本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Amazon Lex V2 的受管政策
同時 AWS 受管理的策略是由建立和管理的獨立策略 AWS. AWS 受管理的策略旨在為許多常見使用案例提供權限,以便您可以開始將權限指派給使用者、群組和角色。
請記住, AWS 受管理的政策可能不會為您的特定使用案例授與最低權限,因為這些權限適用於所有使用案例 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。
您無法變更中定義的權限 AWS 受管理的策略。If AWS 更新中定義的權限 AWS 受管理的原則,更新會影響所附加原則的所有主體識別 (使用者、群組和角色)。 AWS 最有可能更新 AWS 管理策略,當一個新的 AWS 服務 已啟動或新API作業可供現有服務使用。
如需詳細資訊,請參閱 AWS《IAM使用者指南》中的受管理策略。
AWS受管理的策略: AmazonLexReadOnly
您可以將AmazonLexReadOnly原則附加至您的IAM身分識別。
此政策授予唯讀許可,允許使用者檢視 Amazon Lex V2 和 Amazon Lex 模型建置服務中的所有動作。
許可詳細資訊
此政策包含以下許可:
-
lex— 模型建置服務中的 Amazon Lex V2 和 Amazon Lex 資源的唯讀存取權。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonLexReadOnlyStatement1", "Effect": "Allow", "Action": [ "lex:GetBot", "lex:GetBotAlias", "lex:GetBotAliases", "lex:GetBots", "lex:GetBotChannelAssociation", "lex:GetBotChannelAssociations", "lex:GetBotVersions", "lex:GetBuiltinIntent", "lex:GetBuiltinIntents", "lex:GetBuiltinSlotTypes", "lex:GetIntent", "lex:GetIntents", "lex:GetIntentVersions", "lex:GetSlotType", "lex:GetSlotTypes", "lex:GetSlotTypeVersions", "lex:GetUtterancesView", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotChannel", "lex:DescribeBotLocale", "lex:DescribeBotRecommendation", "lex:DescribeBotReplica", "lex:DescribeBotVersion", "lex:DescribeExport", "lex:DescribeImport", "lex:DescribeIntent", "lex:DescribeResourcePolicy", "lex:DescribeSlot", "lex:DescribeSlotType", "lex:ListBots", "lex:ListBotLocales", "lex:ListBotAliases", "lex:ListBotAliasReplicas", "lex:ListBotChannels", "lex:ListBotRecommendations", "lex:ListBotReplicas", "lex:ListBotVersions", "lex:ListBotVersionReplicas", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", "lex:ListExports", "lex:ListImports", "lex:ListIntents", "lex:ListRecommendedIntents", "lex:ListSlots", "lex:ListSlotTypes", "lex:ListTagsForResource", "lex:SearchAssociatedTranscripts", "lex:ListCustomVocabularyItems" ], "Resource": "*" } ] }
AWS受管理的策略: AmazonLexRunBotsOnly
您可以將AmazonLexRunBotsOnly原則附加至您的IAM身分識別。
此政策授予唯讀許可,允許存取執行 Amazon Lex V2 和 Amazon Lex 交談機器人。
許可詳細資訊
此政策包含以下許可:
-
lex— 只讀訪問亞馬遜 Lex V2 和亞馬遜 LAmazon Lex 運行時中的所有操作。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lex:PostContent", "lex:PostText", "lex:PutSession", "lex:GetSession", "lex:DeleteSession", "lex:RecognizeText", "lex:RecognizeUtterance", "lex:StartConversation" ], "Resource": "*" } ] }
AWS受管理的策略: AmazonLexFullAccess
您可以將AmazonLexFullAccess原則附加至您的IAM身分識別。
此政策授予管理許可,允許使用者建立、讀取、更新和刪除 Amazon Lex V2 和 Amazon Lex 資源,以及執行 Amazon Lex V2 和 Amazon Lex 交談機器人。
許可詳細資訊
此政策包含以下許可:
-
lex— 允許主體對 Amazon Lex V2 和 Amazon Lex 模型建立和執行時期服務中的所有動作進行讀取和寫入存取。 -
cloudwatch— 允許校長檢視 Amazon CloudWatch 指標和警示。 -
iam— 可讓主參與者建立和刪除服務連結角色、傳遞角色,以及將原則附加至角色和中斷連結。權限被限制為「亞馬遜」亞馬遜萊克斯操作和「Lexv2.Amazonaws.com」Amazon Lex V2 操作. -
kendra— 允許校長列出 Amazon Kendra 索引。 -
kms— 允許主參與者描述 AWS KMS 金鑰和別名。 -
lambda— 允許主參與者列出 AWS Lambda 函數和管理連接到任何 Lambda 函數的權限。 -
polly— 允許校長描述 Amazon Polly 聲音並合成語音。