Using AWS lambda function to call lex chat bot

Question

I am trying to use boto3 from within AWS lambda function in order to do post_text to a Lex chat bot.

Python code:

    client = boto3.client('lex-runtime')
    data = "string input"
    response = client.post_text(
    botName='xxx',
    botAlias='yyy',
    userId='id',
    inputText= data)

but i get:

An error occurred (AccessDeniedException) when calling the PostText 
operation: User: arn:aws:sts::111111111:assumed- 
role/functionName/functionName is not authorized to perform: lex:PostText on 
resource: arn:aws:lex:us-east-1:111111111:bot:xxx:yyyy"

So i set up IAM rule an and policy:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "lex:PostText"
        ],
        "Resource": [
            "arn:aws:lex:us-east-1:111111111:bot:xxx:yyyy"
        ]
    }
]
}

Trust relationship:

{
"Version": "2012-10-17",
"Statement": [
{
  "Effect": "Allow",
  "Principal": {
    "Service": "lambda.amazonaws.com"
  },
  "Action": "sts:AssumeRole"
}
]
}

But it still doesn't work and i get the same error.

Answer 1

I experienced the same issue recently.

It is most certainly related to the permissions assigned to the IAM role that you're using when running the Lambda function.

The easiest way to resolve this is below:-

1. Open the Lambda function on the AWS Console.
2. Scroll down to the "Execution role" section.
3. Click the link under the role to view the role in a new window. It should look something like this: "View the role".
4. In the new window under the permissions tab click on "Attach policies".
5. This takes you to a new screen. On this screen filter the listed policies by typing in "lex" in the input field.
6. The filtered list will contain a policy call "AmazonLexRunBotsOnly".
7. Attach this policy to your role.
8. Save the changes and make your way back to your lambda function.
9. Save the lambda function and retest.

This will resolve your issue.