本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWS Amazon Lex V2 的托管策略
AWS 托管策略是由创建和管理的独立策略 AWS。 AWS 托管策略旨在为许多常见用例提供权限,以便您可以开始为用户、组和角色分配权限。
请记住, AWS 托管策略可能不会为您的特定用例授予最低权限权限,因为它们可供所有 AWS 客户使用。我们建议通过定义特定于您的使用场景的客户托管式策略来进一步减少权限。
您无法更改 AWS 托管策略中定义的权限。如果 AWS 更新 AWS 托管策略中定义的权限,则更新会影响该策略所关联的所有委托人身份(用户、组和角色)。 AWS 当新服务启动或现有服务 AWS 服务 有新API操作可用时,最有可能更新 AWS 托管策略。
有关更多信息,请参阅《IAM用户指南》中的AWS 托管策略。
AWS托管策略: AmazonLexReadOnly
您可以将该AmazonLexReadOnly策略附加到您的IAM身份。
此策略授予只读权限,允许用户查看 Amazon Lex V2 和 Amazon Lex 模型构建服务中的所有操作。
权限详细信息
该策略包含以下权限:
-
lex:模型构建服务中对 Amazon Lex V2 和 Amazon Lex 资源的只读访问权限。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonLexReadOnlyStatement1", "Effect": "Allow", "Action": [ "lex:GetBot", "lex:GetBotAlias", "lex:GetBotAliases", "lex:GetBots", "lex:GetBotChannelAssociation", "lex:GetBotChannelAssociations", "lex:GetBotVersions", "lex:GetBuiltinIntent", "lex:GetBuiltinIntents", "lex:GetBuiltinSlotTypes", "lex:GetIntent", "lex:GetIntents", "lex:GetIntentVersions", "lex:GetSlotType", "lex:GetSlotTypes", "lex:GetSlotTypeVersions", "lex:GetUtterancesView", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotChannel", "lex:DescribeBotLocale", "lex:DescribeBotRecommendation", "lex:DescribeBotReplica", "lex:DescribeBotVersion", "lex:DescribeExport", "lex:DescribeImport", "lex:DescribeIntent", "lex:DescribeResourcePolicy", "lex:DescribeSlot", "lex:DescribeSlotType", "lex:ListBots", "lex:ListBotLocales", "lex:ListBotAliases", "lex:ListBotAliasReplicas", "lex:ListBotChannels", "lex:ListBotRecommendations", "lex:ListBotReplicas", "lex:ListBotVersions", "lex:ListBotVersionReplicas", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", "lex:ListExports", "lex:ListImports", "lex:ListIntents", "lex:ListRecommendedIntents", "lex:ListSlots", "lex:ListSlotTypes", "lex:ListTagsForResource", "lex:SearchAssociatedTranscripts", "lex:ListCustomVocabularyItems" ], "Resource": "*" } ] }
AWS托管策略: AmazonLexRunBotsOnly
您可以将该AmazonLexRunBotsOnly策略附加到您的IAM身份。
该策略授予只读权限,允许运行 Amazon Lex V2 和 Amazon Lex 对话机器人。
权限详细信息
该策略包含以下权限:
-
lex:对 Amazon Lex V2 和 Amazon Lex 运行时中的所有操作的只读访问权限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lex:PostContent", "lex:PostText", "lex:PutSession", "lex:GetSession", "lex:DeleteSession", "lex:RecognizeText", "lex:RecognizeUtterance", "lex:StartConversation" ], "Resource": "*" } ] }
AWS托管策略: AmazonLexFullAccess
您可以将该AmazonLexFullAccess策略附加到您的IAM身份。
该政策授予管理权限,允许用户创建、读取、更新和删除 Amazon Lex V2 和 Amazon Lex 资源,以及运行 Amazon Lex V2 和 Amazon Lex 对话机器人。
权限详细信息
该策略包含以下权限:
-
lex:向主体授予对 Amazon Lex V2 和 Amazon Lex 模型构建和运行时服务中的所有操作的读写权限。 -
cloudwatch— 允许委托人查看 Amazon CloudWatch 指标和警报。 -
iam— 允许主体创建和删除服务相关角色、传递角色以及为角色附加和分离策略。Amazon Lex 操作的权限仅限于“lex.amazonaws.com”,而 Amazon Lex V2 操作的权限仅限于 “lexv2.amazonaws.com”。 -
kendra— 允许主体列出 Amazon Kendra 索引。 -
kms— 允许主体描述 AWS KMS 密钥和别名。 -
lambda— 允许主体列出 AWS Lambda 函数并管理附加到任何 Lambda 函数的权限。 -
