Remove Privileges for Unauthenticated Cognito Identities
identityPoolName: LMA-AISTACK-XXX-AgentAssistBot-IdentityPool
nonCompliantActions: ["lex:DeleteSession","lex:RecognizeText","lex:RecognizeUtterance","lex:PutSession"]
To remediate this issue, we will need to move to a different user authorization mechanism and remove the IAM action permissions that are listed as non-compliant on the Shepherd issue from the Cognito Identity unauthenticated role.
Related to Lex Web UI in LMA. I think the embedded Lex Web UI (in the LMA CallDetail page) is using the unauth role, but it should probably be configured instead to use the auth role, based on the login token of the LMA UI page itself.
Remove Privileges for Unauthenticated Cognito Identities identityPoolName: LMA-AISTACK-XXX-AgentAssistBot-IdentityPool nonCompliantActions: ["lex:DeleteSession","lex:RecognizeText","lex:RecognizeUtterance","lex:PutSession"] To remediate this issue, we will need to move to a different user authorization mechanism and remove the IAM action permissions that are listed as non-compliant on the Shepherd issue from the Cognito Identity unauthenticated role.
Related to Lex Web UI in LMA. I think the embedded Lex Web UI (in the LMA CallDetail page) is using the unauth role, but it should probably be configured instead to use the auth role, based on the login token of the LMA UI page itself.