: !Ref CustomerChatBubble
                MinimizedButtonColor: !Ref MinimizedButtonColor
                TitleLogoImgUrl: !Ref TitleLogoImgUrl
                BotAvatarImgUrl: !Ref BotAvatarImgUrl
                AllowStreamingResponses: !Ref AllowStreamingResponses
                ShouldEnableUpload: !Ref ShouldEnableUpload
                UploadBucket: !Ref UploadBucket
                VpcSubnetId: !Ref VpcSubnetId
                VpcSecurityGroupId: !Ref VpcSecurityGroupId
                Timestamp: 1726842081

    CognitoIdentityPoolConfig:
        Type: AWS::CloudFormation::Stack
        Condition: NeedsCognito
        Properties:
            TemplateURL: !Sub "https://${BootstrapBucket}.s3.${AWS::Region}.amazonaws.com/${BootstrapPrefix}/templates/cognitouserpoolconfig.yaml"
            Parameters:
                CloudFrontUrl: !GetAtt CodeBuildDeploy.Outputs.WebAppBase
                WebAppUrl: !Ref WebAppParentOrigin
                WebAppPath: !Ref WebAppPath
                CodeBuildProjectName: !GetAtt CodeBuildDeploy.Outputs.CodeBuildProject
                CognitoUserPool: !GetAtt CognitoIdentityPool.Outputs.CognitoUserPoolId
                CognitoUserPoolClient: !GetAtt CognitoIdentityPool.Outputs.CognitoUserPoolClientId
                VpcSubnetId: !Ref VpcSubnetId
                VpcSecurityGroupId: !Ref VpcSecurityGroupId
                Timestamp: 1726842081

    ##########################################################################
    # Lambda that will validate if user has put in an invalid CSS color/Hex string and fail deployment
    ##########################################################################
    CSSValidationLambda:
        Type: AWS::Lambda::Function       
        Properties:
            VpcConfig:
                !If
                - NeedsVpc
                - 
                    SecurityGroupIds:
                        - !Ref VpcSecurityGroupId
                    SubnetIds:
                        - !Ref VpcSubnetId
                - !Ref "AWS::NoValue"
            Description: 'Lambda invoke wrapper for Custom CFN actions'
            Code:
                ZipFile: !Sub |
                    import re
                    import cfnresponse

                    def handler(event, context):
                        responseData = {}
                        try:
                            if event['RequestType'] == "Create" or event['RequestType'] == "Update":
                                colors = ['aqua', 'black', 'blue', 'fuchsia', 'gray', 'green', 'lime', 'maroon', 'navy', 'olive', 'purple', 'red', 'silver', 'teal', 'white', 'yellow']
                                                                
                                if (not re.search(r'^#(?:[0-9a-fA-F]{3}){1,2}$', "${MessageTextColor}")) and (not "${MessageTextColor}" in colors) and ("${MessageTextColor}".strip()):
                                    responseData['Data'] = "${MessageTextColor}" + " is not a valid color or HEX code"
                                if (not re.search(r'^#(?:[0-9a-fA-F]{3}){1,2}$', "${ChatBackgroundColor}")) and (not "${ChatBackgroundColor}" in colors) and ("${ChatBackgroundColor}".strip()):
                                    responseData['Data'] = "${ChatBackgroundColor}" + " is not a valid color or HEX code"                                
                                if (not re.search(r'^#(?:[0-9a-fA-F]{3}){1,2}$', "${ToolbarColor}")) and (not "${ToolbarColor}" in colors) and ("${ToolbarColor}".strip()):
                                    responseData['Data'] = "${ToolbarColor}" + " is not a valid color or HEX code"                                                                
                                if (not re.search(r'^#(?:[0-9a-fA-F]{3}){1,2}$', "${BotChatBubble}")) and (not "${BotChatBubble}" in colors) and ("${BotChatBubble}".strip()):              
                                    responseData['Data'] = "${BotChatBubble}" + " is not a valid color or HEX code"                                                                
                                if (not re.search(r'^#(?:[0-9a-fA-F]{3}){1,2}$', "${CustomerChatBubble}")) and (not "${CustomerChatBubble}" in colors) and ("${CustomerChatBubble}".strip()):
                                    responseData['Data'] = "${CustomerChatBubble}" + " is not a valid color or HEX code"                                                                
                                if (not re.search(r'^#(?:[0-9a-fA-F]{3}){1,2}$', "${MinimizedButtonColor}")) and (not "${MinimizedButtonColor}" in colors) and ("${MinimizedButtonColor}".strip()):
                                    responseData['Data'] = "${MinimizedButtonColor}" + " is not a valid color or HEX code" 
                                    
