rstrahan
commented
2 months ago fixed in Feature/unauth role fix #61
Closed rstrahan closed 2 months ago
rstrahan
commented
2 months ago fixed in Feature/unauth role fix #61
Remove Privileges for Unauthenticated Cognito Identities identityPoolName: LMA-AISTACK-XXX-AgentAssistBot-IdentityPool nonCompliantActions: ["lex:DeleteSession","lex:RecognizeText","lex:RecognizeUtterance","lex:PutSession"] To remediate this issue, we will need to move to a different user authorization mechanism and remove the IAM action permissions that are listed as non-compliant on the Shepherd issue from the Cognito Identity unauthenticated role.
Related to Lex Web UI in LMA. I think the embedded Lex Web UI (in the LMA CallDetail page) is using the unauth role, but it should probably be configured instead to use the auth role, based on the login token of the LMA UI page itself.