polly:允许主体描述 Amazon Polly 的声音并合成话语。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonLexFullAccessStatement1", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "kms:DescribeKey", "kms:ListAliases", "lambda:GetPolicy", "lambda:ListFunctions", "lambda:ListAliases", "lambda:ListVersionsByFunction" "lex:*", "polly:DescribeVoices", "polly:SynthesizeSpeech", "kendra:ListIndices", "iam:ListRoles", "s3:ListAllMyBuckets", "logs:DescribeLogGroups", "s3:GetBucketLocation" ], "Resource": [ "*" ] }, { "Sid": "AmazonLexFullAccessStatement2", "Effect": "Allow", "Action": [ "bedrock:ListFoundationModels" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "bedrock:InvokeModel" ], "Resource": "arn:aws:bedrock:*::foundation-model/*" }, { "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:RemovePermission" ], "Resource": "arn:aws:lambda:*:*:function:AmazonLex*", "Condition": { "StringEquals": { "lambda:Principal": "lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement3", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ] }, { "Sid": "AmazonLexFullAccessStatement4", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement5", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement6", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement7", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement8", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "replication.lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement9", "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ] }, { "Sid": "AmazonLexFullAccessStatement10", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lex.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement11", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lexv2.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement12", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "channels.lexv2.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement13", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lexv2.amazonaws.com" ] } } } ] }
AWS托管策略: AmazonLexReplicationPolicy
你无法附着AmazonLexReplicationPolicy在你的IAM实体上。本政策附属于服务相关角色,允许 Amazon Lex V2 代表您执行操作。有关更多信息,请参阅 对 Amazon Lex V2 使用服务相关角色。
此政策授予管理权限,允许 Amazon Lex V2 代表您跨区域复制 AWS 资源。您可以附加此策略以允许角色轻松复制资源,包括机器人、区域设置、版本、别名、意图、插槽类型、插槽类型和自定义词汇表。
权限详细信息
该策略包含以下权限。
-
lex— 允许委托人复制其他区域的资源。 -
iam— 允许委托人从中传递角色。IAM这是必需的,这样 Amazon Lex V2 才有权在其他区域复制资源。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReplicationPolicyStatement1", "Effect": "Allow", "Action": [ "lex:BuildBotLocale", "lex:ListBotLocales", "lex:CreateBotAlias", "lex:UpdateBotAlias", "lex:DeleteBotAlias", "lex:DescribeBotAlias", "lex:CreateBotVersion", "lex:DeleteBotVersion", "lex:DescribeBotVersion", "lex:CreateExport", "lex:DescribeBot", "lex:UpdateExport", "lex:DescribeExport", "lex:DescribeBotLocale", "lex:DescribeIntent", "lex:ListIntents", "lex:DescribeSlotType", "lex:ListSlotTypes", "lex:DescribeSlot", "lex:ListSlots", "lex:DescribeCustomVocabulary", "lex:StartImport", "lex:DescribeImport", "lex:CreateBot", "lex:UpdateBot", "lex:DeleteBot", "lex:CreateBotLocale", "lex:UpdateBotLocale", "lex:DeleteBotLocale", "lex:CreateIntent", "lex:UpdateIntent", "lex:DeleteIntent", "lex:CreateSlotType", "lex:UpdateSlotType", "lex:DeleteSlotType", "lex:CreateSlot", "lex:UpdateSlot", "lex:DeleteSlot", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "lex:DeleteBotChannel", "lex:DeleteResourcePolicy" ], "Resource": [ "arn:aws:lex:*:*:bot/*", "arn:aws:lex:*:*:bot-alias/*" ] }, { "Sid": "ReplicationPolicyStatement2", "Effect": "Allow", "Action": [ "lex:CreateUploadUrl", "lex:ListBots" ], "Resource": "*" }, { "Sid": "ReplicationPolicyStatement3", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "lexv2.amazonaws.com" } } } ] }
