本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS 受管政策是由 AWS AWS 受管政策建立和管理的獨立政策旨在為許多常見使用案例提供許可,以便您可以開始將許可指派給使用者、群組和角色。
請記住, AWS 受管政策可能不會授予特定使用案例的最低權限許可,因為這些許可可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。
您無法變更 AWS 受管政策中定義的許可。如果 AWS 更新受管政策中 AWS 定義的許可,則更新會影響政策連接的所有主體身分 (使用者、群組和角色)。當新的 AWS 服務 啟動或新的 API 操作可用於現有服務時, AWS 最有可能更新受 AWS 管政策。
如需詳細資訊,請參閱《IAM 使用者指南》中的 AWS 受管政策。
AWS 受管政策:AmazonLexReadOnly
您可將 AmazonLexReadOnly 政策連接到 IAM 身分。
此政策授予唯讀許可,允許使用者檢視 Amazon Lex V2 和 Amazon Lex 模型建置服務中的所有動作。
許可詳細資訊
此政策包含以下許可:
-
lex– 在模型建置服務中唯讀存取 Amazon Lex V2 和 Amazon Lex 資源。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AmazonLexReadOnlyStatement1",
"Effect": "Allow",
"Action": [
"lex:GetBot",
"lex:GetBotAlias",
"lex:GetBotAliases",
"lex:GetBots",
"lex:GetBotChannelAssociation",
"lex:GetBotChannelAssociations",
"lex:GetBotVersions",
"lex:GetBuiltinIntent",
"lex:GetBuiltinIntents",
"lex:GetBuiltinSlotTypes",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView",
"lex:DescribeBot",
"lex:DescribeBotAlias",
"lex:DescribeBotChannel",
"lex:DescribeBotLocale",
"lex:DescribeBotRecommendation",
"lex:DescribeBotReplica",
"lex:DescribeBotVersion",
"lex:DescribeExport",
"lex:DescribeImport",
"lex:DescribeIntent",
"lex:DescribeResourcePolicy",
"lex:DescribeSlot",
"lex:DescribeSlotType",
"lex:ListBots",
"lex:ListBotLocales",
"lex:ListBotAliases",
"lex:ListBotAliasReplicas",
"lex:ListBotChannels",
"lex:ListBotRecommendations",
"lex:ListBotReplicas",
"lex:ListBotVersions",
"lex:ListBotVersionReplicas",
"lex:ListBuiltInIntents",
"lex:ListBuiltInSlotTypes",
"lex:ListExports",
"lex:ListImports",
"lex:ListIntents",
"lex:ListRecommendedIntents",
"lex:ListSlots",
"lex:ListSlotTypes",
"lex:ListTagsForResource",
"lex:SearchAssociatedTranscripts",
"lex:ListCustomVocabularyItems"
],
"Resource": "*"
}
]
}AWS 受管政策:AmazonLexRunBotsOnly
您可將 AmazonLexRunBotsOnly 政策連接到 IAM 身分。
此政策授予唯讀許可,允許 存取來執行 Amazon Lex V2 和 Amazon Lex 對話式機器人。
許可詳細資訊
此政策包含以下許可:
-
lex– Amazon Lex V2 和 Amazon Lex 執行時間中所有動作的唯讀存取權。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lex:PostContent",
"lex:PostText",
"lex:PutSession",
"lex:GetSession",
"lex:DeleteSession",
"lex:RecognizeText",
"lex:RecognizeUtterance",
"lex:StartConversation"
],
"Resource": "*"
}
]
}AWS 受管政策:AmazonLexFullAccess
您可將 AmazonLexFullAccess 政策連接到 IAM 身分。
此政策授予管理許可,允許使用者建立、讀取、更新和刪除 Amazon Lex V2 和 Amazon Lex 資源;以及執行 Amazon Lex V2 和 Amazon Lex 對話式機器人。
許可詳細資訊
此政策包含以下許可:
-
lex– 允許主體讀取和寫入存取 Amazon Lex V2 和 Amazon Lex 模型建置和執行時間服務中的所有動作。 -
cloudwatch– 允許主體檢視 Amazon CloudWatch 指標和警示。 -
iam– 允許主體建立和刪除服務連結角色、傳遞角色,以及將政策連接到角色並分離。Amazon Lex 操作的許可僅限於「lex.amazonaws.com」,Amazon Lex V2 操作的許可僅限於「lexv2.amazonaws.com」。 -
kendra– 允許主體列出 Amazon Kendra 索引。 -
kms– 允許主體描述 AWS KMS 金鑰和別名。 -
lambda– 允許主體列出 AWS Lambda 函數,並管理連接到任何 Lambda 函數的許可。 -
polly– 允許主體描述 Amazon Polly 語音和合成語音。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AmazonLexFullAccessStatement1",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lambda:ListAliases",
"lambda:ListVersionsByFunction"
"lex:*",
"polly:DescribeVoices",
"polly:SynthesizeSpeech",
"kendra:ListIndices",
"iam:ListRoles",
"s3:ListAllMyBuckets",
"logs:DescribeLogGroups",
"s3:GetBucketLocation"
],
"Resource": [
"*"
]
},
{
"Sid": "AmazonLexFullAccessStatement2",
"Effect": "Allow",
"Action": [
"bedrock:ListFoundationModels"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel"
],
"Resource": "arn:aws:bedrock:*::foundation-model/*"
},
{
"Effect": "Allow",
"Action": [
"lambda:AddPermission",
"lambda:RemovePermission"
],
"Resource": "arn:aws:lambda:*:*:function:AmazonLex*",
