Amazon Lex Model Building V2

2021/05/20 - Amazon Lex Model Building V2 - 6 new api methods

Changes  Customers can now use resource-based policies to control access to their Lex V2 bots. This release adds APIs to attach and manage permissions for a bot or a bot alias. For details, see: https://docs.aws.amazon.com/lexv2/latest/dg/security_iam_service-with-iam.html

DeleteResourcePolicyStatement (new) Link ¶

Deletes a policy statement from a resource policy. If you delete the last statement from a policy, the policy is deleted. If you specify a statement ID that doesn't exist in the policy, or if the bot or bot alias doesn't have a policy attached, Amazon Lex returns an exception.

See also: AWS API Documentation

Request Syntax

client.delete_resource_policy_statement(
    resourceArn='string',
    statementId='string',
    expectedRevisionId='string'
)
type resourceArn

string

param resourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

type statementId

string

param statementId

[REQUIRED]

The name of the statement (SID) to delete from the policy.

type expectedRevisionId

string

param expectedRevisionId

The identifier of the revision of the policy to delete the statement from. If this revision ID doesn't match the current revision ID, Amazon Lex throws an exception.

If you don't specify a revision, Amazon Lex removes the current contents of the statement.

rtype

dict

returns

Response Syntax

{
    'resourceArn': 'string',
    'revisionId': 'string'
}

Response Structure

  • (dict) --

    • resourceArn (string) --

      The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy statement was removed from.

    • revisionId (string) --

      The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.

DescribeResourcePolicy (new) Link ¶

Gets the resource policy and policy revision for a bot or bot alias.

See also: AWS API Documentation

Request Syntax

client.describe_resource_policy(
    resourceArn='string'
)
type resourceArn

string

param resourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

rtype

dict

returns

Response Syntax

{
    'resourceArn': 'string',
    'policy': 'string',
    'revisionId': 'string'
}

Response Structure

  • (dict) --

    • resourceArn (string) --

      The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

    • policy (string) --

      The JSON structure that contains the resource policy. For more information about the contents of a JSON policy document, see IAM JSON policy reference.

    • revisionId (string) --

      The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.

CreateResourcePolicyStatement (new) Link ¶

Adds a new resource policy statement to a bot or bot alias. If a resource policy exists, the statement is added to the current resource policy. If a policy doesn't exist, a new policy is created.

You can create a resource policy statement that allows cross-account access.

See also: AWS API Documentation

Request Syntax

client.create_resource_policy_statement(
    resourceArn='string',
    statementId='string',
    effect='Allow'|'Deny',
    principal=[
        {
            'service': 'string',
            'arn': 'string'
        },
    ],
    action=[
        'string',
    ],
    condition={
        'string': {
            'string': 'string'
        }
    },
    expectedRevisionId='string'
)
type resourceArn

string

param resourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

type statementId

string

param statementId

[REQUIRED]

The name of the statement. The ID is the same as the Sid IAM property. The statement name must be unique within the policy. For more information, see IAM JSON policy elements: Sid.

type effect

string

param effect

[REQUIRED]

Determines whether the statement allows or denies access to the resource.

type principal

list

param principal

[REQUIRED]

An IAM principal, such as an IAM users, IAM roles, or AWS services that is allowed or denied access to a resource. For more information, see AWS JSON policy elements: Principal.

  • (dict) --

    The IAM principal that you allowing or denying access to an Amazon Lex action. You must provide a service or an arn , but not both in the same statement. For more information, see AWS JSON policy elements: Principal.

    • service (string) --

      The name of the AWS service that should allowed or denied access to an Amazon Lex action.

    • arn (string) --

      The Amazon Resource Name (ARN) of the principal.

type action

list

param action

[REQUIRED]

The Amazon Lex action that this policy either allows or denies. The action must apply to the resource type of the specified ARN. For more information, see Actions, resources, and condition keys for Amazon Lex V2.

  • (string) --

type condition

dict

param condition

Specifies a condition when the policy is in effect. If the principal of the policy is a service principal, you must provide two condition blocks, one with a SourceAccount global condition key and one with a SourceArn global condition key.

For more information, see IAM JSON policy elements: Condition.

  • (string) --

    • (dict) --

      • (string) --

        • (string) --

type expectedRevisionId

string

param expectedRevisionId

The identifier of the revision of the policy to edit. If this revision ID doesn't match the current revision ID, Amazon Lex throws an exception.

If you don't specify a revision, Amazon Lex overwrites the contents of the policy with the new values.

rtype

dict

returns

Response Syntax

{
    'resourceArn': 'string',
    'revisionId': 'string'
}

Response Structure

  • (dict) --

    • resourceArn (string) --

      The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

    • revisionId (string) --

      The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.

CreateResourcePolicy (new) Link ¶

Creates a new resource policy with the specified policy statements.

See also: AWS API Documentation

Request Syntax

client.create_resource_policy(
    resourceArn='string',
    policy='string'
)
type resourceArn

string

param resourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

type policy

string

param policy

[REQUIRED]

A resource policy to add to the resource. The policy is a JSON structure that contains one or more statements that define the policy. The policy must follow the IAM syntax. For more information about the contents of a JSON policy document, see IAM JSON policy reference.

If the policy isn't valid, Amazon Lex returns a validation exception.

rtype

dict

returns

Response Syntax

{
    'resourceArn': 'string',
    'revisionId': 'string'
}

Response Structure

  • (dict) --

    • resourceArn (string) --

      The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy was attached to.

    • revisionId (string) --

      The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.

DeleteResourcePolicy (new) Link ¶

Removes an existing policy from a bot or bot alias. If the resource doesn't have a policy attached, Amazon Lex returns an exception.

See also: AWS API Documentation

Request Syntax

client.delete_resource_policy(
    resourceArn='string',
    expectedRevisionId='string'
)
type resourceArn

string

param resourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the bot or bot alias that has the resource policy attached.

type expectedRevisionId

string

param expectedRevisionId

The identifier of the revision to edit. If this ID doesn't match the current revision number, Amazon Lex returns an exception

If you don't specify a revision ID, Amazon Lex will delete the current policy.

rtype

dict

returns

Response Syntax

{
    'resourceArn': 'string',
    'revisionId': 'string'
}

Response Structure

  • (dict) --

    • resourceArn (string) --

      The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy was deleted from.

    • revisionId (string) --

      The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.

UpdateResourcePolicy (new) Link ¶

Replaces the existing resource policy for a bot or bot alias with a new one. If the policy doesn't exist, Amazon Lex returns an exception.

See also: AWS API Documentation

Request Syntax

client.update_resource_policy(
    resourceArn='string',
    policy='string',
    expectedRevisionId='string'
)
type resourceArn

string

param resourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

type policy

string

param policy

[REQUIRED]

A resource policy to add to the resource. The policy is a JSON structure that contains one or more statements that define the policy. The policy must follow the IAM syntax. For more information about the contents of a JSON policy document, see IAM JSON policy reference.

If the policy isn't valid, Amazon Lex returns a validation exception.

type expectedRevisionId

string

param expectedRevisionId

The identifier of the revision of the policy to update. If this revision ID doesn't match the current revision ID, Amazon Lex throws an exception.

If you don't specify a revision, Amazon Lex overwrites the contents of the policy with the new values.

rtype

dict

returns

Response Syntax

{
    'resourceArn': 'string',
    'revisionId': 'string'
}

Response Structure

  • (dict) --

    • resourceArn (string) --

      The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

    • revisionId (string) --

      The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.