3

As far as I know, we can create Lex bots (V1) via terraform using the resources here.

I cannot find any resources anywhere for creating bots on Lex V2 platform using terraform. So does terraform support Lex v2 as of now? If not, is there any work around for this?

sepp2k
  • 363,768
  • 54
  • 674
  • 675
veri_pudicha_coder
  • 1,411
  • 9
  • 9

1 Answers1

1

According to the official doc, it still does not directly support by aws provider, but as suggested in the GitHub issue you could use awscc which supports V2. Check the issue here

Here is an example of how to use awscc provider to make it

resource "aws_iam_role" "lex_bot_role" {
  name = "lex_bot_role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Principal = {
          Service = "lex.amazonaws.com"
        }
        Action = "sts:AssumeRole"
      }
    ]
  })
}

resource "aws_iam_policy" "lex_bot_policy" {
  name        = "lex_bot_policy"
  path        = "/"
  description = "Policy that allows a Lex bot to access AWS resources."

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "logs:CreateLogGroup",
          "logs:CreateLogStream",
          "logs:PutLogEvents"
        ]
        Resource = "*"
      },
      {
        Effect = "Allow"
        Action = [
          "lex:CreateBotVersion",
          "lex:CreateIntentVersion",
          "lex:DeleteBot",
          "lex:DeleteBotAlias",
          "lex:DeleteBotChannelAssociation",
          "lex:DeleteBotVersion",
          "lex:DeleteIntent",
          "lex:DeleteIntentVersion",
          "lex:DeleteSlotType",
          "lex:DeleteSlotTypeVersion",
          "lex:PutBot",
          "lex:PutBotAlias",
          "lex:PutBotChannelAssociation",
          "lex:PutIntent",
          "lex:PutSlotType"
        ]
        Resource = "*"
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "lex_bot_policy_attachment" {
  policy_arn = aws_iam_policy.lex_bot_policy.arn
  role       = aws_iam_role.lex_bot_role.name
}


resource "awscc_lex_bot" "pizza_order_bot" {
  name                        = var.bot_name
  description                 = "A bot for ordering pizza"
  role_arn                    = aws_iam_role.lex_bot_role.arn
  idle_session_ttl_in_seconds = 300
  data_privacy = {
    child_directed = false
  }
  bot_tags = [
    {
      key   = "Environment"
      value = "Development"
    },
  ]

    depends_on = [
    #TODO: Fix this and try to make it use the variables
    # aws_lex_intent.order_pizza # The bot depends on the intent
    aws_iam_role.lex_bot_role
  ]
}
Mohamed Saleh
  • 2,881
  • 1
  • 23
  • 35
  • Thanks for posting this - I ran into the v2 issue today and found this helpful. QQ - Should the assume role service be "lexv2.amazonaws.com" instead of "lex.amazonaws.com"? The default role that AWS creates for a new bot only has a policy permissions for "polly:SynthesizeSpeech" also - are the CW log and lex permissions needed? – MillerC Jun 12 '23 at 20:26