Developer Console

Step 1: Configure Developer Account Settings (VSK Echo Show)

Before installing the reference video skill with the CLI tool, you must first use the AWS Developer Console to set up an IAM user, and receive an AWS Access Key ID and an AWS Secret Access Key. You must also create a security profile to your Developer Account under Login with Amazon, to receive a Client ID and a Client Secret code. This guide walks you through these processes.

Step 1.1: Create an IAM User

This task is preparatory to using the CLI tool. You must define permissions to specify that your IAM user allows lambda functions to call AWS services. To create the IAM user:

  1. Sign in to the AWS Managment Console.
  2. In the upper-right, select the appropriate AWS region based on the table provided in AWS Regions and Video Skills. (Unlike with IAM, lambda functions are specific to AWS regions.)

    Selecting an AWS region
    Selecting an AWS region

    Selecting a region close to your customers ensures that the latency between customer utterances and lambda invocations is minimal. Also, the video skill doesn't work if you select the wrong AWS region.

  3. Click Services in the upper-left corner and go to IAM (use the Search box).
  4. In the navigation pane, choose Users, and then choose Add user.
  5. Type the user name for the new user, for example vsk_echo_show.
  6. Select Programmatic access and click Next: Permissions.

    Creating an IAM user that can interact with your Lambda
  7. Click Attach existing policies directly, and then click Create policy.

    This step opens a new browser window. Keep both windows open.

  8. Click JSON, delete everything from the visual editor, and then copy and paste the following policy:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "apigateway:*",
            "cloudformation:ListStacks",
            "cloudformation:CreateStack",
            "cloudformation:DeleteStack",
            "cloudformation:DescribeStackResources",
            "cloudformation:DescribeStackResource",
            "cloudformation:CreateChangeSet",
            "cloudformation:ExecuteChangeSet",
            "cloudformation:DescribeStacks",
            "cognito-idp:DescribeUserPool",
            "cognito-idp:CreateUserPoolDomain",
            "cognito-idp:DescribeUserPoolDomain",
            "cognito-idp:UpdateUserPoolClient",
            "cognito-idp:DeleteUserPoolDomain",
            "cognito-idp:DescribeUserPoolClient",
            "cognito-idp:CreateUserPool",
            "cognito-idp:DeleteUserPool",
            "cognito-idp:CreateUserPoolClient",
            "cognito-idp:DeleteUserPoolClient",
            "execute-api:Invoke",
            "iam:GetRole",
            "iam:CreateRole",
            "iam:DetachRolePolicy",
            "iam:DeleteRolePolicy",
            "iam:DeleteRole",
            "iam:AttachRolePolicy",
            "iam:GetRolePolicy",
            "iam:PutRolePolicy",
            "iam:PassRole",
            "lambda:UpdateFunctionCode",
            "lambda:AddPermission",
            "lambda:GetFunction",
            "lambda:InvokeFunction",
            "lambda:CreateFunction",
            "lambda:DeleteFunction",
            "lambda:GetFunctionConfiguration",
            "logs:DescribeLogGroups",
            "logs:CreateLogGroup",
            "logs:DeleteLogGroup",
            "logs:DescribeLogStreams",
            "logs:CreateLogStream",
            "logs:DeleteLogStream",
            "logs:PutRetentionPolicy",
            "s3:GetObject",
            "s3:GetObjectAcl",
            "s3:PutObject",
            "s3:PutObjectAcl",
            "s3:CreateBucket",
            "s3:ListBucket",
            "s3:DeleteObject",
            "s3:GetBucketLocation",
            "s3:DeleteBucket",
            "s3:GetBucketTagging",
            "s3:PutBucketTagging",
            "sts:AssumeRole",
            "sts:GetCallerIdentity",
            "dynamodb:CreateTable",
            "dynamodb:DescribeTable",
            "dynamodb:GetItem",
            "dynamodb:PutItem",
            "dynamodb:DeleteTable",
            "dynamodb:DescribeTimeToLive",
            "dynamodb:UpdateTimeToLive"
          ],
          "Resource": "*"
        }
      ]
    }
    
  9. Click Review policy, name your new policy (for example, VSK_policy) and click Create policy. (You can now close this browser window).
  10. Back to the IAM Management Console (Set permissions) browser tab, refresh to make the new policy appear.
  11. Search for your new policy (for example, VSK_policy), select it, click Next: Tags and Next: Review.
  12. Click Create user.
  13. Copy and store your Access key ID and Secret access key in a text file to input them into the CLI tool later.

    Add an IAM user that can interact with your Lambda

Step 1.2: Create a Security Profile

This step allows you to set up basic security settings. Follow these steps:

  1. Sign in to the Amazon Developer Console Dashboard.
  2. Click Login with Amazon.
  3. Click Create a New Security Profile.
  4. Enter a Security Profile Name, a Security Profile Description and a Consent Privacy Notice URL.

    Add a new Security Profile.
  5. Click Save.
  6. For your new security profile, under Manage, click the gear icon, and then Web Settings.

  7. Click Edit, copy and paste this URL into the Allowed return URLs textbox:
    https://s3.amazonaws.com/ask-cli/response_parser.html

    This URL enables the CLI tool to create an authentication flow and ensure that CLI users obtain ASK access tokens.

    Web Settings of Security Profile.
  8. Click Save.
  9. Copy and store your Client ID and Client Secret in a text file to input them into the CLI tool later.

Next Steps

Now that you're done with the prerequisite steps, you're ready to move on to Step 2: Install, Build, and Deploy the Reference Video Skill.


Last updated: Oct 29, 2020