本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWS Amazon Lex V2 的托管策略
网络 ACL 和安全组都允许 (因此可到达您的实例) 的发起 ping 的 AWS 托管策略是一个独立的策略,由创建和管理 AWS. AWS 托管策略旨在为许多常见用例提供权限,以便您可以开始为用户、组和角色分配权限。
请记住 AWS 托管策略可能不会为您的特定用例授予最低权限权限,因为它们适用于所有人 AWS 可供客户使用。我们建议通过定义特定于您的使用场景的客户托管式策略来进一步减少权限。
您无法更改中定义的权限 AWS 托管策略。如果 AWS 更新中定义的权限 AWS 托管策略,此更新会影响该策略所关联的所有委托人身份(用户、组和角色)。 AWS 最有可能更新 AWS 新策略时的托管策略 AWS 服务 已启动或现有服务有新的API操作可用。
有关更多信息,请参阅 AWS 《IAM用户指南》中的托管策略。
AWS托管策略: AmazonLexReadOnly
您可以将该AmazonLexReadOnly策略附加到您的IAM身份。
此策略授予只读权限,允许用户查看 Amazon Lex V2 和 Amazon Lex 模型构建服务中的所有操作。
权限详细信息
该策略包含以下权限:
-
lex:模型构建服务中对 Amazon Lex V2 和 Amazon Lex 资源的只读访问权限。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonLexReadOnlyStatement1", "Effect": "Allow", "Action": [ "lex:GetBot", "lex:GetBotAlias", "lex:GetBotAliases", "lex:GetBots", "lex:GetBotChannelAssociation", "lex:GetBotChannelAssociations", "lex:GetBotVersions", "lex:GetBuiltinIntent", "lex:GetBuiltinIntents", "lex:GetBuiltinSlotTypes", "lex:GetIntent", "lex:GetIntents", "lex:GetIntentVersions", "lex:GetSlotType", "lex:GetSlotTypes", "lex:GetSlotTypeVersions", "lex:GetUtterancesView", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotChannel", "lex:DescribeBotLocale", "lex:DescribeBotRecommendation", "lex:DescribeBotReplica", "lex:DescribeBotVersion", "lex:DescribeExport", "lex:DescribeImport", "lex:DescribeIntent", "lex:DescribeResourcePolicy", "lex:DescribeSlot", "lex:DescribeSlotType", "lex:ListBots", "lex:ListBotLocales", "lex:ListBotAliases", "lex:ListBotAliasReplicas", "lex:ListBotChannels", "lex:ListBotRecommendations", "lex:ListBotReplicas", "lex:ListBotVersions", "lex:ListBotVersionReplicas", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", "lex:ListExports", "lex:ListImports", "lex:ListIntents", "lex:ListRecommendedIntents", "lex:ListSlots", "lex:ListSlotTypes", "lex:ListTagsForResource", "lex:SearchAssociatedTranscripts", "lex:ListCustomVocabularyItems" ], "Resource": "*" } ] }
AWS托管策略: AmazonLexRunBotsOnly
您可以将该AmazonLexRunBotsOnly策略附加到您的IAM身份。
该策略授予只读权限,允许运行 Amazon Lex V2 和 Amazon Lex 对话机器人。
权限详细信息
该策略包含以下权限:
-
lex:对 Amazon Lex V2 和 Amazon Lex 运行时中的所有操作的只读访问权限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lex:PostContent", "lex:PostText", "lex:PutSession", "lex:GetSession", "lex:DeleteSession", "lex:RecognizeText", "lex:RecognizeUtterance", "lex:StartConversation" ], "Resource": "*" } ] }
AWS托管策略: AmazonLexFullAccess
您可以将该AmazonLexFullAccess策略附加到您的IAM身份。
该政策授予管理权限,允许用户创建、读取、更新和删除 Amazon Lex V2 和 Amazon Lex 资源,以及运行 Amazon Lex V2 和 Amazon Lex 对话机器人。
权限详细信息
该策略包含以下权限:
-
lex:向主体授予对 Amazon Lex V2 和 Amazon Lex 模型构建和运行时服务中的所有操作的读写权限。 -
cloudwatch— 允许委托人查看 Amazon CloudWatch 指标和警报。 -
iam— 允许主体创建和删除服务相关角色、传递角色以及为角色附加和分离策略。Amazon Lex 操作的权限仅限于“lex.amazonaws.com”,而 Amazon Lex V2 操作的权限仅限于 “lexv2.amazonaws.com”。 -
kendra— 允许主体列出 Amazon Kendra 索引。 -
kms— 允许校长描述 AWS KMS 密钥和别名。 -
lambda— 允许委托人列出 AWS Lambda 函数和管理附加到任何 Lambda 函数的权限。 -
