Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Menggunakan peran akses sumber daya analitik panggilan
Akun panggilan harus membuat peran akses sumber daya yang digunakan oleh konfigurasi pipeline wawasan media. Anda tidak dapat menggunakan peran lintas akun.
Bergantung pada fitur yang Anda aktifkan saat membuat konfigurasi analitik panggilan, Anda harus menggunakan kebijakan sumber daya tambahan. Perluas bagian berikut untuk mempelajari lebih lanjut.
Peran tersebut membutuhkan kebijakan berikut, minimal:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "transcribe:StartCallAnalyticsStreamTranscription", "transcribe:StartStreamTranscription" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "arn:aws:kinesisvideo:
us-east-1
:111122223333
:stream/Chime*" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "arn:aws:kinesisvideo:us-east-1
:111122223333
:stream/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } }, { "Effect": "Allow", "Action": ["kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1
:111122223333
:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
Anda juga harus menggunakan kebijakan kepercayaan berikut:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "mediapipelines.chime.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "
111122223333
" }, "ArnLike": { "aws:SourceARN": "arn:aws:chime:*:111122223333
:*" } } } ] }
Jika Anda menggunakanKinesisDataStreamSink
, tambahkan kebijakan berikut:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "kinesis:PutRecord" ], "Resource": [ "arn:aws:kinesis:
us-east-1
:111122223333
:stream/output_stream_name
" ] }, { "Effect": "Allow", "Action": [ "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:us-east-1
:111122223333
:key/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
Jika Anda menggunakanS3RecordingSink
, tambahkan kebijakan berikut:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectTagging", ], "Resource": [ "arn:aws:s3:::
input_bucket_path
/*" ] }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource": [ "arn:aws:kinesisvideo:us-east-1
:111122223333
:stream/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } }, { "Effect": "Allow", "Action": [ "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource": [ "arn:aws:kinesisvideo:us-east-1
:111122223333
:stream/Chime*" ] }, { "Effect": "Allow", "Action": [ "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:us-east-1
:111122223333
:key/*" ], "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }
Jika Anda menggunakan fitur Post Call AnalyticsAmazonTranscribeCallAnalyticsProcessor
, tambahkan kebijakan berikut:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::
111122223333
:role/transcribe_role_name
" ], "Condition": { "StringEquals": { "iam:PassedToService": "transcribe.streaming.amazonaws.com" } } } ] }
Jika Anda menggunakan VoiceEnhancementSinkConfiguration
elemen, tambahkan kebijakan berikut:
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetObject", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectTagging" ], "Resource":[ "arn:aws:s3:::
input_bucket_path
/*" ] }, { "Effect":"Allow", "Action":[ "kinesisvideo:GetDataEndpoint", "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource":[ "arn:aws:kinesisvideo:us-east-1
:111122223333
:stream/*" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSServiceName":"ChimeSDK" } } }, { "Effect":"Allow", "Action":[ "kinesisvideo:ListFragments", "kinesisvideo:GetMediaForFragmentList" ], "Resource":[ "arn:aws:kinesisvideo:us-east-1
:111122223333
:stream/Chime*" ] }, { "Effect":"Allow", "Action":[ "kms:GenerateDataKey" ], "Resource":[ "arn:aws:kms:us-east-1
:111122223333
:key/*" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSServiceName":"ChimeSDK" } } } ] }
Jika Anda menggunakanVoiceAnalyticsProcessor
, tambahkan kebijakan untukLambdaFunctionSink
,SqsQueueSink
, dan SnsTopicSink
tergantung pada sink mana yang telah Anda tetapkan.
LambdaFunctionSink
kebijakan:{ "Version": "2012-10-17", "Statement": [ { "Action": [ "lambda:InvokeFunction", "lambda:GetPolicy" ], "Resource": [ "arn:aws:lambda:
us-east-1
:111122223333
:function
:function_name
" ], "Effect": "Allow" } ] }SqsQueueSink
kebijakan{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes" ], "Resource": [ "arn:aws:sqs:
us-east-1
:111122223333
:queue_name
" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": ["kms:GenerateDataKey", "kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1
:111122223333
:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }SnsTopicSink
kebijakan:{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:Publish", "sns:GetTopicAttributes" ], "Resource": [ "arn:aws:sns:
us-east-1
:111122223333
:topic_name
" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": ["kms:GenerateDataKey", "kms:Decrypt"], "Resource": "arn:aws:kms:us-east-1
:111122223333
:key/*", "Condition": { "StringLike": { "aws:ResourceTag/AWSServiceName": "ChimeSDK" } } } ] }