{ "Parameters": { "SupportSQSName": { "Default": "AwsSmcJsmCloudForgeSupportQueue", "Description": "This is the name of the SQS queue which the connector will use to pass AWS Support incidents to the ITSM connector. This name must match the value in the ITSM tool connector settings. Do Not Change this unless you make corresponding changes in the ITSM application setup.", "Type": "String" } }, "Conditions": { "NotInUsEast1": { "Fn::Not": [{ "Fn::Equals": [{ "Ref": "AWS::Region" }, "us-gov-east-1"] }] } }, "Resources": { "AWSSupportEventsRule": { "Properties": { "Description": "Send AWS Support Case events to the AwsSmcJsmCloudForgeSupportQueue SQS.", "EventPattern": { "source": ["aws.support"], "detail-type": ["Support Case Update"] }, "Targets": [ { "Arn": { "Fn::Sub": "arn:aws-us-gov:sqs:us-gov-east-1:${AWS::AccountId}:AwsSmcJsmCloudForgeSupportQueue" }, "Id": "JSM-AWSSupportEventsRule" } ] }, "Type": "AWS::Events::Rule" }, "AwsSmcJsmCloudForgeSupportQueue": { "Properties": { "KmsMasterKeyId": { "Ref": "EventBridgeSupportSqsQueueKey" }, "QueueName": { "Ref": "SupportSQSName" }, "Tags": [ { "Key": "Name", "Value": { "Ref": "SupportSQSName" } } ] }, "Type": "AWS::SQS::Queue" }, "SQSPolicy": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "Queues": [ { "Ref": "AwsSmcJsmCloudForgeSupportQueue" } ], "PolicyDocument": { "Statement": [ { "Action": "SQS:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": ["AwsSmcJsmCloudForgeSupportQueue", "Arn"] }, "Principal": { "Service": "events.amazonaws.com" }, "Condition": { "ArnEquals": { "aws:SourceArn": { "Fn::GetAtt": ["AWSSupportEventsRule", "Arn"] } } } } ] } } }, "EventBridgeSupportKeyPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "EventBridgeSupportSqsQueueKeyPolicy", "PolicyDocument": { "Statement": [ { "Action": [ "kms:DescribeKey", "kms:GenerateDataKey", "kms:Decrypt" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": ["EventBridgeSupportSqsQueueKey", "Arn"] } ] } ], "Version": "2012-10-17" }, "Users": ["SCSyncUser"] } }, "ConfigBidirectionalSupportSQSBaseline": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "ConfigBidirectionalSupportSQSBaseline", "PolicyDocument": { "Statement": [ { "Action": ["sqs:ReceiveMessage", "sqs:DeleteMessage"], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": ["AwsSmcJsmCloudForgeSupportQueue", "Arn"] } ] } ], "Version": "2012-10-17" }, "Users": ["SCSyncUser"] } }, "EventBridgeSupportSqsQueueKey": { "Type": "AWS::KMS::Key", "Properties": { "Description": "KMS key for EventBrige to Support SQS", "KeyPolicy": { "Version": "2012-10-17", "Statement": [ { "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": { "AWS": { "Fn::Sub": "arn:aws-us-gov:iam::${AWS::AccountId}:root" } }, "Action": "kms:*", "Resource": "*" }, { "Sid": "AllowEventBridgeUseOfKey", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": ["kms:Decrypt", "kms:GenerateDataKey"], "Resource": "*" } ] } } }, "WaitConditionHandle": { "Type": "AWS::CloudFormation::WaitConditionHandle", "Properties": {} }, "FailDueToWrongRegion": { "Type": "AWS::CloudFormation::WaitCondition", "Condition": "NotInUsEast1", "Properties": { "Handle": { "Ref": "WaitConditionHandle" }, "Timeout": "1" } } } }