AWS托管策略: AmazonLexV2 BedrockAgentPolicy
亚马逊 Bedrock 代理政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockAgentInvokePolicy", "Action": [ "bedrock:InvokeAgent" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:agent/[agentId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2TrustPolicy", "Principal": { "Service": "lexv2.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS托管策略: AmazonLexV2 BedrockKnowledgeBasePolicy
Amazon Bedrock 知识库政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockKnowledgeBaseReadWritePolicy", "Action": [ "bedrock:RetrieveAndGenerate", "bedrock:Retrieve" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2TrustPolicy", "Principal": { "Service": "lexv2.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS托管策略: AmazonLexV2 BedrockAgentPolicyInternal
Amazon Bedrock 代理的内部政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockAgentInvokePolicy", "Action": [ "bedrock:InvokeAgent" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:agent/[agentId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2InternalTrustPolicy", "Principal": { "Service": "lexv2.aws.internal" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS托管策略: AmazonLexV2 BedrockKnowledgeBasePolicyInternal
Amazon Bedrock 知识库的内部政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockKnowledgeBaseReadWritePolicy", "Action": [ "bedrock:RetrieveAndGenerate", "bedrock:Retrieve" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
响应
{ "Version": "2012-10-17", "Statement": [ { "Sid": "LexV2InternalTrustPolicy", "Effect": "Allow", "Principal": { "Service": "lexv2.aws.internal" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
Amazon Lex V2 更新了托 AWS 管策略
查看自该服务开始跟踪这些更改以来对 Amazon Lex V2 AWS 托管政策的更新的详细信息。要获取有关此页面变更的自动提醒,请在 Amazon L RSS ex V2 Amazon Lex V2 文档历史记录 页面上订阅 Feed。
| 更改 | 描述 | 日期 |
|---|---|---|
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 知识库资源。 |
2024 年 8 月 30 日 | |
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 代理资源。 |
2024 年 8 月 30 日 | |
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 知识库资源。 |
2024 年 8 月 30 日 | |
|
Amazon Lex V2 添加了一项新政策,允许复制亚马逊 Bedrock 代理资源。 |
2024 年 8 月 30 日 | |
|
AmazonLexReadOnly – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许对机器人资源的副本进行只读访问。 |
2024 年 5 月 10 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许将机器人资源复制到其他区域。 |
2024 年 4 月 16 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许将机器人资源复制到其他区域。 |
2024 年 1 月 31 日 |
|
Amazon Lex V2 添加了一项新政策,允许将机器人资源复制到其他区域。 |
2024 年 1 月 31 日 | |
|
AmazonLexReadOnly – 更新到现有策略 |
Amazon Lex V2 添加了新权限,允许对自定义词汇项目列表进行只读访问。 |
2022 年 11 月 29 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 |
2021 年 8 月 18 日 |
AmazonLexReadOnly – 对现有策略的更新 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 自动聊天机器人设计器操作进行只读访问。 |
2021 年 12 月 1 日 |
|
AmazonLexFullAccess – 更新到现有策略 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 |
2021 年 8 月 18 日 |
|
AmazonLexReadOnly – 对现有策略的更新 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 |
2021 年 8 月 18 日 |
|
AmazonLexRunBotsOnly – 对现有策略的更新 |
Amazon Lex V2 添加了新的权限,允许对 Amazon Lex V2 运行时服务操作进行只读访问。 |
2021 年 8 月 18 日 |
|
Amazon Lex V2 开始跟踪更改 |
Amazon Lex V2 开始跟踪对其 AWS 托管式策略的更改。 |
2021 年 8 月 18 日 |