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonLexFullAccessStatement1", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "kms:DescribeKey", "kms:ListAliases", "lambda:GetPolicy", "lambda:ListFunctions", "lambda:ListAliases", "lambda:ListVersionsByFunction" "lex:*", "polly:DescribeVoices", "polly:SynthesizeSpeech", "kendra:ListIndices", "iam:ListRoles", "s3:ListAllMyBuckets", "logs:DescribeLogGroups", "s3:GetBucketLocation" ], "Resource": [ "*" ] }, { "Sid": "AmazonLexFullAccessStatement2", "Effect": "Allow", "Action": [ "bedrock:ListFoundationModels" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "bedrock:InvokeModel" ], "Resource": "arn:aws:bedrock:*::foundation-model/*" }, { "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:RemovePermission" ], "Resource": "arn:aws:lambda:*:*:function:AmazonLex*", "Condition": { "StringEquals": { "lambda:Principal": "lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement3", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ] }, { "Sid": "AmazonLexFullAccessStatement4", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement5", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lex.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement6", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement7", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement8", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "replication.lexv2.amazonaws.com" } } }, { "Sid": "AmazonLexFullAccessStatement9", "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ] }, { "Sid": "AmazonLexFullAccessStatement10", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lex.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement11", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lexv2.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement12", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "channels.lexv2.amazonaws.com" ] } } }, { "Sid": "AmazonLexFullAccessStatement13", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lexv2.amazonaws.com" ] } } } ] }
AWS受管理的策略: AmazonLexReplicationPolicy
您無法附加AmazonLexReplicationPolicy至您的IAM實體。此政策附加至服務連結角色,可讓 Amazon Lex V2 代表您執行動作。如需詳細資訊,請參閱使用 Amazon Lex V2 的服務連結角色。
此政策授予允許 Amazon Lex V2 複寫的管理許可 AWS 代表您跨區域的資源。您可以附加此原則,以允許角色輕鬆複寫資源,包括機器人、地區設定、版本、別名、對應方式、位置類型、位置和自訂字彙。
許可詳細資訊
此政策包含以下許可。
-
lex— 允許主參與者複製其他區域中的資源。 -
iam— 允許主參與者從中IAM傳遞角色。這是必要的,因此 Amazon Lex V2 具有在其他區域複寫資源的許可。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReplicationPolicyStatement1", "Effect": "Allow", "Action": [ "lex:BuildBotLocale", "lex:ListBotLocales", "lex:CreateBotAlias", "lex:UpdateBotAlias", "lex:DeleteBotAlias", "lex:DescribeBotAlias", "lex:CreateBotVersion", "lex:DeleteBotVersion", "lex:DescribeBotVersion", "lex:CreateExport", "lex:DescribeBot", "lex:UpdateExport", "lex:DescribeExport", "lex:DescribeBotLocale", "lex:DescribeIntent", "lex:ListIntents", "lex:DescribeSlotType", "lex:ListSlotTypes", "lex:DescribeSlot", "lex:ListSlots", "lex:DescribeCustomVocabulary", "lex:StartImport", "lex:DescribeImport", "lex:CreateBot", "lex:UpdateBot", "lex:DeleteBot", "lex:CreateBotLocale", "lex:UpdateBotLocale", "lex:DeleteBotLocale", "lex:CreateIntent", "lex:UpdateIntent", "lex:DeleteIntent", "lex:CreateSlotType", "lex:UpdateSlotType", "lex:DeleteSlotType", "lex:CreateSlot", "lex:UpdateSlot", "lex:DeleteSlot", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "lex:DeleteBotChannel", "lex:DeleteResourcePolicy" ], "Resource": [ "arn:aws:lex:*:*:bot/*", "arn:aws:lex:*:*:bot-alias/*" ] }, { "Sid": "ReplicationPolicyStatement2", "Effect": "Allow", "Action": [ "lex:CreateUploadUrl", "lex:ListBots" ], "Resource": "*" }, { "Sid": "ReplicationPolicyStatement3", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "lexv2.amazonaws.com" } } } ] }
AWS受管政策: AmazonLexV2 BedrockAgentPolicy
