Adds a new resource policy statement to a bot or bot alias. If a resource policy exists, the statement is added to the current resource policy. If a policy doesn't exist, a new policy is created.
You can't create a resource policy statement that allows cross-account access.
You need to add the CreateResourcePolicy or UpdateResourcePolicy
action to the bot role in order to call the API.
Request Syntax
POST /policy/resourceArn/statements/?expectedRevisionId=expectedRevisionId HTTP/1.1
Content-type: application/json
{
"action": [ "string" ],
"condition": {
"string" : {
"string" : "string"
}
},
"effect": "string",
"principal": [
{
"arn": "string",
"service": "string"
}
],
"statementId": "string"
}URI Request Parameters
The request uses the following URI parameters.
- expectedRevisionId
-
The identifier of the revision of the policy to edit. If this revision ID doesn't match the current revision ID, Amazon Lex throws an exception.
If you don't specify a revision, Amazon Lex overwrites the contents of the policy with the new values.
Length Constraints: Minimum length of 1. Maximum length of 5.
Pattern:
^[0-9]+$ - resourceArn
-
The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.
Length Constraints: Minimum length of 1. Maximum length of 1011.
Required: Yes
Request Body
The request accepts the following data in JSON format.
- action
-
The Amazon Lex action that this policy either allows or denies. The action must apply to the resource type of the specified ARN. For more information, see Actions, resources, and condition keys for Amazon Lex V2.
Type: Array of strings
Length Constraints: Minimum length of 5. Maximum length of 50.
Pattern:
lex:[a-zA-Z*]+$Required: Yes
- condition
-
Specifies a condition when the policy is in effect. If the principal of the policy is a service principal, you must provide two condition blocks, one with a SourceAccount global condition key and one with a SourceArn global condition key.
For more information, see IAM JSON policy elements: Condition .
Type: String to string to string map map
Map Entries: Minimum number of 0 items. Maximum number of 10 items.
Key Length Constraints: Minimum length of 1.
Map Entries: Minimum number of 0 items. Maximum number of 10 items.
Key Length Constraints: Minimum length of 1. Maximum length of 1024.
Value Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
- effect
-
Determines whether the statement allows or denies access to the resource.
Type: String
Valid Values:
Allow | DenyRequired: Yes
- principal
-
An IAM principal, such as an IAM user, IAM role, or AWS services that is allowed or denied access to a resource. For more information, see AWS JSON policy elements: Principal.
Type: Array of Principal objects
Required: Yes
- statementId
-
The name of the statement. The ID is the same as the
SidIAM property. The statement name must be unique within the policy. For more information, see IAM JSON policy elements: Sid.Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern:
^([0-9a-zA-Z][_-]?){1,100}$Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"resourceArn": "string",
"revisionId": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- resourceArn
-
The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1011.
- revisionId
-
The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 5.
Pattern:
^[0-9]+$
Errors
For information about the errors that are common to all actions, see Common Errors.
- ConflictException
-
The action that you tried to perform couldn't be completed because the resource is in a conflicting state. For example, deleting a bot that is in the CREATING state. Try your request again.
HTTP Status Code: 409
- InternalServerException
-
The service encountered an unexpected condition. Try your request again.
HTTP Status Code: 500
- PreconditionFailedException
-
Your request couldn't be completed because one or more request fields aren't valid. Check the fields in your request and try again.
HTTP Status Code: 412
- ResourceNotFoundException
-
You asked to describe a resource that doesn't exist. Check the resource that you are requesting and try again.
HTTP Status Code: 404
- ServiceQuotaExceededException
-
You have reached a quota for your bot.
HTTP Status Code: 402
- ThrottlingException
-
Your request rate is too high. Reduce the frequency of requests.
HTTP Status Code: 429
- ValidationException
-
One of the input parameters in your request isn't valid. Check the parameters and try your request again.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
