本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用呼叫分析資源存取角色
呼叫帳戶必須建立媒體洞察管道組態所使用的資源存取角色。您不能使用跨帳戶角色。
根據您在建立通話分析組態時啟用的功能,您必須使用其他資源政策。展開下列區段以進一步了解。
此角色至少需要下列政策:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "transcribe:StartCallAnalyticsStreamTranscription", "transcribe:StartStreamTranscription" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "arn:aws:kinesisvideo:us-east-1:111122223333:stream/Chime*" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "arn:aws:kinesisvideo:us-east-1:111122223333:stream/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } }, { "Effect": "Allow", "Action": ["kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1:111122223333:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
您還必須使用下列信任政策:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "mediapipelines.chime.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "111122223333" }, "ArnLike": { "aws:SourceARN": "arn:aws:chime:*:111122223333:*" } } } ] }
如果您使用 KinesisDataStreamSink,請新增下列政策:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "kinesis:PutRecord" ], "Resource": [ "arn:aws:kinesis:us-east-1:111122223333:stream/output_stream_name" ] }, { "Effect": "Allow", "Action": [ "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:us-east-1:111122223333:key/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
如果您使用 S3RecordingSink,請新增下列政策:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectTagging", ], "Resource": [ "arn:aws:s3:::input_bucket_path/*" ] }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource": [ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } }, { "Effect": "Allow", "Action": [ "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource": [ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/Chime*" ] }, { "Effect": "Allow", "Action": [ "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:us-east-1:111122223333:key/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
如果您使用 的通話後分析功能AmazonTranscribeCallAnalyticsProcessor,請新增下列政策:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::111122223333:role/transcribe_role_name" ], "Condition": { "StringEquals": { "iam:PassedToService": "transcribe.streaming.amazonaws.com" } } } ] }
如果您使用 VoiceEnhancementSinkConfiguration元素,請新增下列政策:
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetObject", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectTagging" ], "Resource":[ "arn:aws:s3:::input_bucket_path/*" ] }, { "Effect":"Allow", "Action":[ "kinesisvideo:GetDataEndpoint", "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource":[ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/*" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSServiceName":"ChimeSDK" } } }, { "Effect":"Allow", "Action":[ "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource":[ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/Chime*" ] }, { "Effect":"Allow", "Action":[ "kms:GenerateDataKey" ], "Resource":[ "arn:aws:kms:us-east-1:111122223333:key/*" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSServiceName":"ChimeSDK" } } } ] }
如果您使用 VoiceAnalyticsProcessor,SnsTopicSink請根據您定義的水槽,新增 LambdaFunctionSink、 SqsQueueSink和 的政策。
LambdaFunctionSink政策:{ "Version": "2012-10-17", "Statement": [ { "Action": [ "lambda:InvokeFunction", "lambda:GetPolicy" ], "Resource": [ "arn:aws:lambda:us-east-1:111122223333:function:function_name" ], "Effect": "Allow" } ] }SqsQueueSink政策{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes" ], "Resource": [ "arn:aws:sqs:us-east-1:111122223333:queue_name" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": ["kms:GenerateDataKey", "kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1:111122223333:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }SnsTopicSink政策:{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:Publish", "sns:GetTopicAttributes" ], "Resource": [ "arn:aws:sns:us-east-1:111122223333:topic_name" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": ["kms:GenerateDataKey", "kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1:111122223333:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
