Add new transcribe script

francisli · francisli · commit 94204576e059 · 2024-12-01T14:51:58.000-08:00
diff --git a/README.md b/README.md
@@ -63,3 +63,9 @@ Run `./email` and follow the prompts to enter an application name. The script wi
 The bucket script creates a new S3 bucket and an IAM user with read/write priveleges on it. It will also set up an initial CORS configuration to allow a specified domain name access from the browser.
 
 Run `./bucket` and follow the prompts to enter an application name and a host domain name. The script will output the newly generated bucket name, and the access key id and secret access key for the new user.
+
+### Transcribe
+
+The transcribe script creates a new IAM user with access to AWS Transcribe along with read/write privileges to a specified S3 bucket where audio and transcriptions will be stored.
+
+Run `./transcribe` and follow the prompts to enter an application name and a bucket name. The script will output the access key id and secret access key for the new user.
diff --git a/transcribe b/transcribe
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+read -p "App name (lowercase, letters, numbers, hyphen only): " APP_NAME
+read -p "Bucket name: " BUCKET_NAME
+
+aws cloudformation create-stack --capabilities CAPABILITY_NAMED_IAM --stack-name ${APP_NAME}-transcribe --template-body file://./transcribe.json --parameters ParameterKey=ApplicationName,ParameterValue=$APP_NAME ParameterKey=BucketName,ParameterValue=$BUCKET_NAME --output text
+
+# wait for completion
+aws cloudformation wait stack-create-complete --stack-name ${APP_NAME}-transcribe --output text
+
+# output the access key id
+echo "Access Key ID:"
+aws cloudformation describe-stacks --stack-name ${APP_NAME}-transcribe --query 'Stacks[0].Outputs[?OutputKey==`TranscribeUserAccessKeyId`].OutputValue' --output text 
+
+# output the secret access key
+echo "Secret Access Key:"
+aws ssm get-parameter --name /iam/user/${APP_NAME}-transcribe-user/secret-access-key --with-decryption --query Parameter.Value --output text
diff --git a/transcribe.json b/transcribe.json
@@ -0,0 +1,87 @@
+{
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "IAM User account and credentials for accessing AWS Transcribe",
+  "Outputs": {
+    "TranscribeUserAccessKeyId": {
+      "Description": "Access Key ID for the user",
+      "Value": {
+        "Ref": "TranscribeUserAccessKey"
+      },
+      "Export" : {
+        "Name" : {"Fn::Sub": "${ApplicationName}-transcribe-user-access-key-id" }
+      }
+    }
+  },
+  "Parameters": {
+    "ApplicationName": {
+      "Description": "Name of the application (snake-case, will be prepended to make internal reference names)",
+      "Type": "String",
+      "Default": "app"
+    },
+    "BucketName": {
+      "Description": "Name of the S3 bucket where audio files and resulting transcriptions will be stored",
+      "Type": "String"
+    }
+  },
+  "Resources": {
+    "TranscribeUser": {
+      "Type": "AWS::IAM::User",
+      "Properties": {
+        "Policies": [
+          {
+            "PolicyName": {
+              "Fn::Sub": "${ApplicationName}-transcribe-policy"
+            },
+            "PolicyDocument": {
+              "Version": "2012-10-17",
+              "Statement": [
+                {
+                  "Sid": "VisualEditor0",
+                  "Effect": "Allow",
+                  "Action": ["s3:PutObject", "s3:GetObject", "s3:ListBucket", "s3:DeleteObject"],
+                  "Resource": [
+                    { "Fn::Sub": "arn:aws:s3:::${BucketName}/*" },
+                    { "Fn::Sub": "arn:aws:s3:::${BucketName}" }
+                  ]
+                },
+                {
+                  "Sid": "VisualEditor1",
+                  "Effect": "Allow",
+                  "Action": ["transcribe:GetTranscriptionJob", "transcribe:StartTranscriptionJob"],
+                  "Resource": "*"
+                }
+              ]
+            }
+          }
+        ],
+        "UserName": {
+          "Fn::Sub": "${ApplicationName}-transcribe-user"
+        }
+      }
+    },
+    "TranscribeUserAccessKey": {
+      "Type": "AWS::IAM::AccessKey",
+      "Properties": {
+        "Status": "Active",
+        "UserName": {
+          "Ref": "TranscribeUser"
+        }
+      }
+    },
+    "TranscribeUserSecretAccessKeyParameter": {
+      "Type" : "Custom::SSMSecureStringParam",
+      "Properties" : {
+        "Name" :  {
+          "Fn::Sub": "/iam/user/${ApplicationName}-transcribe-user/secret-access-key"
+        },
+        "ServiceToken": {
+          "Fn::ImportValue": "ssm-securestring-cfn-macro-function-arn"
+        },
+        "Type": "SecureString",
+        "Value" : {
+          "Fn::GetAtt": ["TranscribeUserAccessKey", "SecretAccessKey"]
+        }
+      }
+    }
+  }
+}