"Condition": {
"StringEquals": {
"lambda:Principal": "lex.amazonaws.com"
}
}
},
{
"Sid": "AmazonLexFullAccessStatement3",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:GetRolePolicy"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*",
"arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*"
]
},
{
"Sid": "AmazonLexFullAccessStatement4",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "lex.amazonaws.com"
}
}
},
{
"Sid": "AmazonLexFullAccessStatement5",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "channels.lex.amazonaws.com"
}
}
},
{
"Sid": "AmazonLexFullAccessStatement6",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "lexv2.amazonaws.com"
}
}
},
{
"Sid": "AmazonLexFullAccessStatement7",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "channels.lexv2.amazonaws.com"
}
}
},
{
"Sid": "AmazonLexFullAccessStatement8",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "replication.lexv2.amazonaws.com"
}
}
},
{
"Sid": "AmazonLexFullAccessStatement9",
"Effect": "Allow",
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*",
"arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*"
]
},
{
"Sid": "AmazonLexFullAccessStatement10",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lex.amazonaws.com"
]
}
}
},
{
"Sid": "AmazonLexFullAccessStatement11",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lexv2.amazonaws.com"
]
}
}
},
{
"Sid": "AmazonLexFullAccessStatement12",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"channels.lexv2.amazonaws.com"
]
}
}
},
{
"Sid": "AmazonLexFullAccessStatement13",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lexv2.amazonaws.com"
]
}
}
}
]
}AWS 受管政策:AmazonLexReplicationPolicy
您不得將 AmazonLexReplicationPolicy 連接到 IAM 實體。此政策連接至服務連結角色,允許 Amazon Lex V2 代表您執行動作。如需詳細資訊,請參閱使用 Amazon Lex V2 的服務連結角色。
此政策授予管理許可,允許 Amazon Lex V2 代表您跨區域複寫 AWS 資源。您可以連接此政策,以允許角色輕鬆複寫資源,包括機器人、地區設定、版本、別名、意圖、槽類型、插槽和自訂詞彙。
許可詳細資訊
此政策包含以下許可。
-
lex– 允許主體複寫其他區域中的資源。 -
iam– 允許主體從 IAM 傳遞角色。這是必要的,以便 Amazon Lex V2 具有在其他區域中複寫資源的許可。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ReplicationPolicyStatement1",
"Effect": "Allow",
"Action": [
"lex:BuildBotLocale",
"lex:ListBotLocales",
"lex:CreateBotAlias",
"lex:UpdateBotAlias",
"lex:DeleteBotAlias",
"lex:DescribeBotAlias",
"lex:CreateBotVersion",
"lex:DeleteBotVersion",
"lex:DescribeBotVersion",
"lex:CreateExport",
"lex:DescribeBot",
"lex:UpdateExport",
"lex:DescribeExport",
"lex:DescribeBotLocale",
"lex:DescribeIntent",
"lex:ListIntents",
"lex:DescribeSlotType",
"lex:ListSlotTypes",
"lex:DescribeSlot",
"lex:ListSlots",
"lex:DescribeCustomVocabulary",
"lex:StartImport",
"lex:DescribeImport",
"lex:CreateBot",
"lex:UpdateBot",
"lex:DeleteBot",
"lex:CreateBotLocale",
"lex:UpdateBotLocale",
"lex:DeleteBotLocale",
"lex:CreateIntent",
"lex:UpdateIntent",
"lex:DeleteIntent",
"lex:CreateSlotType",
"lex:UpdateSlotType",
"lex:DeleteSlotType",
"lex:CreateSlot",
"lex:UpdateSlot",
"lex:DeleteSlot",
"lex:CreateCustomVocabulary",
"lex:UpdateCustomVocabulary",
"lex:DeleteCustomVocabulary",
"lex:DeleteBotChannel",
"lex:DeleteResourcePolicy"
],
"Resource": [
"arn:aws:lex:*:*:bot/*",
"arn:aws:lex:*:*:bot-alias/*"
]
},
{
"Sid": "ReplicationPolicyStatement2",
"Effect": "Allow",
"Action": [
"lex:CreateUploadUrl",
"lex:ListBots"
],
"Resource": "*"
},
{
"Sid": "ReplicationPolicyStatement3",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "lexv2.amazonaws.com"
}
}
}
]
}AWS 受管政策:AmazonLexV2BedrockAgentPolicy
Amazon Bedrock 代理程式的政策
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Sid": "BedrockAgentInvokePolicy",
