Configure IAM role with permissions for Amazon Lex app


To access Amazon Lex bots, PureCloud must have permission to use resources in Amazon Web Services (AWS). This procedure explains how to set up an IAM role in AWS. This role is assigned to Amazon Lex later, when you configure and activate the app in PureCloud.

Note: AWS Identity and Access Management (IAM) is a web service that controls access to AWS resources. An IAM role is similar to a user, because it defines an AWS identity with permission policies that determine what the identity can and cannot do in AWS. An IAM role can be assumed by trusted identities, including applications such as PureCloud, AWS services such as EC2, or an end user. Each IAM role defines necessary permissions to make AWS service requests. For more information, see IAM Roles in Amazon’s AWS Identity and Access Management User Guide.

To configure an IAM role:

  1. Log in to AWS.
  2. Navigate to the AWS Services page.
  3. Select IAM.
  4. Under Dashboard, select Roles.
  5. On the Roles page, click Create role.
  6. Select Another AWS Account as the type of trusted entity.
  7. In the Account ID box, enter 765628985471 in the Account ID box. This is PureCloud’s production account ID.
  8. To enhance security, Genesys recommends that you check the Require External ID box and enter your organization’s ID.
  9. Click Next Permissions.
  10. Next, assign permission policies to the role. In the search box, type Lex. Then select the AmazonLexReadOnly and AmazonLexRunBotsOnly policies check boxes.
    • AmazonLexReadOnly provides read-only access to Amazon Lex, allowing the role to look at Lex bots.
    • The AmazonLexRunBotsOnly policy provides access to Amazon Lex conversational APIs, so that audio can be sent at runtime.
      Note: These permissions do not give PureCloud any ability to edit your Lex bots.
  11. Click Next: Tags.
  12. (Optional) Add metadata to the role by attaching tags as key-value pairs. For more information, see Tagging AIM Entities in the AWS Identitiy and Access Management User Guide.
  13. Click Next: Review.
  14. In the Role Name box, type a name. For example, DemoLexRole.
  15. In the Role description box, enter descriptive text about the role .
  16. Verify that the account number for Trusted entities matches the PureCloud production account ID you entered in step 6.
  17. Click Create Role.
  18. In the listing page, click the name of the role. This link is the name you entered in the Role Name box in step 12 (DemoLexRole in this example). Summary details about the role appear.
  19. Note the Role ARN. You need this credential later. An Amazon Resource Name (ARN) is a unique identifier that unambiguously identifies a resource.
  20. Click the Copy icon (to the right of Role ARN) to copy your ARN to the clipboard. 

Next: Configure and activate the Lex integration in PureCloud