python-3.x - 如何为 Lex 机器人运行时获取 PostText API 调用的授权用户

Question

很抱歉这篇文章很长。我正在尝试使用 lambda 函数通过 PostText 运行时 API 调用 Lex 机器人。但是，当我测试此调用时，它返回用户 ID 无权使用此调用。这是我收到的错误消息:

    Response:
{
  "errorMessage": "An error occurred (AccessDeniedException) when calling the PostText operation: User: arn:aws:sts::981709171824:assumed-role/lambda_basic_execution/OrchestratorAPIApp is not authorized to perform: lex:PostText on resource: arn:aws:lex:us-east-1:981709171824:bot:SupportBot_BookCab:SupportBot_BookCab",
  "errorType": "ClientError",
  "stackTrace": [
    [
      "/var/task/lambda_function.py",
      18,
      "lambda_handler",
      "inputText= userInput"
    ],
    [
      "/var/runtime/botocore/client.py",
      314,
      "_api_call",
      "return self._make_api_call(operation_name, kwargs)"
    ],
    [
      "/var/runtime/botocore/client.py",
      612,
      "_make_api_call",
      "raise error_class(parsed_response, operation_name)"
    ]
  ]
}

Request ID:
"677f1820-6ed2-11e8-b891-33ab1951c65f"

Function Logs:
START RequestId: 677f1820-6ed2-11e8-b891-33ab1951c65f Version: $LATEST
An error occurred (AccessDeniedException) when calling the PostText operation: User: arn:aws:sts::981709171824:assumed-role/lambda_basic_execution/OrchestratorAPIApp is not authorized to perform: lex:PostText on resource: arn:aws:lex:us-east-1:981709171824:bot:SupportBot_BookCab:SupportBot_BookCab: ClientError
Traceback (most recent call last):
  File "/var/task/lambda_function.py", line 18, in lambda_handler
    inputText= userInput
  File "/var/runtime/botocore/client.py", line 314, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/var/runtime/botocore/client.py", line 612, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the PostText operation: User: arn:aws:sts::981709171824:assumed-role/lambda_basic_execution/OrchestratorAPIApp is not authorized to perform: lex:PostText on resource: arn:aws:lex:us-east-1:981709171824:bot:SupportBot_BookCab:SupportBot_BookCab

END RequestId: 677f1820-6ed2-11e8-b891-33ab1951c65f
REPORT RequestId: 677f1820-6ed2-11e8-b891-33ab1951c65f  Duration: 325.25 ms Billed Duration: 400 ms     Memory Size: 128 MB Max Memory Used: 31 MB  

这是我调用 API 的代码:

    import boto3

def lambda_handler(event, context):
    responderName = event["DestinationBot"]
    userId = event["RecipientID"]
    userInput = event["message"]["text"]

    client = boto3.client('lex-runtime')

    response = client.post_text(
        botName=responderName,
        botAlias=responderName,
        userId=userId,
        sessionAttributes={
        },
        requestAttributes={
        },
        inputText= userInput
    )

这是我的示例测试输入:

{
  "DestinationBot": "SupportBot_BookCab",
  "RecipientID": "12345",
  "message": {
      "text": "book me a cab"
  }
}

Answer 1

PostText 的 userID 是您在用户和 Lex 之间保持来回对话的方式。它可以是您可以在传入请求中识别用户的任何内容，这些请求对于用户来说是一致且唯一的，至少对于该 session 而言是这样。

来自AWS PostText Docs:

userID
The ID of the client application user. Amazon Lex uses this to identify a user's conversation with your bot. At runtime, each request must contain the userID field.
...
Length Constraints: Minimum length of 2. Maximum length of 100.
Pattern: [0-9a-zA-Z._:-]+

因此，如果用户使用 Facebook Messenger，他们将拥有一个随消息一起传递的 Facebook ID，您可以将其用作他们的userID。
如果用户使用 Twilio-SMS，他们的消息中将会传递一个电话号码，您可以将其用作他们的用户 ID。

您的代码当前正在获取事件[“RecipientID”]并将其用作用户ID。但传入消息中的 RecipientID 是您自己，即传入消息的接收者。

你的错误告诉你

... User: arn:aws:sts::XXXXXXXXXX:assumed-role/lambda_basic_execution/OrchestratorAPIApp

因此 userID = event["RecipientID"] = 'arn:aws:sts::XXXXXXXX:assumed-role/lambda_basic_execution/OrchestratorAPIApp'

您绝对不希望使用收件人 ID。

相反，您希望发件人 ID 为 userID。像这样的东西:

userId = event["SenderID"]

这可能不是您使用的确切代码，它只是一个示例。您应该能够查看传入的请求，并在其中找到一些内容以用作正确的用户 ID，正如我上面通过 Facebook 和 Twilio 所解释的那样。