Configure IAM role with permissions for Amazon Lex app
To access Amazon Lex bots, Genesys Cloud must have permission to use resources in Amazon Web Services (AWS). This procedure explains how to set up an IAM role in AWS. This role is assigned to Amazon Lex later, when you configure and activate the app in Genesys Cloud.
To configure an IAM role:
- Log in to AWS.
- Navigate to the AWS Services page.
- Select IAM.
- Under Dashboard, select Roles.
- On the Roles page, click Create role.
- Select Another AWS Account as the type of trusted entity.
- In the Account ID box, enter 765628985471 (Core/Satellite regions). This number is Genesys Cloud’s production account ID. If you need the FedRAMP region (US-East-2) account ID, please contact your Genesys representative.
- To enhance security, Genesys recommends that you check the Require External ID box and enter your Genesys Cloud organization’s ID.
- Click Next Permissions.
- Next, assign permission policies to the role. In the search box, type Lex. Then select the AmazonLexReadOnly and AmazonLexRunBotsOnly policies check boxes.
- AmazonLexReadOnly provides read-only access to Amazon Lex, allowing the role to look at Lex bots.
- The AmazonLexRunBotsOnly policy provides access to Amazon Lex conversational APIs, so that audio can be sent at runtime.
Note: These permissions do not give Genesys Cloud any ability to edit your Lex bots.
- Click Next: Tags.
- (Optional) Add metadata to the role by attaching tags as key-value pairs. For more information, see Tagging AIM Entities in the AWS Identitiy and Access Management User Guide.
- Click Next: Review.
- In the Role Name box, type a name. For example, DemoLexRole.
- In the Role description box, enter descriptive text about the role .
- Verify that the account number for Trusted entities matches the Genesys Cloud production account ID you entered in step 6.
- Click Create Role.
- In the listing page, click the name of the role. This link is the name you entered in the Role Name box in step 12 (DemoLexRole in this example). Summary details about the role appear.
- Note the Role ARN. You need this credential later. An Amazon Resource Name (ARN) is a unique identifier that unambiguously identifies a resource.
- Click the Copy icon (to the right of Role ARN) to copy your ARN to the clipboard.