polly:允许主体描述 Amazon Polly 的声音并合成话语。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonLexFullAccessStatement1", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "kms:DescribeKey", "kms:ListAliases", "lambda:GetPolicy", "lambda:ListFunctions", "lambda:ListAliases", "lambda:ListVersionsByFunction" "lex:*", "polly:DescribeVoices", "polly:SynthesizeSpeech", "kendra:ListIndices", "iam:ListRoles", "s3:ListAllMyBuckets", "logs:DescribeLogGroups", "s3:GetBucketLocation" ], "Resource": [ "*" ] }, { "Sid": "AmazonLexFullAccessStatement2", "Effect": "Allow", "Action": [ "bedrock:ListFoundationModels" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "bedrock:InvokeModel" ], "Resource": "arn:aws:bedrock:*::foundation-model/*" }, { "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:RemovePermission" ], "Resource": "arn:aws:lambda:*:*:function:AmazonLex*", "Condition": { "StringEquals": { "lambda:Principal": "lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement3", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ] }, { "Sid": "AmazonLexFullAccessStatement4", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement5", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement6", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement7", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement8", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "replication.lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement9", "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ] }, { "Sid": "AmazonLexFullAccessStatement10", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lex.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement11", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lexv2.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement12", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "channels.lexv2.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement13", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lexv2.amazonaws.com" ] } } } ] }
AWS托管策略: AmazonLexReplicationPolicy
你无法附着AmazonLexReplicationPolicy在你的IAM实体上。本政策附属于服务相关角色,允许 Amazon Lex V2 代表您执行操作。有关更多信息,请参阅 对 Amazon Lex V2 使用服务相关角色。
此策略授予管理权限,允许 Amazon Lex V2 进行复制 AWS 代表您跨区域的资源。您可以附加此策略以允许角色轻松复制资源,包括机器人、区域设置、版本、别名、意图、插槽类型、插槽类型和自定义词汇表。
权限详细信息
该策略包含以下权限。
-
lex— 允许委托人复制其他区域的资源。 -
iam— 允许委托人从中传递角色。IAM这是必需的,这样 Amazon Lex V2 才有权在其他区域复制资源。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReplicationPolicyStatement1", "Effect": "Allow", "Action": [ "lex:BuildBotLocale", "lex:ListBotLocales", "lex:CreateBotAlias", "lex:UpdateBotAlias", "lex:DeleteBotAlias", "lex:DescribeBotAlias", "lex:CreateBotVersion", "lex:DeleteBotVersion", "lex:DescribeBotVersion", "lex:CreateExport", "lex:DescribeBot", "lex:UpdateExport", "lex:DescribeExport", "lex:DescribeBotLocale", "lex:DescribeIntent", "lex:ListIntents", "lex:DescribeSlotType", "lex:ListSlotTypes", "lex:DescribeSlot", "lex:ListSlots", "lex:DescribeCustomVocabulary", "lex:StartImport", "lex:DescribeImport", "lex:CreateBot", "lex:UpdateBot", "lex:DeleteBot", "lex:CreateBotLocale", "lex:UpdateBotLocale", "lex:DeleteBotLocale", "lex:CreateIntent", "lex:UpdateIntent", "lex:DeleteIntent", "lex:CreateSlotType", "lex:UpdateSlotType", "lex:DeleteSlotType", "lex:CreateSlot", "lex:UpdateSlot", "lex:DeleteSlot", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "lex:DeleteBotChannel", "lex:DeleteResourcePolicy" ], "Resource": [ "arn:aws:lex:*:*:bot/*", "arn:aws:lex:*:*:bot-alias/*" ] }, { "Sid": "ReplicationPolicyStatement2", "Effect": "Allow", "Action": [ "lex:CreateUploadUrl", "lex:ListBots" ], "Resource": "*" }, { "Sid": "ReplicationPolicyStatement3", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "lexv2.amazonaws.com" } } } ] }
