支援終止通知:2025 年 9 月 15 日, AWS 將停止對 Amazon Lex V1 的支援。2025 年 9 月 15 日之後,您將無法再存取 Amazon Lex V1 主控台或 Amazon Lex V1 資源。如果您使用的是 Amazon Lex V2,請改參閱 [Amazon Lex V2 指南](https://docs.aws.amazon.com/lexv2/latest/dg/what-is.html)。
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWS Amazon Lex 的 受管政策
AWS 受管政策是由 AWS AWS 受管政策建立和管理的獨立政策旨在為許多常用案例提供許可,以便您可以開始將許可指派給使用者、群組和角色。
請記住, AWS 受管政策可能不會授予特定使用案例的最低權限許可,因為這些許可可供所有 AWS 客戶使用。我們建議您定義特定於使用案例的[客戶管理政策](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies),以便進一步減少許可。
您無法變更 AWS 受管政策中定義的許可。如果 AWS 更新受 AWS 管政策中定義的許可,則更新會影響政策連接的所有主體身分 (使用者、群組和角色)。當新的 AWS 服務 啟動或新的 API 操作可用於現有服務時, AWS 最有可能更新 AWS 受管政策。
如需詳細資訊,請參閱 *IAM 使用者指南*中的 [AWS 受管政策](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies)。
## AWS 受管政策:AmazonLexReadOnly
您可將 `AmazonLexReadOnly` 政策連接到 IAM 身分。
此政策授予唯讀許可,允許使用者檢視 Amazon Lex 和 Amazon Lex V2 模型建置服務中的所有動作。
**許可詳細資訊**
此政策包含以下許可:
+ `lex` – 在模型建置服務中唯讀存取 Amazon Lex 和 Amazon Lex V2 資源。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lex:GetBot",
"lex:GetBotAlias",
"lex:GetBotAliases",
"lex:GetBots",
"lex:GetBotChannelAssociation",
"lex:GetBotChannelAssociations",
"lex:GetBotVersions",
"lex:GetBuiltinIntent",
"lex:GetBuiltinIntents",
"lex:GetBuiltinSlotTypes",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView",
"lex:DescribeBot",
"lex:DescribeBotAlias",
"lex:DescribeBotChannel",
"lex:DescribeBotLocale",
"lex:DescribeBotVersion",
"lex:DescribeExport",
"lex:DescribeImport",
"lex:DescribeIntent",
"lex:DescribeResourcePolicy",
"lex:DescribeSlot",
"lex:DescribeSlotType",
"lex:ListBots",
"lex:ListBotLocales",
"lex:ListBotAliases",
"lex:ListBotChannels",
"lex:ListBotVersions",
"lex:ListBuiltInIntents",
"lex:ListBuiltInSlotTypes",
"lex:ListExports",
"lex:ListImports",
"lex:ListIntents",
"lex:ListSlots",
"lex:ListSlotTypes",
"lex:ListTagsForResource"
],
"Resource": "*"
}
]
}
```
------
## AWS 受管政策:AmazonLexRunBotsOnly
您可將 `AmazonLexRunBotsOnly` 政策連接到 IAM 身分。
此政策授予唯讀許可,允許執行 Amazon Lex 和 Amazon Lex V2 對話式機器人的存取權。
**許可詳細資訊**
此政策包含以下許可:
+ `lex` – Amazon Lex 和 Amazon Lex V2 執行時間中所有動作的唯讀存取權。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lex:PostContent",
"lex:PostText",
"lex:PutSession",
"lex:GetSession",
"lex:DeleteSession",
"lex:RecognizeText",
"lex:RecognizeUtterance",
"lex:StartConversation"
],
"Resource": "*"
}
]
}
```
------
## AWS 受管政策:AmazonLexFullAccess
您可將 `AmazonLexFullAccess` 政策連接到 IAM 身分。
此政策授予管理許可,允許使用者建立、讀取、更新和刪除 Amazon Lex 和 Amazon Lex V2 資源,以及執行 Amazon Lex 和 Amazon Lex V2 對話式機器人。
**許可詳細資訊**
此政策包含以下許可:
+ `lex` – 允許主體讀取和寫入存取 Amazon Lex 和 Amazon Lex V2 模型建置和執行時間服務中的所有動作。
+ `cloudwatch` – 允許主體檢視 Amazon CloudWatch 指標和警示。
+ `iam` – 允許主體建立和刪除服務連結角色、傳遞角色,以及將政策連接到角色並分離。Amazon Lex 操作的許可僅限於「lex.amazonaws.com」,Amazon Lex V2 操作的許可僅限於「lexv2.amazonaws.com」。
+ `kendra` – 允許主體列出 Amazon Kendra 索引。
+ `kms` – 允許主體描述 AWS KMS 金鑰和別名。
+ `lambda` – 允許主體列出 AWS Lambda 函數和管理連接到任何 Lambda 函數的許可。
+ `polly` – 允許主體描述 Amazon Polly 語音和合成語音。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lex:*",
"polly:DescribeVoices",
"polly:SynthesizeSpeech",
"kendra:ListIndices",
"iam:ListRoles",
"s3:ListAllMyBuckets",
"logs:DescribeLogGroups",
"s3:GetBucketLocation"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:AddPermission",
"lambda:RemovePermission"
],
"Resource": "arn:aws:lambda:*:*:function:AmazonLex*",
"Condition": {
"StringEquals": {
"lambda:Principal": "lex.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:GetRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "lex.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "channels.lex.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "lexv2.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "channels.lexv2.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels",
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*",
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lex.amazonaws.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lexv2.amazonaws.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"channels.lexv2.amazonaws.com"
]
}
}
}
]
}
```
------
## AWS 受管政策的 Amazon Lex 更新
檢視自此服務開始追蹤 Amazon Lex AWS 受管政策更新以來的詳細資訊。如需此頁面變更的自動提醒,請訂閱 Amazon Lex [Amazon Lex 的文件歷史記錄](doc-history.md)頁面上的 RSS 摘要。
| 變更 | 描述 | Date |
| --- | --- | --- |
| [AmazonLexFullAccess](#security-iam-awsmanpol-AmazonLexFullAccess) – 更新現有政策 | Amazon Lex 新增了新的許可,以允許唯讀存取 Amazon Lex V2 模型建置服務操作。 | 2021 年 8 月 18 日 |
| [AmazonLexReadOnly](#security-iam-awsmanpol-AmazonLexReadOnly) – 更新至現有政策 | Amazon Lex 新增了新的許可,以允許唯讀存取 Amazon Lex V2 模型建置服務操作。 | 2021 年 8 月 18 日 |
| [AmazonLexRunBotsOnly](#security-iam-awsmanpol-AmazonLexRunBotsOnly) – 更新至現有政策 | Amazon Lex 新增了新的許可,以允許唯讀存取 Amazon Lex V2 執行期服務操作。 | 2021 年 8 月 18 日 |
| Amazon Lex 開始追蹤變更 | Amazon Lex 開始追蹤其 AWS 受管政策的變更。 | 2021 年 8 月 18 日 |