Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 使用Cloudformation创建技能时出错_Amazon Web Services_Aws Lambda_Amazon Cloudformation_Alexa Skill - Fatal编程技术网
Fatal编程技术网

Amazon web services 使用Cloudformation创建技能时出错

amazon-web-services aws-lambda amazon-cloudformation

Amazon web services 使用Cloudformation创建技能时出错,amazon-web-services,aws-lambda,amazon-cloudformation,alexa-skill,Amazon Web Services,Aws Lambda,Amazon Cloudformation,Alexa Skill,我有一个月的时间发展alexa技能,并希望通过Cloudformation创建。为此,我用这个: Lambda函数 { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Lambda Function from Cloud Formation by Felix Vazquez", "Resources": { "Lambda1": { "Type": "AWS::Lambda::Fu

我有一个月的时间发展alexa技能,并希望通过Cloudformation创建。为此,我用这个:

Lambda函数

{
   "AWSTemplateFormatVersion": "2010-09-09",
   "Description": "Lambda Function from Cloud Formation by Felix Vazquez",
   "Resources": {
      "Lambda1": {
         "Type": "AWS::Lambda::Function",
         "Properties": {
            "Code": {
               "S3Bucket": "felix-lambda-code",
               "S3Key": "hello_lambda.zip"
            },
            "Description": "Test with Cloud Formation",
            "FunctionName": "Felix-hello-world1234",
            "Handler": "lambda_function.lambda_handler",
            "Role": "arn:aws:iam::776831754616:role/testRol",
            "Runtime": "python2.7"
         }
      }
   }
}
Alexa Skill

"Resources": {
        "23LT3": {
            "Type": "Alexa::ASK::Skill",
            "Properties": {
                "AuthenticationConfiguration": {
                    "ClientId": "+my client ID+",
                    "ClientSecret": "+my client Secret+",
                    "RefreshToken": "+The token i generate via lwa+"
                },
                "VendorId": "+my vendor ID+",
                "SkillPackage": {
                    "S3Bucket": "myskillpackagebucket",
                    "S3Key": "my_function10.zip",
                    "S3BucketRole": {
                        "Fn::GetAtt": [
                            "IAMRU6TJ",
                            "Arn"
                        ]
                    },
                    "Overrides": {
                        "Manifest": {
                            "apis": {
                                "custom": {
                                    "endpoint": {
                                        "uri": {
                                            "Fn::GetAtt": [
                                                "Lambda1",
                                                "Arn"
                                            ]
}}}}}}}}
IAM角色

{
    "Resources": {
        "IAMRU6TJ": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": [
                                    "s3.amazonaws.com",
                                    "lambda.amazonaws.com"
                                ]
                            },
                            "Action": [
                                "sts:AssumeRole"
                            ]
                        }
                    ]
                },
                "Path": "/",
                "Policies": [
                    {
                        "PolicyName": "root",
                        "PolicyDocument": {
                            "Version": "2012-10-17",
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": "*",
                                    "Resource": "*"
}]}}]}}}}
技能取决于lambda和IAM角色。当我在几秒钟后“创建堆栈”时,会出现以下错误:

无法承担提供的角色。原因:访问被拒绝(服务:AWSSecurityTokenService;状态代码:403;错误代码:访问被拒绝;请求ID:b2e8762c-2593-11e9-b3ec-872599411915)

作为我使用的代币

ask util生成lwa令牌——作用域“alexa::ask:skills:readwrite alexa::ask:models:readwrite profile”

活动图像:

你的Alexa::ASK::技能资源:
23LT3['Properties']['SkillPackage']['S3BucketRole']

医生说 授予Alexa service访问bucket和检索技能包的权限的角色的ARN。此角色是可选的,如果未提供,则必须为bucket配置允许此访问的策略或可公开访问的策略,以便AWS CloudFormation创建技能

目前,您的角色允许s3.amazonaws.com和lambda.amazonaws.com担任可以在AWS帐户中执行任何操作的角色,但是您需要允许“Alexa服务权限…”

最好的做法是使用最少的特权,但如果您只是测试一下,我就知道了。

我很难在任何地方找到必要的文档化细节。以下是我用来实现这一点的角色

  AlexaReadRole:
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Action:
              - sts:AssumeRole
            Effect: Allow
            Principal:
              Service:
                - alexa-appkit.amazon.com
            Sid: AllowServiceToAssumeRole
        Version: 2012-10-17
      Policies:
        - PolicyName: "AlexaS3Read"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: "Allow"
                Action: "s3:GetObject"
                Resource: "arn:aws:s3:::<bucket-name>/<path-to-alexa-files>/*"
    Type: AWS::IAM::Role

AlexaReadRole:
特性:
假设政策文件:
声明:
-行动:
-sts:假设角色
效果:允许
负责人:
服务:
-alexa-appkit.amazon.com
Sid:AllowServiceToAssumeRole
版本:2012-10-17
政策:
-保单名称:“AlexaS3Read”
政策文件:
版本:“2012-10-17”
声明:
-效果:“允许”
操作:“s3:GetObject”
资源:“arn:aws:s3::://*”
类型:AWS::IAM::角色