AWS亞馬遜萊克斯的受管政策 - Amazon Lex V1
AmazonLexReadOnlyAmazonLexRunBotsOnlyAmazonLexFullAccess政策更新

如果您使用的是 Amazon Lex V2,請參閱 Amazon Lex V2 指南

 

如果您使用的是 Amazon Lex V1,我們建議您將機器人升級到 Amazon Lex V2。我們不再向 V1 添加新功能,強烈建議所有新機器人使用 V2。

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWS亞馬遜萊克斯的受管政策

AWS 受管政策是由 AWS 建立和管理的獨立政策。AWS 受管政策的設計在於為許多常見使用案例提供許可,如此您就可以開始將許可指派給使用者、群組和角色。

請記住,AWS 受管政策可能不會授與您特定使用案例的最低權限許可,因為它們可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。

您無法更改 AWS 受管政策中定義的許可。如果 AWS 更新 AWS 受管政策中定義的許可,更新會影響政策連接的所有主體身分 (使用者、群組和角色)。在推出新的 AWS 服務 或有新的 API 操作可供現有服務使用時,AWS 很可能會更新 AWS 受管政策。

如需詳細資訊,請參閱《IAM 使用者指南》https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies中的 AWS 受管政策

AWS 受管政策:AmazonLexReadOnly

您可將 AmazonLexReadOnly 政策連接到 IAM 身分。

此政策授予唯讀許可,允許使用者檢視 Amazon Lex 和 Amazon Lex V2 模型建置服務中的所有動作。

許可詳細資訊

此政策包含以下許可:

  • lex— 模型建置服務中的 Amazon Lex 和亞馬遜 Lex V2 資源的唯讀存取權。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lex:GetBot",
                "lex:GetBotAlias",
                "lex:GetBotAliases",
                "lex:GetBots",
                "lex:GetBotChannelAssociation",
                "lex:GetBotChannelAssociations",
                "lex:GetBotVersions",
                "lex:GetBuiltinIntent",
                "lex:GetBuiltinIntents",
                "lex:GetBuiltinSlotTypes",
                "lex:GetIntent",
                "lex:GetIntents",
                "lex:GetIntentVersions",
                "lex:GetSlotType",
                "lex:GetSlotTypes",
                "lex:GetSlotTypeVersions",
                "lex:GetUtterancesView",
                "lex:DescribeBot",
                "lex:DescribeBotAlias",
                "lex:DescribeBotChannel",
                "lex:DescribeBotLocale",
                "lex:DescribeBotVersion",
                "lex:DescribeExport",
                "lex:DescribeImport",
                "lex:DescribeIntent",
                "lex:DescribeResourcePolicy",
                "lex:DescribeSlot",
                "lex:DescribeSlotType",
                "lex:ListBots",
                "lex:ListBotLocales",
                "lex:ListBotAliases",
                "lex:ListBotChannels",
                "lex:ListBotVersions",
                "lex:ListBuiltInIntents",
                "lex:ListBuiltInSlotTypes",
                "lex:ListExports",
                "lex:ListImports",
                "lex:ListIntents",
                "lex:ListSlots",
                "lex:ListSlotTypes",
                "lex:ListTagsForResource"
            ],
            "Resource": "*"
        }
    ]
}

AWS 受管政策:AmazonLexRunBotsOnly

您可將 AmazonLexRunBotsOnly 政策連接到 IAM 身分。

此政策授予唯讀許可,允許存取執行 Amazon Lex 和 Amazon Lex V2 交談機器人。

許可詳細資訊

此政策包含以下許可:

  • lex— 只讀訪問亞馬遜 Lex 和亞馬遜 Lex V2 運行時中的所有操作。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lex:PostContent",
                "lex:PostText",
                "lex:PutSession",
                "lex:GetSession",
                "lex:DeleteSession",
                "lex:RecognizeText",
                "lex:RecognizeUtterance",
                "lex:StartConversation"
            ],
            "Resource": "*"
        }
    ]
}

AWS 受管政策:AmazonLexFullAccess

您可將 AmazonLexFullAccess 政策連接到 IAM 身分。

此政策授予管理許可,允許使用者建立、讀取、更新和刪除 Amazon Lex 和 Amazon Lex V2 資源,以及執行 Amazon Lex 和 Amazon Lex V2 交談機器人的權限。

許可詳細資訊

此政策包含以下許可:

  • lex— 允許主體讀取和寫入 Amazon Lex 和 Amazon Lex V2 模型建置和執行時期服務中的所有動作。

  • cloudwatch— 允許校長查看亞馬遜CloudWatch指標和警報。

  • iam— 可讓主參與者建立和刪除服務連結角色、傳遞角色,以及將原則附加至角色和中斷連結。權限被限制為「亞馬遜」亞馬遜萊克斯操作和「Lexv2. 亞馬遜 V2」亞馬遜萊克斯 V2 操作.

  • kendra— 允許校長列出亞馬遜肯德拉索引。

  • kms— 允許主參與者描述AWS KMS金鑰和別名。

  • lambda— 允許主參與者列出AWS Lambda函數和管理連接到任何 Lambda 函數的權限。

  • polly— 允許校長描述亞馬遜波莉聲音並合成語音。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:DescribeAlarms",
                "cloudwatch:DescribeAlarmsForMetric",
                "kms:DescribeKey",
                "kms:ListAliases",
                "lambda:GetPolicy",
                "lambda:ListFunctions",
                "lex:*",
                "polly:DescribeVoices",
                "polly:SynthesizeSpeech",
                "kendra:ListIndices",
                "iam:ListRoles",
                "s3:ListAllMyBuckets",
                "logs:DescribeLogGroups",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "lambda:AddPermission",
                "lambda:RemovePermission"
            ],
            "Resource": "arn:aws:lambda:*:*:function:AmazonLex*",
            "Condition": {
                "StringEquals": {
                    "lambda:Principal": "lex.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:GetRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
                "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
                "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
                "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": "lex.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": "channels.lex.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": "lexv2.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": "channels.lexv2.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:DeleteServiceLinkedRole",
                "iam:GetServiceLinkedRoleDeletionStatus"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
                "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
                "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
                "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": [
                        "lex.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": [
                        "lexv2.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": [
                        "channels.lexv2.amazonaws.com"
                    ]
                }
            }
        }
    ]
}

亞馬遜萊克斯更新AWS受管理政策

檢視有關更新的詳細資訊AWS自從這項服務開始追蹤這些變更後,Amazon Lex 的受管政策。如需有關此頁面變更的自動警示,請訂閱 Amazon Lex 上的 RSS 摘要Amazon Lex 的文件歷史記錄頁面。

變更 描述 日期

AmazonLexFullAccess – 更新現有政策

Amazon Lex 新增了新的許可,允許對 Amazon Lex V2 模型建置服務作業進行唯讀存取。

 2021 年 8 月 18 日

AmazonLexReadOnly – 更新現有政策

Amazon Lex 新增了新的許可,允許對 Amazon Lex V2 模型建置服務作業進行唯讀存取。

 2021 年 8 月 18 日

AmazonLexRunBotsOnly – 更新現有政策

Amazon Lex 新增了新的許可,允許對 Amazon Lex V2 執行階段服務作業進行唯讀存取。

 2021 年 8 月 18 日

亞馬遜 Lex 開始跟踪更改

亞馬遜萊克斯開始跟踪其更改AWS受管理的策略。

 2021 年 8 月 18 日