To provide a user access to analytics, attach a policy to an IAM role that permits the role to call the API operations for analytics. You can attach the AWS managed policy: AmazonLexFullAccess to the IAM role to provide full access to Amazon Lex API operations, or you can create a custom policy allowing only permissions to analytics and attach it to an IAM role.
To create a custom policy containing permissions for analytics
-
If you need to first create an IAM role, follow the steps at Creating a role to delegate permissions to an IAM user.
-
Follow the steps at Creating IAM policies to create a policy using the following JSON object. To enable analytics access to specific bots for the IAM role, add the ARN of each bot to the
Resourcefield. Replace theregion,account-id, andBOTIDwith the values corresponding to the bots. You can also replace the statement identifier,AnalyticsActions, with a name of your choice.{ "Version": "2012-10-17", "Statement": [ { "Sid": "AnalyticsActions", "Effect": "Allow", "Action": [ "lex:ListAggregatedUtterances", "lex:ListIntentMetrics", "lex:ListSessionAnalyticsData", "lex:ListIntentPaths", "lex:ListIntentStageMetrics", "lex:ListSessionMetrics" ], "Resource": [ "arn:aws:lex:region:account-id:bot/BOTID" ] } ] } -
Attach the policy you created to the role that you want to grant analytics permissions by following the steps at Adding and removing IAM identity permissions.
-
The role should now have permissions to view analytics for the bots you specified.
