AWS Permissions

IAM Policy

To develop and test the application, you will need programmatic access to the Comprehend, CloudWatch and ECR services. It’s important to only grant the permissions necessary for the application.

  1. Sign in to your AWS account.

  2. Go to the AWS IAM console and create a new policy.

  3. Click the JSON tab.

  4. Paste the following IAM policy into the text editor:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "cloudwatch:PutMetricData",
                    "comprehend:BatchDetectSentiment",
                    "ecr:GetAuthorizationToken"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "ecr:CompleteLayerUpload",
                    "ecr:UploadLayerPart",
                    "ecr:InitiateLayerUpload",
                    "ecr:BatchCheckLayerAvailability",
                    "ecr:PutImage"
                ],
                "Resource": "arn:aws:ecr:*:*:repository/twitch-sentiment"
            }
        ]
    }
    
  5. Click Review policy.

  6. Name the policy sentiment-policy and click Create policy.

Programmatic User

Now, you need to create a user with the above policy attached.

  1. While still in the AWS IAM console, create a new user.

  2. Type a name for your user (e.g. sentiment-user) and choose “Programmatic access”.

  3. Click Next: Permissions to continue to the next step.

  4. Click Attach existing policies directly and choose sentiment-policy.

  5. Click Next: Tags.

  6. Click Next: Review.

  7. Click Create user.

  8. In the next screen, you’ll see your Access key ID and you will have the option to click Show to show the Secret access key. Keep this browser window open. You will need to copy and paste these values when you configure the AWS CLI in the next step.