Editing an IAM role for AWS Chatbot - AWS Chatbot

Editing an IAM role for AWS Chatbot

You can create new IAM roles in the AWS Chatbot console, which provides a convenient way to deploy the AWS Chatbot service. You associate these roles with your chat channels or Amazon Chime webhooks. The AWS Chatbot console does not allow editing of IAM roles, including any roles that you've already created in the AWS Chatbot console.

Note

AWS requires that you use the IAM console to edit IAM roles. If you create roles in the AWS Chatbot console, you must use the IAM console to edit them. This might happen, for example, when you are using the AWS Chatbot service and a new release comes out that supports new features.

Use the IAM console to edit AWS Chatbot roles. You can use the entire set of IAM console features to specify permissions for your AWS Chatbot users.

To edit roles

  1. Open the AWS Chatbot console at https://console.aws.amazon.com/chatbot/.

  2. Choose the configured client, and choose the name of the configured channel or webhook.

  3. Choose a role to edit:

    Channel role

    1. Choose the role you want to edit. When you choose a role, the IAM console opens, automatically showing role configuration page, with the Permissions tab displaying the selected role.

      Note

      You can attach AWS managed policies and customer managed policies. AWS Chatbot roles support both types of IAM policies.

    2. Choose Add permissions and then select Attach Policies.

    User roles

    1. Choose the User role tab.

    2. Choose Edit.

      Note

      You can attach AWS managed policies and customer managed policies. AWS Chatbot roles support both types of IAM policies.

    3. Choose Selected role information then choose a role. When you choose a role, the IAM console opens automatically showing role configuration page.

    4. Choose Add permissions and then select Attach Policies.

  4. Choose the name of the policy that you want. You can use the Search box to search for the policy by name or by a partial string of characters. For example, all IAM policies associated with AWS Chatbot include the character string Chatbot as part of the policy name. If you want your users to be able to use Amazon Q, attach the AmazonQFullAccess policy.

  5. You can attach any of three AWS managed policies to any role. You can use these policies as templates to create your own policies.

    • ReadOnlyAccess

    • CloudWatchReadOnlyAccess

    • AWSSupportAccess

    The ReadOnlyAccess policy is automatically attached to any role that you create in the AWS Chatbot console.

    The AWSSupportAccess policy is the only AWS managed policy that appears in the AWS Chatbot console when you configure new roles there.

    You can use these policies to create your own policies that are less permissive and specify the resources their users can access. You can substitute these custom policies for the ones listed here.

  6. Choose each of the policies that you want to attach to the role and choose Attach policy. If needed, use the Search box to locate the policies you're looking for.

    After you click Attach policy, the role's Permissions page opens and shows the change in the Permissions list.

Note

For more information about the customer managed policies and AWS managed policies described in this section, see IAM Policies for AWS Chatbot.

For more information about editing IAM policies, see Editing IAM Policies. Exercise caution at all times when editing policies, and avoid overwriting existing customer managed policies.