如何添加基于身份的策略以授权Cognito-Scentity访问Amazon Lex Bot？我还试图将基于资源的策略添加到Lex Bot

发布于 2025-02-07 18:23:04 字数 1287 浏览 3 评论 0原文

我正在React应用程序中进行聊天机器人。我已经使用了react-lex-plus npm软件包。在Lexchat组件中，我输入了机器人别名。我创建了一个新的身份池ID。但是在本地运行它之后，我得到了

   AccessDeniedException: User: arn:aws:sts::myAccountId:assumed-role/Cognito_LiveAssistanceBotIdUnauth_Role/CognitoIdentityCredentials is not authorized to perform: lex:PostText on resource: arn:aws:lex:us-east-1:myAccountIdbot:LiveAssistanceBot:$LATEST because no identity-based policy allows the lex:PostText action

我不知道在哪里更新基于身份的策略。我还试图为Lex Bot设置基于资源的策略。

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "LiveAssitanceBotId",
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "cognito-identity.amazonaws.com"
        ]
      },
      "Action": [
        "lex:RecognizeText",
        "lex:StartConversation"
      ],
      "Resource": [
        "arn:aws:lex:us-east-1:myAccountID_:bot-alias/1AUEAAP4MW/9F7RMYLBSU"
      ],
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "myAccountId_"
        },
        "ArnEquals": {
          "AWS:SourceArn": "arn:aws:cognito-identity:us-east-1:myAccountId_:identitypool/us-east-1:d4a81595-0381-4fbb-ab20-9b76e4143ca1"
        }
      }
    }
  ]
}

之后，我在创建策略时会获得内部错误。

原文

I am making a chatbot in react application. I have used react-lex-plus npm package.
In the LexChat component, I have entered my bot alias. I have created a new identity pool id.
But after running it locally, I am getting

   AccessDeniedException: User: arn:aws:sts::myAccountId:assumed-role/Cognito_LiveAssistanceBotIdUnauth_Role/CognitoIdentityCredentials is not authorized to perform: lex:PostText on resource: arn:aws:lex:us-east-1:myAccountIdbot:LiveAssistanceBot:$LATEST because no identity-based policy allows the lex:PostText action

I don't know where to update identity-based policy. I am also trying to setup resource-based policy for Lex Bot.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "LiveAssitanceBotId",
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "cognito-identity.amazonaws.com"
        ]
      },
      "Action": [
        "lex:RecognizeText",
        "lex:StartConversation"
      ],
      "Resource": [
        "arn:aws:lex:us-east-1:myAccountID_:bot-alias/1AUEAAP4MW/9F7RMYLBSU"
      ],
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "myAccountId_"
        },
        "ArnEquals": {
          "AWS:SourceArn": "arn:aws:cognito-identity:us-east-1:myAccountId_:identitypool/us-east-1:d4a81595-0381-4fbb-ab20-9b76e4143ca1"
        }
      }
    }
  ]
}

after which I am getting Internal Error while creating the policy.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

白馒头 2025-02-14 18:23:04

您需要将lex：PostText功能添加到策略的Action部分。

以下是我现有的许可政策之一的摘录：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lex:PostContent",
                "lex:PostText",
                "lex:PutSession",
                "lex:GetSession",
                "lex:DeleteSession",
                "lex:RecognizeText",
                "lex:RecognizeUtterance",
                "lex:StartConversation"
            ],
            "Resource": "*"
        }
    ]
}

You need to add the lex:PostText capability to the Action section of your policy.

Below is an extract from one of my existing permission policies:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lex:PostContent",
                "lex:PostText",
                "lex:PutSession",
                "lex:GetSession",
                "lex:DeleteSession",
                "lex:RecognizeText",
                "lex:RecognizeUtterance",
                "lex:StartConversation"
            ],
            "Resource": "*"
        }
    ]
}

回复收藏 0 原文

~没有更多了~