Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Access default resoruces in the template

0

Hello, I'm using Cloud Formation for creating AWS connect instance. For this, I need to access default resources ARN in the template. For example - While creating a user in the connect instance, we need to attach a security profile to it. I want to attach a default security profile (the one which comes with the instance by default). How can I get the ARN for this? Is there some way to get the default resoruces in the template? Thanks

Topics
Application IntegrationMachine Learning & AIBusiness Applications
Tags
Amazon Connect
Language
English
asked 2 years ago282 views
1 Answer
3

CloudFormation does not natively provide the ARNs of for default resources created by Amazon Connect.

What you can do is create your Connect instance using CFN and use a custom resource that triggers Lambda function to retrieve the ARN of the default security profile. Configure Lambda to use AWS SDK to describe the Connect instance and retrieve the ARN of the default security profile.

  • Create your Connect instance

    Resources:
 SomeConnectInstance:
   Type: "AWS::Connect::Instance"
   Properties:
     IdentityManagementType: "CONNECT_MANAGED"
     InboundCallsEnabled: true
     OutboundCallsEnabled: true
     InstanceAlias: "MyConnectInstance"

  • Create a custom resource that invokes a Lambda function to fetch ARN of default security profile

     GetDefaultSecurityProfile:
    Type: Custom::GetDefaultSecurityProfile
   Properties:
      ServiceToken: !GetAtt GetDefaultSecurityProfileFunction.Arn
      InstanceId: !Ref MyConnectInstance

  • Create a Lamda function that uses AWS SDK to list security profiles and finds the default.

    GetDefaultSecurityProfileFunction:
   Type: "AWS::Lambda::Function"
 Properties:
    Handler: "index.handler"
    Role: !GetAtt LambdaExecutionRole.Arn
    Code:
        ZipFile: |
           import json
           import boto3
    
         def handler(event, context):
                connect = boto3.client('connect')
                instance_id = event['ResourceProperties']['InstanceId']
        
               response = connect.list_security_profiles(InstanceId=instance_id)
              default_profile = next(profile for profile in response['SecurityProfileSummaryList'] if profile['Name'] == 'Default')
        
              return {
                    'PhysicalResourceId': instance_id,
                    'Data': {
                          'DefaultSecurityProfileArn': default_profile['Arn']
                    }
              }

     Runtime: "python3.9"
     Timeout: 60

  • Create IAM role for the Lamba function. Give permissions to call connect:ListSecurityProfiles.

    LambdaExecutionRole:
     Type: "AWS::IAM::Role"
     Properties:
        AssumeRolePolicyDocument:
            Version: "2012-10-17"
            Statement:
               - Effect: "Allow"
                 Principal:
                    Service: "lambda.amazonaws.com"
                Action: "sts:AssumeRole"
       Policies:
           - PolicyName: "GetDefaultSecurityProfilePolicy"
             PolicyDocument:
                 Version: "2012-10-17"
                 Statement:
                    - Effect: "Allow"
                      Action:
                          - "connect:ListSecurityProfiles"
                     Resource: "*"

  • Create the Connect user and attach the default security profile with the ARN custom response

    SomeUser:
   Type: "AWS::Connect::User"
   Properties:
      InstanceArn: !GetAtt MyConnectInstance.Arn
      Username: "my-user"
      IdentityInfo:
         FirstName: "Some Name"
         LastName: "Some Name"
     PhoneConfig:
          PhoneType: "SOFT_PHONE"
         AutoAccept: true
         AfterContactWorkTimeLimit: 0
     SecurityProfileArns:
         - !GetAtt GetDefaultSecurityProfile.Data.DefaultSecurityProfileArn
     RoutingProfileArn: "arn:aws:connect:region:account-id:routing-profile/instance-id/routing-profile-id"

Outputs:
 ConnectInstanceId:
   Value: !Ref MyConnectInstance
 DefaultSecurityProfileArn:
   Value: !GetAtt GetDefaultSecurityProfile.Data.DefaultSecurityProfileArn

Here you are creating the Amazon Connect instance. Creating a custom resource that invokes a Lambda function to get the ARN of the default security profile. Creating a Lambda function that uses the AWS SDK to list security profiles and find the default one. Creating theThe IAM role for the Lambda function, with permissions to call connect:ListSecurityProfiles. And finally, creating a Connect user and attaching the default security profile using the ARN retrieved by the custom resource.

AWS CloudFormation Custom Resources

AWS Lambda Developer Guide

AWS Lambda Execution Role

Creating IAM Policies

Amazon Connect Administrator Guide

AWS CloudFormation Template Anatomy

AWS
answered 2 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content