AWS Lex Access Denied after redistributing lambda. Incorrect default IAM role
I created an AWS Lex bot and added an intent recently. Then I downloaded a simple AWS Lambda that has admin access (I dropped it later, don't worry) and then added some trusted entities:
Reliable objects
- ID card provider apigateway.amazonaws.com
- Identity providers lambda.amazonaws.com
- Vendor ID (s) events.amazonaws.com
- ID card provider lex.amazonaws.com
Then I added a lambda function to the intent and built a bot, start testing it. Everything went perfectly. The next step was (after 10 minutes) to update the lambda function (check out new features). I added a new version and went back to AWS Lex and started writing posts and the following error came up:
Error occured: access denied when calling lambda function arn: aws: lambda: us-east-1: 99999999999: function: lex-test from arn: aws: lex: us-east-1: 888888888: intent: test: 3. Check out this policy.
At first I thought it was my mistake and started researching the problem, but then I noticed that the AWSServiceRoleForLexBots role policy was wrong.{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"polly:SynthesizeSpeech"
],
"Resource": [
"*"
]
}
]
}
I cannot change it because "this service-related role cannot be changed in IAM. You can change this role from an AWS service that depends on this role." If I click all intents again and remove the lambda function, then add it again and then create and publish it, it works until the next update.
However, this is a nightmare. Do you know how I can fix this?
Thank.
source to share
Using AWS CLI try the following:
aws lambda add-permission --function-name lex-test --statement-id chatbot-fulfillment --action "lambda:InvokeFunction" --principal "lex.amazonaws.com"
And see: Using Resource Based Policies for AWMS Lambda (Lambda Function Policy)
source to share