It looks like that the root of this issue is on the IAM role which is associated with your Lex Bot. Lex assumes this role when invoking your Lambda function, and needs both 1) a policy that allows the role to invoke Lambda, and 2) a trust policy that allows Amazon Lex to assume that role on your behalf. From the error message you’re seeing, I would expect that it is the trust policy which may be configured on your Bot’s role.
1. In the Permissions tab for the IAM role, choose Inline Policies, and then attach the following custom policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"lambda:InvokeFunction",
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
2. In the Trust Relationships tab, choose Edit Trust Relationship, and specify the Amazon Lex service principal ("lex.amazonaws.com"). The updated policy should look as shown:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lex.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Please see item 2 in our Getting Started documentation (http://docs.aws.amazon.com/lex/latest/dg/gs-bp-prep.html ) as a reference
Full disclosure: I work on Amazon Lex as a Product Manager
See http://docs.aws.amazon.com/lex/latest/dg/gs-cli-update-lambda.html
Lex is using the push model to trigger the lambda function, on a per intent function policy basis.
"Use the Lambda AddPermission function to enable the OrderFlowers intent to call the Lambda Invoke operation."
See http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
Unfortunately, resource policies cannot be edited through the aws console.
