Tutorial: Creating a Chatbot policy in AWS Chatbot - AWS Chatbot
PrerequisitesStep 1: Create a new Chatbot policy(Optional) Step 2: Testing your Chatbot policy

Tutorial: Creating a Chatbot policy in AWS Chatbot

In this tutorial, you use the AWS Chatbot console to create a Chatbot policy that:

  • Restricts chat client access to Slack

  • Specifies usable Slack workspaces

  • Restricts usage to private channels

  • Requires user-level roles

Subsequently, all AWS Chatbot configurations in your organization must adhere to these specifications.

Prerequisites

You must have already created an organization using AWS Organizations. For more information, see Managing an organization with AWS Organizations in the AWS Organizations User Guide.

Step 1: Create a new Chatbot policy

To create a new Chatbot policy

  1. Open the AWS Chatbot console at https://console.aws.amazon.com/chatbot/.

  2. In the left sidebar menu, choose Organization settings.

  3. Choose Chatbot policies.

  4. Choose Create Chatbot policy.

    1. Enable Chatbot Orgs policies:
      Note

      Before you can create and attach a policy to your organization, you must enable that policy type for use. This is a one-time task on the organization root. You can enable a policy type from only the organization’s management account. For more information, see Enabling and disabling policy types in the AWS Organizations User Guide.

      On the Chatbot policies page, choose Enable.

    1. Enter your policy Details:

      Enter a policy name.

    2. (Optional) Enter a policy description.

  7. (Optional) Add tags.

    1. Configure chat client access:

      In Set Amazon Chime chat client access, choose Deny Chime access.

    2. In Set Microsoft Teams client access, choose Deny access to all Teams.

    3. In Set Slack chat client access, choose Restrict access to named Slack workspaces:

      1. Enter a Slack workspace ID.

        Tip

        You can find your workspace ID in the AWS Chatbot console by choosing the configured client in the left sidebar and looking under Workspace details.

      2. (Optional) Choose Add new workspace ID to add another Slack workspace.

      3. Choose Add.

    4. Select Enable usage to only private Slack channels.

    1. Set IAM permission types:

      Select Enable User level IAM role.

  10. Choose Create policy.

(Optional) Step 2: Testing your Chatbot policy

If you already have an AWS Chatbot configuration, you can sign in as a user in any of your member accounts and try to perform any of the following actions:

  • Create an AWS Chatbot configuration for Microsoft Teams

  • Create a Slack AWS Chatbot configuration for a workspace you didn't specify in your policy

  • Create a Slack AWS Chatbot configuration that uses a channel role

When you try to perform these actions, you should receive an error message that explains why you’re disallowed.