CreateBotLocale is erroring with user has no permissions

Question

Hi,
I am using java sdk to create lex bot v2. Here is the code to create a bot:

```
final DataPrivacy dataPrivacy = DataPrivacy.builder().childDirected(isDataPrivacyRequired).build();

final CreateBotRequest botRequest = CreateBotRequest.builder().botName(botName).roleArn(roleARN).idleSessionTTLInSeconds(idleSessionTTLInSeconds).dataPrivacy(dataPrivacy).build();

final CreateBotResponse response = this.lexClient.createBot(botRequest);

```
The bot gets created. As a next step I create bot locale like the following:
``
```
final CreateBotLocaleRequest botLocaleRequest = CreateBotLocaleRequest.builder().botId(botId).nluIntentConfidenceThreshold(0.4).botVersion("DRAFT").localeId("en_US").build();

final CreateBotLocaleResponse botLocaleResponse = this.lexClient.createBotLocale(botLocaleRequest);

```
The above doesnt work and I get the following error:

software.amazon.awssdk.services.lexmodelsv2.model.LexModelsV2Exception: User: arn:aws:iam::xxxxxxxxxxx:user/ci-user is not authorized to perform: null (Service: LexModelsV2, Status Code: 403, Request ID: f9ebd3de-c0d4-4c3d-b1ad-8a2c38a22552, Extended Request ID: null)

The only difference in creating the bot and botlocale is roleArn. I am not sure if that is creating this problem. How can I solve? Any insights?

Btw I am using the following code to get the lex client:

```
public LexModelsV2Client getLexClient() {
Region region = Region.AP_SOUTHEAST_1;
DefaultCredentialsProvider provider = DefaultCredentialsProvider.create();

return LexModelsV2Client.builder().credentialsProvider(provider).region(region).build();
}
```
This IAM user has all AWS permission to access and i have used simlator to test the policy and it gives access. Not sure what is missing!

Answer

Hi everyone, Can anyone please suggest me how can I resolve this please? I am stuck until this is resolved as I cant create a bot completely due to the problem above with locale.

Answer

Looking at the available permissions for Lex, I see that you've got permissions for [Lex](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlex.html) and [Lex v2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlexv2.html) to choose from. This might explain why you can build a bot but cannot build a locale, because in Lex v1 there is no explicit permission for creating a locale, but in Lex v2 there is 'BuildBotLocale'.

I would say to go back to the IAM permissions for the IAM user that you're using for these calls, double-check that they have what they need and modify their permissions if needed.

I see that you've mentioned that the simulator worked fine, so if you find that is the case again (simulator works but implementation doesn't) then I would start trying to whittle down the permissions. Start with things like "Put\*" in the policy statement for the Lex service, and check it. If that works, then list out all of the Puts and whittle down. If you go from "Put\*" to all of the "Put" actions and it stops working, then you may have found a hidden permission and that needs to be reflected in the documentation. You can report this through the 2nd page I linked above. Scroll to the bottom of it and hit the 'thumbs down' option and explain what was missing and it should be updated relatively quickly.

CreateBotLocale is erroring with user has no permissions

관련 콘텐츠