:doc:`LexModelsV2 <../../lexv2-models>` / Client / create_resource_policy_statement

********************************
create_resource_policy_statement
********************************



.. py:method:: LexModelsV2.Client.create_resource_policy_statement(**kwargs)

  

  Adds a new resource policy statement to a bot or bot alias. If a resource policy exists, the statement is added to the current resource policy. If a policy doesn't exist, a new policy is created.

   

  You can't create a resource policy statement that allows cross-account access.

   

  You need to add the ``CreateResourcePolicy`` or ``UpdateResourcePolicy`` action to the bot role in order to call the API.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/models.lex.v2-2020-08-07/CreateResourcePolicyStatement>`_  


  **Request Syntax**
  ::

    response = client.create_resource_policy_statement(
        resourceArn='string',
        statementId='string',
        effect='Allow'|'Deny',
        principal=[
            {
                'service': 'string',
                'arn': 'string'
            },
        ],
        action=[
            'string',
        ],
        condition={
            'string': {
                'string': 'string'
            }
        },
        expectedRevisionId='string'
    )
    
  :type resourceArn: string
  :param resourceArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

    

  
  :type statementId: string
  :param statementId: **[REQUIRED]** 

    The name of the statement. The ID is the same as the ``Sid`` IAM property. The statement name must be unique within the policy. For more information, see `IAM JSON policy elements\: Sid <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html>`__.

    

  
  :type effect: string
  :param effect: **[REQUIRED]** 

    Determines whether the statement allows or denies access to the resource.

    

  
  :type principal: list
  :param principal: **[REQUIRED]** 

    An IAM principal, such as an IAM user, IAM role, or Amazon Web Services services that is allowed or denied access to a resource. For more information, see `Amazon Web Services JSON policy elements\: Principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html>`__.

    

  
    - *(dict) --* 

      The IAM principal that you allowing or denying access to an Amazon Lex action. You must provide a ``service`` or an ``arn``, but not both in the same statement. For more information, see `AWS JSON policy elements\: Principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html>`__.

      

    
      - **service** *(string) --* 

        The name of the Amazon Web Services service that should allowed or denied access to an Amazon Lex action.

        

      
      - **arn** *(string) --* 

        The Amazon Resource Name (ARN) of the principal.

        

      
    

  :type action: list
  :param action: **[REQUIRED]** 

    The Amazon Lex action that this policy either allows or denies. The action must apply to the resource type of the specified ARN. For more information, see `Actions, resources, and condition keys for Amazon Lex V2 <https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlexv2.html>`__.

    

  
    - *(string) --* 

    

  :type condition: dict
  :param condition: 

    Specifies a condition when the policy is in effect. If the principal of the policy is a service principal, you must provide two condition blocks, one with a SourceAccount global condition key and one with a SourceArn global condition key.

     

    For more information, see `IAM JSON policy elements\: Condition <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html>`__.

    

  
    - *(string) --* 

    
      - *(dict) --* 

      
        - *(string) --* 

        
          - *(string) --* 

          
    
  


  :type expectedRevisionId: string
  :param expectedRevisionId: 

    The identifier of the revision of the policy to edit. If this revision ID doesn't match the current revision ID, Amazon Lex throws an exception.

     

    If you don't specify a revision, Amazon Lex overwrites the contents of the policy with the new values.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'resourceArn': 'string',
          'revisionId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **resourceArn** *(string) --* 

        The Amazon Resource Name (ARN) of the bot or bot alias that the resource policy is attached to.

        
      

      - **revisionId** *(string) --* 

        The current revision of the resource policy. Use the revision ID to make sure that you are updating the most current version of a resource policy when you add a policy statement to a resource, delete a resource, or update a resource.

        
  
  **Exceptions**
  
  *   :py:class:`LexModelsV2.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`LexModelsV2.Client.exceptions.ConflictException`

  
  *   :py:class:`LexModelsV2.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`LexModelsV2.Client.exceptions.PreconditionFailedException`

  
  *   :py:class:`LexModelsV2.Client.exceptions.ValidationException`

  
  *   :py:class:`LexModelsV2.Client.exceptions.InternalServerException`

  
  *   :py:class:`LexModelsV2.Client.exceptions.ThrottlingException`

  