                                if 'Data' in responseData:
                                    cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'scm-cfn-customresource-id', False, responseData['Data'])
                                else:
                                    responseData['Data'] = "CSS Validation Complete"
                                    cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'scm-cfn-customresource-id')
                            else:
                                responseData['Data'] = "CSS Validation Delete Complete"
                                cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'scm-cfn-customresource-id')
                        except:
                            responseData['Data'] = "Unknown error when validating CSS colors"
                            cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'scm-cfn-customresource-id', False, responseData['Data']) 
                        
            Handler: index.handler
            Role: !GetAtt CSSValidationLambdaRole.Arn
            Runtime: python3.10
            Timeout: 60

    CSSValidationLambdaRole:
        Type: AWS::IAM::Role
        Properties:
            Path: /
            ManagedPolicyArns:
                !If 
                  - NeedsVpc
                  -
                    - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
                  - !Ref "AWS::NoValue"
            AssumeRolePolicyDocument:
                Version: 2012-10-17
                Statement:
                    - Principal:
                          Service:
                              - lambda.amazonaws.com
                      Effect: Allow
                      Action:
                          - sts:AssumeRole
            Policies:
                - PolicyName: LogsForLambda
                  PolicyDocument:
                      Version: 2012-10-17
                      Statement:
                          - Effect: Allow
                            Action:
                                - logs:CreateLogGroup
                                - logs:CreateLogStream
                                - logs:PutLogEvents
                            Resource:
                                - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*"
                                - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/*:*"
                        
    CSSValidationLambdaInvoker:
        Type: AWS::CloudFormation::CustomResource
        DependsOn: CSSValidationLambda
        Version: "1.0"
        Properties:
            ServiceToken: !GetAtt CSSValidationLambda.Arn
            ServiceTimeout: 60
            MessageTextColor: !Ref MessageTextColor
            ChatBackgroundColor: !Ref ChatBackgroundColor
            ToolbarColor: !Ref ToolbarColor
            BotChatBubble: !Ref BotChatBubble
            CustomerChatBubble: !Ref CustomerChatBubble
            MinimizedButtonColor: !Ref MinimizedButtonColor
            
Outputs:
    BotName:
        Condition: NeedsBot
        Description: >
            Name of the Lex bot created by the stack
        Value: !GetAtt Bot.Outputs.BotId

    QBusinessLambdaRoleARN:
        Condition: NeedsBot
        Value: !GetAtt Bot.Outputs.QBusinessLambdaRoleARN
        Description: ARN of role created for executing the Q Business Lambda fulfillment function

    CodeBuildUrl:
        Description: >
            Monitor the pipeline URL to see when the application has been fully
            built and deployed.
        Value: !Sub "https://console.aws.amazon.com/codebuild/home?region=${AWS::Region}#/projects/${CodeBuildDeploy.Outputs.CodeBuildProject}/view"

    WebAppUrl:
        Description: >
            URL of the stand-alone sample web application.
            This page will be available after the pipeline/deployment completes.
        Value: !GetAtt CodeBuildDeploy.Outputs.WebAppUrl

    WebAppDomainName:
        Description: >
            DomainName of the web application
        Value: !GetAtt CodeBuildDeploy.Outputs.WebAppDomainName
        Export:
          Name: !Join [":", [!Ref "AWS::StackName", WebAppDomainName]]

    WebAppBucket:
        Description: >
            S3 bucket hosting lexwebui artifacts
        Value: !GetAtt CodeBuildDeploy.Outputs.WebAppBucket
        Export:
          Name: !Join [":", [!Ref "AWS::StackName", WebAppBucket]]

    ParentPageUrl:
        Condition: NeedsParentOrigin
        Description: >
            URL of the iframe based sample web application
            This page will be available after the pipeline/deployment completes.
        Value: !GetAtt CodeBuildDeploy.Outputs.ParentPageUrl

    LoaderScriptUrl:
        Description: >
            URL of the loader script
            This script will be available after the pipeline/deployment completes.
        Value: !GetAtt CodeBuildDeploy.Outputs.LoaderScriptUrl

    SnippetUrl:
        Description: >
            URL of a page showing the snippet to load the chatbot UI as
            an iframe
        Value: !GetAtt CodeBuildDeploy.Outputs.SnippetUrl

    CognitoIdentityPoolId:
        Condition: NeedsCognito
        Description: Cognito Identity Pool Id
        Value: !GetAtt CognitoIdentityPool.Outputs.CognitoIdentityPoolId

    CognitoUserPoolPubKey:
        Condition: NeedsCognito
        Description: Include Cognito User Pool Public Key URL in stack outputs (needed for QnABot token auth)
        Value: !Sub https://cognito-idp.${AWS::Region}.amazonaws.com/${CognitoIdentityPool.Outputs.CognitoUserPoolId}/.well-known/jwks.json

    CognitoUserPoolClientId:
        Condition: NeedsCognito
        Description: Cognito User Pool Client Id
        Value: !GetAtt CognitoIdentityPool.Outputs.CognitoUserPoolClientId
        Export:
          Name: !Join [":", [!Ref "AWS::StackName", CognitoUserPoolClientId]]