Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

aws lex version

0

each time I create a new version and point on it my lex bot, I'm no longer able to use my lex bot and I got this error message:

Invalid Bot Configuration: Access denied while invoking lambda function arn:aws:lambda:us-east-1:XXXXXXX:function:sam-yyyyyy-lambdaFunction:version_1 from arn:aws:lex:us-east-1:xxxxxx:bot-alias/aaaaaa/bbbbbb. Please check the policy on this function. my script in template.yaml :

  BotRuntimeRole: # 1. IAM Role used by the Lex service to make runtime calls
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lexv2.amazonaws.com
            Action:
              - "sts:AssumeRole"
      Path: "/"
      Policies:
        - PolicyName: LexRuntimeRolePolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "polly:SynthesizeSpeech"
                  - "comprehend:DetectSentiment"
                  - "s3:GetObject"
                Resource: "*"
        - PolicyName: AWSLambda_FullAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "lambda:*"
                Resource: "*"
Temas
Sin servidorCálculoAprendizaje automático e IA
Etiquetas
AWS LambdaAmazon Lex
Idioma
English
ayoub
preguntada hace 3 meses119 visualizaciones
1 Respuesta
0

Check the resource-based policy statement on your lambda version. It should look something like below. Each lambda version can have different permissions so you may need to add it to each. If you need to use lambda versions you could simplify things by creating a lambda alias, then you can set the policy on and then point it to the version you want to use (so you don't have to keep ensuring each version has the permissions you want).

{
  "Version": "2012-10-17",
  "Id": "default",
  "Statement": [
    {
      "Sid": "lex-lambda-invokeFunction",
      "Effect": "Allow",
      "Principal": {
        "Service": "lexv2.amazonaws.com"
      },
      "Action": "lambda:invokeFunction",
      "Resource": "<lambdaARN>",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "<awsAccount>"
        },
        "ArnLike": {
          "AWS:SourceArn": "<botAliasArn>"
        }
      }
    }
  ]
}

If you have a specific botAliasArn in the "ArnLike" then ensure all the botAliases you need are included.

AWS
Gillian
respondido hace 3 meses
profile picture
EXPERTO
Giovanni Lauria
revisado hace 2 meses
  • ayoub
    hace 3 meses

    I found the answer, is by taking the same permission already passed in the original lambda function and to pass it to the the new lambda version permission

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante