I created an AWS Lex bot and added an intent recently. Then I uploaded a simple AWS Lambda, which has an administrator access (I will lower it later, no worries) and then also added some trusted entities:
Trusted entities
- The identity provider(s) apigateway.amazonaws.com
- The identity provider(s) lambda.amazonaws.com
- The identity provider(s) events.amazonaws.com
- The identity provider(s) lex.amazonaws.com
Then I added the lambda function to the intent and build the bot, start testing it. It worked just fine. Next step was (in 10 minutes) to update the lambda function (test new functionality). I added a new version and went back to AWS Lex and start writing messages and the following error message came up:
An error has occurred: Access denied while invoking lambda function arn:aws:lambda:us-east-1:99999999999:function:lex-test from arn:aws:lex:us-east-1:888888888:intent:test:3. Please check the policy on this function.
First, I thought it was my mistake, and started looking into the problem, but then, I noticed the AWSServiceRoleForLexBots role's policy is not right.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"polly:SynthesizeSpeech"
],
"Resource": [
"*"
]
}
]
}
I can't change it because "This service-linked role cannot be modified in IAM. You can modify this role from the AWS service that depends on this role." If I click through every intent again and remove the lambda function and then add it again and then build and publish it, it will work until the next update.
However, this is a nightmare. Do you have any idea how could I fix this?
Thanks.
