{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "CloudFormation template for EventBridge rules and API destinations for Partner Central API", "Parameters": { "ClientID": { "Type": "String", "Description": "Client ID for OAuth authentication" }, "ClientSecret": { "Type": "String", "NoEcho": true, "Description": "Client Secret for OAuth authentication" }, "DomainURL": { "Type": "String", "Description": "Domain URL for the Salesforce instance" } }, "Resources": { "KMSKey": { "Type": "AWS::KMS::Key", "Properties": { "Description": "KMS key for encrypting the EventBridge Dead Letter Queue", "EnableKeyRotation": true, "KeyPolicy": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": { "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root" } }, "Action": "*", "Resource": "*" } ] } } }, "DeadLetterQueue": { "Type": "AWS::SQS::Queue", "Properties": { "QueueName": "APIDestinationDLQ", "KmsMasterKeyId": { "Ref": "KMSKey" }, "KmsDataKeyReusePeriodSeconds": 86400 } }, "EventBridgeRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } } }, "EventBridgePolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "EventBridgeInvokeApiDestinationPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "events:InvokeApiDestination", "Resource": { "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:api-destination/*" } } ] }, "Roles": [ { "Ref": "EventBridgeRole" } ] } }, "Rule0Connection0": { "Type": "AWS::Events::Connection", "Properties": { "AuthorizationType": "OAUTH_CLIENT_CREDENTIALS", "AuthParameters": { "OAuthParameters": { "ClientParameters": { "ClientID": { "Ref": "ClientID" }, "ClientSecret": { "Ref": "ClientSecret" } }, "AuthorizationEndpoint": { "Fn::Join": [ "", [ { "Ref": "DomainURL" }, "/services/oauth2/token" ] ] }, "HttpMethod": "POST", "OAuthHttpParameters": { "BodyParameters": [ { "Key": "grant_type", "Value": "client_credentials" } ] } } }, "Name": "AWS2SalesforceConnection" } }, "Rule0ApiDestination0": { "Type": "AWS::Events::ApiDestination", "Properties": { "ConnectionArn": { "Fn::GetAtt": ["Rule0Connection0", "Arn"] }, "HttpMethod": "POST", "InvocationEndpoint": { "Fn::Join": [ "", [ { "Ref": "DomainURL" }, "/services/data/v54.0/sobjects/awsapn__AWS_Marketplace_Notification__c" ] ] }, "InvocationRateLimitPerSecond": 300, "Name": "AWS2SalesforceAPIDestination" } }, "EventRule0": { "Type": "AWS::Events::Rule", "Properties": { "EventBusName": "default", "EventPattern": { "source": ["aws.partnercentral-selling"], "detail": { "catalog": ["Sandbox","AWS"] } }, "Name": "PartnerCentralAPIOpportunityEventsRule", "State": "ENABLED", "Targets": [ { "Id": "Id97b0de5f-74c5-4713-a695-7fe0c7f7e0a7", "Arn": { "Fn::GetAtt": ["Rule0ApiDestination0", "Arn"] }, "RoleArn": { "Fn::GetAtt": ["EventBridgeRole", "Arn"] }, "InputTransformer": { "InputPathsMap": { "Name": "$.detail-type", "awsapn__Account_Number__c": "$.account", "awsapn__EntityId__c": "$.detail.opportunity.identifier", "awsapn__Entity_ARN__c": "$.detail.engagementInvitation.arn" }, "InputTemplate": "{\n \"Name\": ,\n \"awsapn__Account_Number__c\": ,\n \"awsapn__EntityId__c\": ,\n \"awsapn__Entity_ARN__c\": \n}" }, "DeadLetterConfig": { "Arn": { "Fn::GetAtt": ["DeadLetterQueue", "Arn"] } } } ] } } } }