使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

aws lex version

0

each time I create a new version and point on it my lex bot, I'm no longer able to use my lex bot and I got this error message:

Invalid Bot Configuration: Access denied while invoking lambda function arn:aws:lambda:us-east-1:XXXXXXX:function:sam-yyyyyy-lambdaFunction:version_1 from arn:aws:lex:us-east-1:xxxxxx:bot-alias/aaaaaa/bbbbbb. Please check the policy on this function. my script in template.yaml :

  BotRuntimeRole: # 1. IAM Role used by the Lex service to make runtime calls
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lexv2.amazonaws.com
            Action:
              - "sts:AssumeRole"
      Path: "/"
      Policies:
        - PolicyName: LexRuntimeRolePolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "polly:SynthesizeSpeech"
                  - "comprehend:DetectSentiment"
                  - "s3:GetObject"
                Resource: "*"
        - PolicyName: AWSLambda_FullAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "lambda:*"
                Resource: "*"
主题
无服务器计算机器学习和人工智能
标签
AWS LambdaAmazon Lex
语言
English
ayoub
已提问 3 个月前119 查看次数
1 回答
0

Check the resource-based policy statement on your lambda version. It should look something like below. Each lambda version can have different permissions so you may need to add it to each. If you need to use lambda versions you could simplify things by creating a lambda alias, then you can set the policy on and then point it to the version you want to use (so you don't have to keep ensuring each version has the permissions you want).

{
  "Version": "2012-10-17",
  "Id": "default",
  "Statement": [
    {
      "Sid": "lex-lambda-invokeFunction",
      "Effect": "Allow",
      "Principal": {
        "Service": "lexv2.amazonaws.com"
      },
      "Action": "lambda:invokeFunction",
      "Resource": "<lambdaARN>",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "<awsAccount>"
        },
        "ArnLike": {
          "AWS:SourceArn": "<botAliasArn>"
        }
      }
    }
  ]
}

If you have a specific botAliasArn in the "ArnLike" then ensure all the botAliases you need are included.

AWS
Gillian
已回答 3 个月前
profile picture
专家
Giovanni Lauria
已审核 2 个月前
  • ayoub
    3 个月前

    I found the answer, is by taking the same permission already passed in the original lambda function and to pass it to the the new lambda version permission

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容