终止支持通知:2025年9月15日, AWS 我们将停止对Amazon Lex V1的支持。2025 年 9 月 15 日之后,您将无法再访问 Amazon Lex V1 控制台或 Amazon Lex V1 资源。如果您使用的是 Amazon Lex V2,请改为参阅 [Amazon Lex V2 指南](https://docs.aws.amazon.com/lexv2/latest/dg/what-is.html)。
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# AWS Amazon Lex 的托管策略
AWS 托管策略是由创建和管理的独立策略 AWS。 AWS 托管策略旨在为许多常见用例提供权限,以便您可以开始为用户、组和角色分配权限。
请记住, AWS 托管策略可能不会为您的特定用例授予最低权限权限,因为它们可供所有 AWS 客户使用。我们建议通过定义特定于使用案例的[客户管理型策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies)来进一步减少权限。
您无法更改 AWS 托管策略中定义的权限。如果 AWS 更新 AWS 托管策略中定义的权限,则更新会影响该策略所关联的所有委托人身份(用户、组和角色)。 AWS 最有可能在启动新的 API 或现有服务可以使用新 AWS 服务 的 API 操作时更新 AWS 托管策略。
有关更多信息,请参阅《IAM 用户指南》**中的 [AWS 托管式策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies)。
## AWS 托管策略: AmazonLexReadOnly
您可以将 `AmazonLexReadOnly` 策略附加到 IAM 身份。
此策略授予只读权限,允许用户查看 Amazon Lex 和 Amazon Lex V2 模型构建服务中的所有操作。
**权限详细信息**
该策略包含以下权限:
+ `lex` — 模型构建服务中对 Amazon Lex 和 Amazon Lex V2 资源的只读访问权限。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lex:GetBot",
"lex:GetBotAlias",
"lex:GetBotAliases",
"lex:GetBots",
"lex:GetBotChannelAssociation",
"lex:GetBotChannelAssociations",
"lex:GetBotVersions",
"lex:GetBuiltinIntent",
"lex:GetBuiltinIntents",
"lex:GetBuiltinSlotTypes",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView",
"lex:DescribeBot",
"lex:DescribeBotAlias",
"lex:DescribeBotChannel",
"lex:DescribeBotLocale",
"lex:DescribeBotVersion",
"lex:DescribeExport",
"lex:DescribeImport",
"lex:DescribeIntent",
"lex:DescribeResourcePolicy",
"lex:DescribeSlot",
"lex:DescribeSlotType",
"lex:ListBots",
"lex:ListBotLocales",
"lex:ListBotAliases",
"lex:ListBotChannels",
"lex:ListBotVersions",
"lex:ListBuiltInIntents",
"lex:ListBuiltInSlotTypes",
"lex:ListExports",
"lex:ListImports",
"lex:ListIntents",
"lex:ListSlots",
"lex:ListSlotTypes",
"lex:ListTagsForResource"
],
"Resource": "*"
}
]
}
```
------
## AWS 托管策略: AmazonLexRunBotsOnly
您可以将 `AmazonLexRunBotsOnly` 策略附加到 IAM 身份。
该策略授予只读权限,允许运行 Amazon Lex 和 Amazon Lex V2 对话机器人。
**权限详细信息**
该策略包含以下权限:
+ `lex` — 对 Amazon Lex 和 Amazon Lex V2 运行时中的所有操作的只读访问权限。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lex:PostContent",
"lex:PostText",
"lex:PutSession",
"lex:GetSession",
"lex:DeleteSession",
"lex:RecognizeText",
"lex:RecognizeUtterance",
"lex:StartConversation"
],
"Resource": "*"
}
]
}
```
------
## AWS 托管策略: AmazonLexFullAccess
您可以将 `AmazonLexFullAccess` 策略附加到 IAM 身份。
该政策授予管理权限,允许用户创建、读取、更新和删除 Amazon Lex 和 Amazon Lex V2 资源,以及运行 Amazon Lex 和 Amazon Lex V2 对话机器人。
**权限详细信息**
该策略包含以下权限:
+ `lex` — 向主体授予对 Amazon Lex 和 Amazon Lex V2 模型构建和运行时服务中的所有操作的读写权限。
+ `cloudwatch`— 允许委托人查看 Amazon CloudWatch 指标和警报。
+ `iam`:允许主体创建和删除服务相关角色、传递角色以及为角色附加和分离策略。Amazon Lex 操作的权限仅限于“lex.amazonaws.com”,而 Amazon Lex V2 操作的权限仅限于 “lexv2.amazonaws.com”。
+ `kendra`:允许主体列出 Amazon Kendra 索引。
+ `kms`— 允许委托人描述 AWS KMS 密钥和别名。
+ `lambda`— 允许委托人列出 AWS Lambda 函数并管理附加到任何 Lambda 函数的权限。
+ `polly`:允许主体描述 Amazon Polly 的声音并合成话语。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lex:*",
"polly:DescribeVoices",
"polly:SynthesizeSpeech",
"kendra:ListIndices",
"iam:ListRoles",
"s3:ListAllMyBuckets",
"logs:DescribeLogGroups",
"s3:GetBucketLocation"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:AddPermission",
"lambda:RemovePermission"
],
"Resource": "arn:aws:lambda:*:*:function:AmazonLex*",
"Condition": {
"StringEquals": {
"lambda:Principal": "lex.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:GetRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "lex.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "channels.lex.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "lexv2.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "channels.lexv2.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lex.amazonaws.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lexv2.amazonaws.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"channels.lexv2.amazonaws.com"
]
}
}
}
]
}
```
------
## Amazon Lex 更新 AWS 了托管政策
查看自该服务开始跟踪这些更改以来对 Amazon Lex AWS 托管政策的更新的详细信息。要获得有关此页面更改的自动提示,请订阅 Amazon Lex [Amazon Lex 的文档历史记录](doc-history.md) 页面上的 RSS 源。
| 更改 | 描述 | 日期 |
| --- | --- | --- |
| [AmazonLexFullAccess](#security-iam-awsmanpol-AmazonLexFullAccess):对现有策略的更新 | Amazon Lex 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 | 2021 年 8 月 18 日 |
| [AmazonLexReadOnly](#security-iam-awsmanpol-AmazonLexReadOnly) – 对现有策略的更新 | Amazon Lex 添加了新的权限,允许对 Amazon Lex V2 模型构建服务操作进行只读访问。 | 2021 年 8 月 18 日 |
| [AmazonLexRunBotsOnly](#security-iam-awsmanpol-AmazonLexRunBotsOnly) – 对现有策略的更新 | Amazon Lex 添加了新的权限,允许对 Amazon Lex V2 运行时服务操作进行只读访问。 | 2021 年 8 月 18 日 |
| Amazon Lex 开始跟踪更改 | Amazon Lex 开始跟踪其 AWS 托管式策略的更改。 | 2021 年 8 月 18 日 |