Untitled

 avatar
unknown
plain_text
2 years ago
5.3 kB
5
Indexable
module "servicenow_connector" {
  source      = "../terraform_modules/lambda"  # Update with the correct path to your Lambda module
  providers   = { aws = aws.cross_account_role }
  name        = "SnowCTIConnector-${var.env}"
  module_name = "main"
  timeout     = 30
  count       = var.accountName == "DEV_TCH" ? 1 : 0
 
  env         = var.env
  region      = var.accountRegion
  accountID   = var.accountID
  bu          = var.bu
  variables   = {
    provider_id               = "c4b12aa6e700001034b36584c2f6a9bc"  # Replace with the actual sys_id
    ssm_configuration_path    = "/com.servicenow.cti/${var.env}/default"
  }
  instanceId  = data.external.connect_instance_id.result.val
  
  policy      = <<POLICY
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "kms:Decrypt",
                "kinesis:ListStreams"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "InlinePolicy0"
        },
        {
            "Action": [
                "s3:GetObject",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "ssm:GetParametersByPath"
            ],
            "Resource": [
                "arn:aws:s3:::${module.connect_data_bucket.name}/*",
                "arn:aws:ssm:${var.accountRegion}:${var.accountID}:parameter/com.servicenow.cti/${var.env}/default"
            ],
            "Effect": "Allow",
            "Sid": "InlinePolicy1"
        },
        {
            "Action": [
                "kinesis:GetRecords",
                "kinesis:GetShardIterator",
                "kinesis:DescribeStream"
            ],
            "Resource": [
                "arn:aws:kinesis:${var.accountRegion}:${var.accountID}:stream/*",
                "arn:aws:kinesis:${var.accountRegion}:${var.accountID}:deliverystream/*"
            ],
            "Effect": "Allow",
            "Sid": "InlinePolicy2"
        },
        {
            "Action": [
                "dynamodb:PutItem",
                "dynamodb:GetItem",
                "dynamodb:UpdateItem",
                "dynamodb:DescribeTable",
                "dynamodb:BatchWriteItem"
            ],
            "Resource": "arn:aws:dynamodb:${var.accountRegion}:${var.accountID}:table/SnowContactInteractionMapping-${var.env}",
            "Effect": "Allow",
            "Sid": "InlinePolicy3"
        }
    ]
}
POLICY
  depends_on = [data.external.init_common_lib, data.external.connect_instance_id,  module.connect_data_bucket]
}

# Kinesis Stream Trigger
resource "aws_lambda_event_source_mapping" "kinesis_trigger_ctrs" {
  event_source_arn = "arn:aws:kinesis:${var.accountRegion}:${var.accountID}:stream/YOUR_CTRS_STREAM_NAME"
  function_name    = module.servicenow_connector.lambda_function_arn
  starting_position = "TRIM_HORIZON"
}

# Kinesis Stream Trigger for Real-time Transcription
resource "aws_lambda_event_source_mapping" "kinesis_trigger_transcription" {
  event_source_arn = "arn:aws:kinesis:${var.accountRegion}:${var.accountID}:stream/YOUR_TRANSCRIPTION_STREAM_NAME"
  function_name    = module.servicenow_connector.lambda_function_arn
  starting_position = "TRIM_HORIZON"
}

# S3 Bucket Trigger
resource "aws_lambda_event_source_mapping" "s3_bucket_trigger" {
  event_source_arn = module.connect_data_bucket.bucket_arn
  function_name    = module.servicenow_connector.lambda_function_arn
}

# Permissions for Lambda Function
resource "aws_lambda_permission" "kinesis_permission" {
  statement_id  = "AllowExecutionFromKinesis"
  action        = "lambda:InvokeFunction"
  function_name = module.servicenow_connector.lambda_function_arn
  principal     = "kinesis.amazonaws.com"
}

resource "aws_lambda_permission" "dynamodb_permission" {
  statement_id  = "AllowExecutionFromDynamoDB"
  action        = "lambda:InvokeFunction"
  function_name = module.servicenow_connector.lambda_function_arn
  principal     = "dynamodb.amazonaws.com"
}

# SSM Parameters
resource "aws_ssm_parameter" "host" {
  name  = "/com.servicenow.cti/${var.env}/default/host"
  type  = "String"
  value = "YOUR_SERVICENOW_HOST"  # Replace with the actual Servicenow URL
}

resource "aws_ssm_parameter" "service_account_password" {
  name      = "/com.servicenow.cti/${var.env}/default/service_account_password"
  type      = "SecureString"
  value     = "YOUR_ENCRYPTED_PASSWORD"  # Replace with the actual encrypted password
  key_id    = "YOUR_KMS_KEY_ID"  # Replace with the actual KMS key ID
}

resource "aws_ssm_parameter" "service_account_user" {
  name  = "/com.servicenow.cti/${var.env}/default/service_account_user"
  type  = "String"
  value = "YOUR_ENCRYPTED_USERNAME"  # Replace with the actual encrypted username
  key_id    = "YOUR_KMS_KEY_ID"  # Replace with the actual KMS key ID
}

resource "aws_ssm_parameter" "real_time_transcription" {
  name  = "/com.servicenow.cti/${var.env}/default/real_time_transcription"
  type  = "String"
  value = "YOUR_REAL_TIME_TRANSCRIPTION_VALUE"  # Replace with the actual value
}

# DynamoDB Table
resource "aws_dynamodb_table" "contact_interaction_mapping" {
  name           = "SnowContactInteractionMapping-${var.env}"
  hash_key       = "YourHashKey"
  read_capacity  = 5
  write_capacity = 5

  attribute {
    name = "YourAttribute"
    type = "S"
  }

  # Add other attributes as needed
}
Editor is loading...
Leave a Comment