Step 1: Configure Developer Account Settings (VSK Echo Show)
Before installing the reference video skill with the CLI tool, you must first use the AWS Developer Console to set up an IAM user, and receive an AWS Access Key ID and an AWS Secret Access Key. You must also create a security profile to your Developer Account under Login with Amazon, to receive a Client ID and a Client Secret code. This guide walks you through these processes.
Step 1.1: Create an IAM User
This task is preparatory to using the CLI tool. You must define permissions to specify that your IAM user allows lambda functions to call AWS services. To create the IAM user:
- Sign in to the AWS Managment Console.
-
In the upper-right, select the appropriate AWS region based on the table provided in AWS Regions and Video Skills. (Unlike with IAM, lambda functions are specific to AWS regions.)
Selecting a region close to your customers ensures that the latency between customer utterances and lambda invocations is minimal. Also, the video skill doesn't work if you select the wrong AWS region.
Note: Alexa support for video skills in some of the countries and locales is still forthcoming. See Supported Countries. - Click Services in the upper-left corner and go to IAM (use the Search box).
- In the navigation pane, choose Users, and then choose Add user.
- Type the user name for the new user, for example vsk_echo_show.
-
Select Programmatic access and click Next: Permissions.
-
Click Attach existing policies directly, and then click Create policy.
This step opens a new browser window. Keep both windows open.
Note: A policy defines the AWS permissions that you can assign to a user, group, or role. -
Click JSON, delete everything from the visual editor, and then copy and paste the following policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "apigateway:*", "cloudformation:ListStacks", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackResources", "cloudformation:DescribeStackResource", "cloudformation:CreateChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DescribeStacks", "cognito-idp:DescribeUserPool", "cognito-idp:CreateUserPoolDomain", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:UpdateUserPoolClient", "cognito-idp:DeleteUserPoolDomain", "cognito-idp:DescribeUserPoolClient", "cognito-idp:CreateUserPool", "cognito-idp:DeleteUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteUserPoolClient", "execute-api:Invoke", "iam:GetRole", "iam:CreateRole", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:GetRolePolicy", "iam:PutRolePolicy", "iam:PassRole", "lambda:UpdateFunctionCode", "lambda:AddPermission", "lambda:GetFunction", "lambda:InvokeFunction", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunctionConfiguration", "logs:DescribeLogGroups", "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:DeleteLogStream", "logs:PutRetentionPolicy", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:CreateBucket", "s3:ListBucket", "s3:DeleteObject", "s3:GetBucketLocation", "s3:DeleteBucket", "s3:GetBucketTagging", "s3:PutBucketTagging", "sts:AssumeRole", "sts:GetCallerIdentity", "dynamodb:CreateTable", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:DeleteTable", "dynamodb:DescribeTimeToLive", "dynamodb:UpdateTimeToLive" ], "Resource": "*" } ] }
- Click Review policy, name your new policy (for example, VSK_policy) and click Create policy. (You can now close this browser window).
- Back to the IAM Management Console (Set permissions) browser tab, refresh to make the new policy appear.
- Search for your new policy (for example, VSK_policy), select it, click Next: Tags and Next: Review.
- Click Create user.
-
Copy and store your Access key ID and Secret access key in a text file to input them into the CLI tool later.
Step 1.2: Create a Security Profile
This step allows you to set up basic security settings. Follow these steps:
- Sign in to the Amazon Developer Console Dashboard.
- Click Login with Amazon.
- Click Create a New Security Profile.
-
Enter a Security Profile Name, a Security Profile Description and a Consent Privacy Notice URL.
- Click Save.
-
For your new security profile, under Manage, click the gear icon, and then Web Settings.
Note: Every time you need to deploy a project, the CLI gives you access to these settings, so you don't have to repeat any parts of this process while you develop your video skills on Echo Show devices. -
Click Edit, copy and paste this URL into the Allowed return URLs textbox:
https://s3.amazonaws.com/ask-cli/response_parser.html
This URL enables the CLI tool to create an authentication flow and ensure that CLI users obtain ASK access tokens.
- Click Save.
- Copy and store your Client ID and Client Secret in a text file to input them into the CLI tool later.
Next Steps
Now that you're done with the prerequisite steps, you're ready to move on to Step 2: Install, Build, and Deploy the Reference Video Skill.
Last updated: Oct 29, 2020