AWS托管策略: AmazonLexV2 BedrockAgentPolicy
亚马逊 Bedrock 代理政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockAgentInvokePolicy", "Action": [ "bedrock:InvokeAgent" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:agent/[agentId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2TrustPolicy", "Principal": { "Service": "lexv2.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS托管策略: AmazonLexV2 BedrockKnowledgeBasePolicy
Amazon Bedrock 知识库政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockKnowledgeBaseReadWritePolicy", "Action": [ "bedrock:RetrieveAndGenerate", "bedrock:Retrieve" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2TrustPolicy", "Principal": { "Service": "lexv2.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS托管策略: AmazonLexV2 BedrockAgentPolicyInternal
Amazon Bedrock 代理的内部政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockAgentInvokePolicy", "Action": [ "bedrock:InvokeAgent" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:agent/[agentId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2InternalTrustPolicy", "Principal": { "Service": "lexv2.aws.internal" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS托管策略: AmazonLexV2 BedrockKnowledgeBasePolicyInternal
Amazon Bedrock 知识库的内部政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockKnowledgeBaseReadWritePolicy", "Action": [ "bedrock:RetrieveAndGenerate", "bedrock:Retrieve" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Sid": "LexV2InternalTrustPolicy", "Effect": "Allow", "Principal": { "Service": "lexv2.aws.internal" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
亚马逊 Lex V2 更新至 AWS 托管策略
查看有关更新的详细信息 AWS 自 Amazon Lex V2 服务开始跟踪这些更改以来,该服务已开始管理这些变更的策略。要获取有关此页面变更的自动提醒,请在 Amazon L RSS ex V2 Amazon Lex V2 文档历史记录 页面上订阅 Feed。
| 更改 | 描述 | 日期 |
|---|---|---|
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 知识库资源。 |
2024年8月30日 | |
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 代理资源。 |
2024年8月30日 | |
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 知识库资源。 |
2024年8月30日 | |
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 代理资源。 |
2024年8月30日 | |
|
AmazonLexReadOnly – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许对机器人资源的副本进行只读访问。 |
2024 年 5 月 10 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许将机器人资源复制到其他区域。 |
2024 年 4 月 16 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许将机器人资源复制到其他区域。 |
2024 年 1 月 31 日 |
|
Amazon Lex V2 添加了一项新政策,允许将机器人资源复制到其他区域。 |
2024 年 1 月 31 日 | |
|
AmazonLexReadOnly – 更新到现有策略 |
Amazon Lex V2 添加了新权限,允许对自定义词汇项目列表进行只读访问。 |
2022 年 11 月 29 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 |
2021 年 8 月 18 日 |
AmazonLexReadOnly – 对现有策略的更新 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 自动聊天机器人设计器操作进行只读访问。 |
2021 年 12 月 1 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 |
2021 年 8 月 18 日 |
|
AmazonLexReadOnly – 对现有策略的更新 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 |
2021 年 8 月 18 日 |
|
AmazonLexRunBotsOnly – 对现有策略的更新 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 运行时服务操作进行只读访问。 |
2021 年 8 月 18 日 |
|
Amazon Lex V2 开始跟踪更改 |
Amazon Lex V2 开始跟踪其变更 AWS 托管策略。 |
2021 年 8 月 18 日 |
