CreateResourcePolicyStatement - Amazon Lex API Reference

CreateResourcePolicyStatement

Adds a new resource policy statement to a bot or bot alias. If a resource policy exists, the statement is added to the current resource policy. If a policy doesn't exist, a new policy is created.

You can't create a resource policy statement that allows cross-account access.

You need to add the CreateResourcePolicy or UpdateResourcePolicy action to the bot role in order to call the API.

Request Syntax

POST /policy/resourceArn/statements/?expectedRevisionId=expectedRevisionId HTTP/1.1 Content-type: application/json { "action": [ "string" ], "condition": { "string" : { "string" : "string" } }, "effect": "string", "principal": [ { "arn": "string", "service": "string" } ], "statementId": "string" }

URI Request Parameters

The request uses the following URI parameters.

expectedRevisionId

The identifier of the revision of the policy to edit. If this revision ID doesn't match the current revision ID, Amazon Lex throws an exception.

If you don't specify a revision, Amazon Lex overwrites the contents of the policy with the new values.

Length Constraints: Minimum length of 1. Maximum length of 5.

Pattern: ^[0-9]+$

resourceArn

The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

Length Constraints: Minimum length of 1. Maximum length of 1011.

Required: Yes

Request Body

The request accepts the following data in JSON format.

action

The Amazon Lex action that this policy either allows or denies. The action must apply to the resource type of the specified ARN. For more information, see Actions, resources, and condition keys for Amazon Lex V2.

Type: Array of strings

Length Constraints: Minimum length of 5. Maximum length of 50.

Pattern: lex:[a-zA-Z*]+$

Required: Yes

condition

Specifies a condition when the policy is in effect. If the principal of the policy is a service principal, you must provide two condition blocks, one with a SourceAccount global condition key and one with a SourceArn global condition key.

For more information, see IAM JSON policy elements: Condition .

Type: String to string to string map map

Map Entries: Minimum number of 0 items. Maximum number of 10 items.

Key Length Constraints: Minimum length of 1.

Map Entries: Minimum number of 0 items. Maximum number of 10 items.

Key Length Constraints: Minimum length of 1. Maximum length of 1024.

Value Length Constraints: Minimum length of 1. Maximum length of 1024.

Required: No

effect

Determines whether the statement allows or denies access to the resource.

Type: String

Valid Values: Allow | Deny

Required: Yes

principal

An IAM principal, such as an IAM user, IAM role, or AWS services that is allowed or denied access to a resource. For more information, see AWS JSON policy elements: Principal.

Type: Array of Principal objects

Required: Yes

statementId

The name of the statement. The ID is the same as the Sid IAM property. The statement name must be unique within the policy. For more information, see IAM JSON policy elements: Sid.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 100.

Pattern: ^([0-9a-zA-Z][_-]?){1,100}$

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "resourceArn": "string", "revisionId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

resourceArn

The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1011.

revisionId

The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 5.

Pattern: ^[0-9]+$

Errors

For information about the errors that are common to all actions, see Common Errors.

ConflictException

The action that you tried to perform couldn't be completed because the resource is in a conflicting state. For example, deleting a bot that is in the CREATING state. Try your request again.

HTTP Status Code: 409

InternalServerException

The service encountered an unexpected condition. Try your request again.

HTTP Status Code: 500

PreconditionFailedException

Your request couldn't be completed because one or more request fields aren't valid. Check the fields in your request and try again.

HTTP Status Code: 412

ResourceNotFoundException

You asked to describe a resource that doesn't exist. Check the resource that you are requesting and try again.

HTTP Status Code: 404

ServiceQuotaExceededException

You have reached a quota for your bot.

HTTP Status Code: 402

ThrottlingException

Your request rate is too high. Reduce the frequency of requests.

HTTP Status Code: 429

ValidationException

One of the input parameters in your request isn't valid. Check the parameters and try your request again.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: