Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
Utilisation du rôle d'accès aux ressources d'analyse des appels pour le SDK Amazon Chime
Le compte appelant doit créer le rôle d'accès aux ressources utilisé par une configuration de pipeline Media Insights. Vous ne pouvez pas utiliser de rôles entre comptes.
En fonction des fonctionnalités que vous activez lorsque vous créez une configuration d'analyse des appels, vous devez utiliser des politiques de ressources supplémentaires. Développez les sections suivantes pour en savoir plus.
Le rôle nécessite au minimum la politique suivante :
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "transcribe:StartCallAnalyticsStreamTranscription", "transcribe:StartStreamTranscription" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "arn:aws:kinesisvideo:us-east-1:111122223333:stream/Chime*" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "arn:aws:kinesisvideo:us-east-1:111122223333:stream/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } }, { "Effect": "Allow", "Action": ["kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1:111122223333:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
Vous devez également appliquer la politique de confiance suivante :
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "mediapipelines.chime.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "111122223333" }, "ArnLike": { "aws:SourceARN": "arn:aws:chime:*:111122223333:*" } } } ] }
Si vous utilisez leKinesisDataStreamSink, ajoutez la politique suivante :
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "kinesis:PutRecord" ], "Resource": [ "arn:aws:kinesis:us-east-1:111122223333:stream/output_stream_name" ] }, { "Effect": "Allow", "Action": [ "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:us-east-1:111122223333:key/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
Si vous utilisez leS3RecordingSink, ajoutez la politique suivante :
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectTagging", ], "Resource": [ "arn:aws:s3:::input_bucket_path/*" ] }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource": [ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } }, { "Effect": "Allow", "Action": [ "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource": [ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/Chime*" ] }, { "Effect": "Allow", "Action": [ "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:us-east-1:111122223333:key/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
Si vous utilisez la fonctionnalité Post Call Analytics duAmazonTranscribeCallAnalyticsProcessor, ajoutez la politique suivante :
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::111122223333:role/transcribe_role_name" ], "Condition": { "StringEquals": { "iam:PassedToService": "transcribe.streaming.amazonaws.com" } } } ] }
Si vous utilisez l'VoiceEnhancementSinkConfigurationélément, ajoutez la politique suivante :
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetObject", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectTagging" ], "Resource":[ "arn:aws:s3:::input_bucket_path/*" ] }, { "Effect":"Allow", "Action":[ "kinesisvideo:GetDataEndpoint", "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource":[ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/*" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSServiceName":"ChimeSDK" } } }, { "Effect":"Allow", "Action":[ "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource":[ "arn:aws:kinesisvideo:us-east-1:111122223333:stream/Chime*" ] }, { "Effect":"Allow", "Action":[ "kms:GenerateDataKey" ], "Resource":[ "arn:aws:kms:us-east-1:111122223333:key/*" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSServiceName":"ChimeSDK" } } } ] }
Si vous utilisez leVoiceAnalyticsProcessor, ajoutez les politiques pour LambdaFunctionSinkSqsQueueSink, et SnsTopicSink en fonction des cuvettes que vous avez définies.
- Stratégie
LambdaFunctionSink: -
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "lambda:InvokeFunction", "lambda:GetPolicy" ], "Resource": [ "arn:aws:lambda:us-east-1:111122223333:function:function_name" ], "Effect": "Allow" } ] } - Stratégie
SqsQueueSink -
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes" ], "Resource": [ "arn:aws:sqs:us-east-1:111122223333:queue_name" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": ["kms:GenerateDataKey", "kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1:111122223333:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] } - Stratégie
SnsTopicSink: -
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:Publish", "sns:GetTopicAttributes" ], "Resource": [ "arn:aws:sns:us-east-1:111122223333:topic_name" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": ["kms:GenerateDataKey", "kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1:111122223333:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
