AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

aws lex version

0

each time I create a new version and point on it my lex bot, I'm no longer able to use my lex bot and I got this error message:

Invalid Bot Configuration: Access denied while invoking lambda function arn:aws:lambda:us-east-1:XXXXXXX:function:sam-yyyyyy-lambdaFunction:version_1 from arn:aws:lex:us-east-1:xxxxxx:bot-alias/aaaaaa/bbbbbb. Please check the policy on this function. my script in template.yaml :

  BotRuntimeRole: # 1. IAM Role used by the Lex service to make runtime calls
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lexv2.amazonaws.com
            Action:
              - "sts:AssumeRole"
      Path: "/"
      Policies:
        - PolicyName: LexRuntimeRolePolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "polly:SynthesizeSpeech"
                  - "comprehend:DetectSentiment"
                  - "s3:GetObject"
                Resource: "*"
        - PolicyName: AWSLambda_FullAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "lambda:*"
                Resource: "*"
주제
서버리스컴퓨팅기계 학습 및 AI
태그
AWS Lambda아마존 Lex
언어
English
ayoub
질문됨 3달 전119회 조회
1개 답변
0

Check the resource-based policy statement on your lambda version. It should look something like below. Each lambda version can have different permissions so you may need to add it to each. If you need to use lambda versions you could simplify things by creating a lambda alias, then you can set the policy on and then point it to the version you want to use (so you don't have to keep ensuring each version has the permissions you want).

{
  "Version": "2012-10-17",
  "Id": "default",
  "Statement": [
    {
      "Sid": "lex-lambda-invokeFunction",
      "Effect": "Allow",
      "Principal": {
        "Service": "lexv2.amazonaws.com"
      },
      "Action": "lambda:invokeFunction",
      "Resource": "<lambdaARN>",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "<awsAccount>"
        },
        "ArnLike": {
          "AWS:SourceArn": "<botAliasArn>"
        }
      }
    }
  ]
}

If you have a specific botAliasArn in the "ArnLike" then ensure all the botAliases you need are included.

AWS
Gillian
답변함 3달 전
profile picture
전문가
Giovanni Lauria
검토됨 2달 전
  • ayoub
    3달 전

    I found the answer, is by taking the same permission already passed in the original lambda function and to pass it to the the new lambda version permission

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