Amazon 基岩代理政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockAgentInvokePolicy", "Action": [ "bedrock:InvokeAgent" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:agent/[agentId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
回應
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2TrustPolicy", "Principal": { "Service": "lexv2.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS受管政策: AmazonLexV2 BedrockKnowledgeBasePolicy
Amazon 基岩知識庫政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockKnowledgeBaseReadWritePolicy", "Action": [ "bedrock:RetrieveAndGenerate", "bedrock:Retrieve" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
回應
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2TrustPolicy", "Principal": { "Service": "lexv2.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS受管政策: AmazonLexV2 BedrockAgentPolicyInternal
Amazon 基岩代理程式的內部政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockAgentInvokePolicy", "Action": [ "bedrock:InvokeAgent" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:agent/[agentId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
回應
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Sid": "LexV2InternalTrustPolicy", "Principal": { "Service": "lexv2.aws.internal" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
AWS受管政策: AmazonLexV2 BedrockKnowledgeBasePolicyInternal
Amazon 基岩知識庫的內部政策
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Sid": "BedrockKnowledgeBaseReadWritePolicy", "Action": [ "bedrock:RetrieveAndGenerate", "bedrock:Retrieve" ], "Resource": [ "arn:aws:bedrock:{region}:{accountId}:knowledge-base/[knowledgeBaseId]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{accountId}" } } } ] }
回應
{ "Version": "2012-10-17", "Statement": [ { "Sid": "LexV2InternalTrustPolicy", "Effect": "Allow", "Principal": { "Service": "lexv2.aws.internal" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{accountId}" } } } ] }
Amazon Lex V2 更新到 AWS 受管政策
檢視有關更新的詳細資訊 AWS 自此服務開始追蹤這些變更以來,適用於 Amazon Lex V2 的受管政策。如需有關此頁面變更的自動警示,請訂閱 Amazon Lex V2 Amazon Lex V2 的文檔歷史 頁面上的RSS摘要。
| 變更 | 描述 | 日期 |
|---|---|---|
|
Amazon Lex V2 新增了一項新政策,允許複寫 Amazon 基岩知識庫資源。 |
2024年8月30日 | |
|
Amazon Lex V2 新增了一項新政策,允許複寫 Amazon 基岩代理程式資源。 |
2024年8月30日 | |
|
Amazon Lex V2 新增了一項新政策,允許複寫 Amazon 基岩知識庫資源。 |
2024年8月30日 | |
|
Amazon Lex V2 新增了一項新政策,允許複寫 Amazon 基岩代理程式資源。 |
2024年8月30日 | |
|
AmazonLexReadOnly – 更新現有政策 |
Amazon Lex V2 新增了新的許可,以允許機器人資源的唯讀存取複本。 |
2024年5月10日 |
|
AmazonLexFullAccess – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許將機器人資源複寫到其他區域。 |
2024年4月16日 |
|
AmazonLexFullAccess – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許將機器人資源複寫到其他區域。 |
2024 年 1 月 31 日 |
|
Amazon Lex V2 新增了一項新政策,允許將機器人資源複寫到其他區域。 |
2024 年 1 月 31 日 | |
|
AmazonLexReadOnly – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許列出自訂詞彙項目的唯讀存取權。 |
2022 年 11 月 29 日 |
|
AmazonLexFullAccess – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許對 Amazon Lex V2 模型建置服務作業進行唯讀存取。 |
2021 年 8 月 18 日 |
AmazonLexReadOnly – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許對 Amazon Lex V2 自動 Chatbot 設計器操作進行唯讀存取。 |
2021 年 12 月 1 日 |
|
AmazonLexFullAccess – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許對 Amazon Lex V2 模型建置服務作業進行唯讀存取。 |
2021 年 8 月 18 日 |
|
AmazonLexReadOnly – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許對 Amazon Lex V2 模型建置服務作業進行唯讀存取。 |
2021 年 8 月 18 日 |
|
AmazonLexRunBotsOnly – 更新現有政策 |
Amazon Lex V2 新增了新的許可,允許對 Amazon Lex V2 執行階段服務作業進行唯讀存取。 |
2021 年 8 月 18 日 |
|
Amazon Lex V2 開始跟踪更改 |
Amazon Lex V2 開始跟踪其更改 AWS 受管理的策略。 |
2021 年 8 月 18 日 |
