?
サポート
アクセスいただきありがとうございます。こちらのページは現在英語のみのご用意となっております。順次日本語化を進めてまいりますので、ご理解のほどよろしくお願いいたします。

Set Up Credentials for an Amazon Web Services (AWS) Account

If you are managing an Alexa skill through the Alexa Skills Kit Command Line Interface (ASK CLI), and this Alexa skill uses an AWS Lambda function, then you require the credentials for an AWS account. ASK CLI accesses these in a credential file found in the following location:

  * Linux/Mac: ~/.aws/credentials 
  * Windows:  %USERPROFILE%\.aws\credentials 

If you are already an Amazon Web Services developer, you likely have these credentials already, although you must still verify that the credentials you are using have the permissions described in #6 below. Otherwise, to obtain these credentials, follow these instructions:

  1. Open the IAM Identity and Access Management Console. Sign in with your AWS account that you use to create AWS Lambda functions for your Alexa skills.
  2. Click Users in the left-hand menu.
  3. Click Add user.
  4. Enter the desired User name. For the AWS access type, select both Programmatic access and AWS Management Console access.
  5. Click Required password reset, if desired.
  6. Click Next permissions. In order to complete skill-related tasks, the user requires various policies. If you attach the policies to the user directly, attach the following policy. You can also create a user group with the appropriate policies and add a user to it.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:CreateRole",
        "iam:GetRole",
        "iam:AttachRolePolicy",
        "iam:PassRole"
      ],
      "Resource": "arn:aws:iam::*:role/ask-*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "lambda:AddPermission",
        "lambda:CreateFunction",
        "lambda:GetFunction",
        "lambda:UpdateFunctionCode",
        "lambda:ListFunctions"
      ],
      "Resource": "arn:aws:lambda:*:*:function:ask-*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "logs:FilterLogEvents",
        "logs:getLogEvents",
        "logs:describeLogStreams"
      ],
      "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/ask-*"
    }
  ]
}

For more information about creating users and user groups, see the related AWS documentation.

  1. Click Next: review.
  2. Review the page. If it appears as expected, click Create user. A Success page occurs, containing the access key and secret access key. Download the Excel file containing those.
  3. Using a text editor, edit your credentials file on your computer, at the location shown above, to contain this information. Follow the format shown below, and include at least the default profile. You can keep multiple sets of credentials for multiple profiles in the same file. When you initialize the ASK CLI, you will be prompted to select an AWS profile to use.

This example shows the credential file format, with two non-default profiles included in addition to the default one.

[default]
aws_access_key_id = ACCESS_KEY
aws_secret_access_key = SECRET_KEY

[some_profile_name]
aws_access_key_id = ACCESS_KEY
aws_secret_access_key = SECRET_KEY

[another_profile_name]
aws_access_key_id = ACCESS_KEY
aws_secret_access_key = SECRET_KEY

Each set of credentials represents a unique AWS profile. For example, if you have multiple AWS accounts, you can easily switch between them using multiple profiles.

If you are hosting your skill code as a web service with an HTTPS endpoint, or if you are managing your AWS Lambda functions separately, you can still use ASK CLI without AWS credentials.

When ASK CLI is initialized (ask init), you will be prompted to create an ASK profile by logging in through a browser window and associate it to an AWS profile to use for deployments to AWS Lambda. An ASK profile represents the AWS profile plus the Amazon developer account used for Alexa skill deployments. ASK profile and AWS profile can have different names, and you can have multiple ASK profiles associated with a single AWS profile, if desired. You might do this if you have skills in multiple Amazon developer accounts, but the skills are backed by AWS Lambda functions in one AWS account.

When running other commands in the CLI, you can specify the name of the ASK profile you want to use using the --profile option, or you can set the environment variable ASK_DEFAULT_PROFILE to the desired profile name. ASK CLI will check --profile first, then ASK_DEFAULT_PROFILE environment variable, and then finally fall back to the “default” ASK profile.

For example, to initialize with an ASK profile named “some_profile_name”, the command is:

ask init -p some_profile_name