"Action": [
"bedrock:InvokeAgent"
],
"Resource": [
"arn:aws:bedrock:{region}:{accountId}:agent/[agentId]"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "{accountId}"
}
}
}
]
}
回應
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Sid": "LexV2TrustPolicy",
"Principal": {
"Service": "lexv2.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{accountId}"
}
}
}
]
}
AWS 受管政策:AmazonLexV2BedrockKnowledgeBasePolicy
Amazon Bedrock 知識庫的政策
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Sid": "BedrockKnowledgeBaseReadWritePolicy",
"Action": [
"bedrock:RetrieveAndGenerate",
"bedrock:Retrieve"
],
"Resource": [
"arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "{accountId}"
}
}
}
]
}
回應
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Sid": "LexV2TrustPolicy",
"Principal": {
"Service": "lexv2.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{accountId}"
}
}
}
]
}
AWS 受管政策:AmazonLexV2BedrockAgentPolicyInternal
Amazon Bedrock 代理程式的內部政策
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Sid": "BedrockAgentInvokePolicy",
"Action": [
"bedrock:InvokeAgent"
],
"Resource": [
"arn:aws:bedrock:{region}:{accountId}:agent/[agentId]"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "{accountId}"
}
}
}
]
}
回應
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Sid": "LexV2InternalTrustPolicy",
"Principal": {
"Service": "lexv2.aws.internal"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{accountId}"
}
}
}
]
}
AWS 受管政策:AmazonLexV2BedrockKnowledgeBasePolicyInternal
Amazon Bedrock 知識庫的內部政策
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Sid": "BedrockKnowledgeBaseReadWritePolicy",
"Action": [
"bedrock:RetrieveAndGenerate",
"bedrock:Retrieve"
],
"Resource": [
"arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "{accountId}"
}
}
}
]
}
回應
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "LexV2InternalTrustPolicy",
"Effect": "Allow",
"Principal": {
"Service": "lexv2.aws.internal"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{accountId}"
}
}
}
]
}
AWS 受管政策的 Amazon Lex V2 更新
檢視自此服務開始追蹤這些變更以來,Amazon Lex V2 AWS 受管政策更新的詳細資訊。如需此頁面變更的自動提醒,請訂閱 Amazon Lex V2 Amazon Lex V2 的文件歷史記錄頁面上的 RSS 摘要。
| 變更 | 描述 | 日期 |
|---|---|---|
|
Amazon Lex V2 新增了一項政策,以允許複寫 Amazon Bedrock 知識庫資源。 |
2024 年 8 月 30 日 | |
|
Amazon Lex V2 新增了允許複寫 Amazon Bedrock 代理程式資源的政策。 |
2024 年 8 月 30 日 | |
|
Amazon Lex V2 新增了一項政策,以允許複寫 Amazon Bedrock 知識庫資源。 |
2024 年 8 月 30 日 | |
|
Amazon Lex V2 新增了允許複寫 Amazon Bedrock 代理程式資源的政策。 |
2024 年 8 月 30 日 | |
|
AmazonLexReadOnly – 更新至現有政策 |
Amazon Lex V2 新增了許可,以允許機器人資源的唯讀存取複本。 |
2024 年 5 月 10 日 |
|
AmazonLexFullAccess – 更新至現有政策 |
Amazon Lex V2 新增了允許將機器人資源複寫至其他區域的許可。 |
2024 年 4 月 16 日 |
|
AmazonLexFullAccess – 更新至現有政策 |
Amazon Lex V2 新增了允許將機器人資源複寫至其他區域的許可。 |
2024 年 1 月 31 日 |
|
Amazon Lex V2 新增了一項政策,以允許將機器人資源複寫至其他區域。 |
2024 年 1 月 31 日 | |
|
AmazonLexReadOnly – 更新至現有政策 |
Amazon Lex V2 新增了新的許可,以允許唯讀存取列出自訂詞彙項目。 |
2022 年 11 月 29 日 |
|
AmazonLexFullAccess – 更新至現有政策 |
Amazon Lex V2 新增了新的許可,以允許唯讀存取 Amazon Lex V2 模型建置服務操作。 |
2021 年 8 月 18 日 |
AmazonLexReadOnly – 更新至現有政策 |
Amazon Lex V2 新增了新的許可,以允許唯讀存取 Amazon Lex V2 自動聊天機器人設計工具操作。 |
2021 年 12 月 1 日 |
|
AmazonLexFullAccess – 更新至現有政策 |
Amazon Lex V2 新增了新的許可,以允許唯讀存取 Amazon Lex V2 模型建置服務操作。 |
2021 年 8 月 18 日 |
|
AmazonLexReadOnly – 更新至現有政策 |
Amazon Lex V2 新增了新的許可,以允許唯讀存取 Amazon Lex V2 模型建置服務操作。 |
2021 年 8 月 18 日 |
|
AmazonLexRunBotsOnly – 更新至現有政策 |
Amazon Lex V2 新增了允許唯讀存取 Amazon Lex V2 執行期服務操作的許可。 |
2021 年 8 月 18 日 |
|
Amazon Lex V2 開始追蹤變更 |
Amazon Lex V2 開始追蹤其 AWS 受管政策的變更。 |
2021 年 8 月 18 日 |
