I'm trying to make an AWS Lex bot that will return an intent via a lambda. I have voice recognition on the client side and I want to transcribe the voice into text, then send it to an endpoint via serverless and receive that intent. All of this works, but when integrating serverless and the aws-sdk, I'm having trouble.
The error I'm getting is
ERROR AccessDeniedException: User: arn:aws:sts::387496244796:assumed-role/voice-dev-us-east-1-lambdaRole/voice-dev-sendTranscript is not authorized to perform: lex:PostText on resource: arn:aws:lex:us-east-1:387496244796:bot:VoiceRecognitionBot:dev
at Object.extractError (/var/task/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.extractError (/var/task/node_modules/aws-sdk/lib/protocol/rest_json.js:55:8)
at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:690:12) {
code: 'AccessDeniedException',
time: 2021-06-03T22:39:31.171Z,
requestId: 'db61b680-dc93-40f1-8ac8-485aa857b5a6',
statusCode: 403,
retryable: false,
retryDelay: 22.72147780759437
}
I took a look at this post but it doesn't seem like I'm doing anything different in terms of sending a userId. I'm not using facebook messenger or any service of the sort. This is a userId from our own app.
This is my handler:
"use strict";
const AWS = require("aws-sdk");
module.exports.sendTranscript = async (event, context, callback) => {
const lexService = new AWS.LexRuntime();
const params = {
botAlias: "dev",
botName: "VoiceRecognitionBot",
inputText: event.transcript,
userId: event.userId,
};
const results = await lexService
.postText(params, (error, data) => {
if (error) console.error(error);
else console.log("DATA RESPONSE => ", data);
})
.promise();
callback(null, results);
};
it's catching an error and it's basically what the log is above.
here is my sample input:
{"transcript": "chat with team", "userId": "920bfg83-95af-423c-a058-8f58b23487r6"}
Could it be my serverless.yml? I havent touched it besides renaming functions. No IAM roles.
This error is because of lambda don’t have correct role to execute lex post text. Refer https://docs.aws.amazon.com/lex/latest/dg/security_iam_id-based-policy-examples.html
Assign lex read role to lambda and try again it should work.