Notices

Disclosures

This section includes disclosures required for publication on AWS Marketplace.

IAM Roles

The following IAM Roles will be created:

  • AdminRole - Used for administrative access to the content designer

  • ApiGatewayCloudWatchLogsRole - Used by ApiGateway to write CloudWatch logs

  • ApiGatewayRole - Used by ApiGateway for API execution

  • AutoAdminLambdaRole - Used to automatically add new users to the Admin group

  • BotRuntimeRole - Used by Lex bot to access AWS services

  • CFNLambdaRole - Used to manage custom CloudFormation resources

  • ConnectUtilApiAccessRole - Used to generate Connect flows

  • DeleteTmpFilesLambdaServiceRole - Used to delete temporary files when creating diagnostic packages

  • DiagnosticPackageStateMachineRole - Used to collect diagnostic information, including logs

  • ESCognitoRole - Used by users accessing OpenSearch dashboards

  • ESLoggingLambdaRole - Used by OpenSearch for writing logs

  • ESProxyLambdaRole - Used to read and write to the OpenSearch database

  • ExampleLambdaRole - Used by example Lambda functions

  • ExportRole - Used to export OpenSeach data to files

  • ExtensionLambdaRole - Used by all extensions to the question processing pipeline

  • FirehoseESS3Role - Used to read data from Kinesis and write it to OpenSearch

  • FulfillmentLambdaRole - Used to execute the fulfillment Lambda function

  • GetExportOptionsLambdaServiceRole - Used to read the export options set by the user

  • GetLogGroupsLambdaServiceRole - Used to collect diagnostic logs

  • GetLogKeysLambdaServiceRole - Used to collect diagnostic logs

  • ImportRole - Used to import data into OpenSearch

  • IterateLogExportLambdaServiceRole - Used to collect diagnostic logs

  • KendraNativeCrawlerPassRole - Used to load documents into Kendra

  • KendraNativeCrawlerRole - Used to crawl Kendra documents

  • KendraS3Role - Used to load documents from S3

  • KendraSyncRole - Used to synchronize curated questions stored in OpenSearch to Kendra FAQ

  • KendraTopicApiGateRole - Used to publish SNS topics from API Gateway

  • LambdaAccessRole - Used by API Gateway to invoke Lambda functions

  • LexBuildLambdaRole - Used by LexBuildLambda to build Lex bot

  • LexConfigLambdaServiceRole - Used to configure the WebChat interface

  • LexProxyLambdaRole - Used to retrieve status of Lex build operations

  • Lexv2BotLambdaRole - Used to execute the Lex Bot Lambda hook

  • MeteringUsageServiceRole - Used to aggregate usage metrics

  • OpenSearchDashboardsRole - Used to grant user permissions to dashboards

  • ProcessLogsLambdaServiceRole - Used to gather logs for diagnostic packages

  • ProcessQnaFileLambdaServiceRole - Used to gather configuration for diagnostic packages

  • QnABotEmbeddingModelExecutionRole - Used to produce model embeddings

  • QnABotQASummarizeLLMModelExecutionRole - Used to invoke LLM to generate responses

  • RepeatHookLambdaServiceRole - Used to execute the RepeatHook Lambda function

  • S3AccessRole - Used by API Gateway to grant access to S3 Buckets

  • S3ListLambdaRole - Used to clean up S3 Buckets prior to deletion

  • SaveSettingsLambdaServiceRole - Used to save settings

  • SchemaLambdaRole - Used to return schemas to API Gateway

  • SendMeThatLambdaServiceRole - Used to execute the SendMeThat hook

  • SignupLambdaRole - Used to register Cognito users

  • SIPMediaApplicationCustomResourceProviderRole - Used to create the ChimeSDK SIP Media Application

  • SMAHandlerFunctionServiceRole - Used for runtime execution of the SIP Media Application

  • SolutionHelperRole - Used to send anonymized data to AWS

  • StateMachineStartExecutionRole - Used to run a state machine when collecting diagnostic data

  • TestAllRole - Used to test all utterances in batch

  • TranslateRole - Used to import custom terminologies into AWS Translate

  • UnauthenticatedRole - Used when unauthenticate access is configured for the web client

  • UserRole - Used by the designer for non-administrative access

  • WarmerLambdaRole - Used to warm the OpenSearch database

  • WebChatRole - Used by the WebChat client to access AWS resources

  • ZipPackageLambdaServiceRole - Used to create diagnostic packages

IAM Policies

The following IAM Policies will be created:

  • CFNInvokePolicy - Grant access to create custom resources

  • DeleteTmpFilesLambdaServiceRoleDefaultPolicy - Grant access to delete temporary files when creating diagnostic packages

  • DiagnosticPackageStateMachineRoleDefaultPolicy - Grant access to execute the diagnostic package state machine

  • ExportPolicy - Grant access to export the database

  • ExtensionsInvokePolicy - Grant access to invoke extension Lambda functions

  • GetLogGroupsLambdaServiceRoleDefaultPolicy - Grant access to log groups when creating diagnostic packages

  • GetLogKeysLambdaServiceRoleDefaultPolicy - Grant access to log files when creating diagnostic packages

  • ImportPolicy - Grant access to import the database

  • InvokePolicy - Grant access to invoke example Lambda functions

  • KendraNativeCrawlerPassPolicy - Grant access to load documents into Kendra

  • KendraNativeCrawlerPolicy - Grant access to crawl Kendra documents

  • KendraS3Policy - Grant access to load documents from S3

  • KendraSyncPolicy - Grant access to synchronize curated questions stored in OpenSearch to Kendra FAQ

  • LexAccessPolicy - Grant access to execute the Lex bot

  • LexBotPolicy - Grant access to the Lex bot to recognize text

  • LexBuildInvokePolicy - Grant access to build Lex bot

  • LexConfigLambdaServiceRoleDefaultPolicy - Grant access to configure the WebChat interface

  • MeteringUsagePolicy - Grant access to aggregate usage metrics

  • ProcessLogsLambdaServiceRoleDefaultPolicy - Grant access to gather logs for diagnostic packages

  • ProcessQnaFileLambdaServiceRoleDefaultPolicy - Grant access to gather configuration for diagnostic packages

  • QueryLambdaInvokePolicy - Grant access to execute extension Lambda functions

  • SaveSettingsLambdaServiceRoleDefaultPolicy - Grant access to save settings

  • SendMeThatLambdaServiceRoleDefaultPolicy - Grant access to execute the SendMeThat hook

  • SMAHandlerFunctionServiceRoleDefaultPolicy - Grant access to execute the SIP Media Application

  • TranslatePolicy - Grant access to import custom terminologies into AWS Translate

  • WebChatAccessPolicy - Grant access for the WebChat client to access AWS resources

  • ZipPackageLambdaServiceRoleDefaultPolicy - Grant access to create diagnostic packages

Lambda Functions

The content of these functions will be downloaded from an S3 bucket owned by Paragon Cloud Services when the product is installed or updated. This code is not reviewed or controlled by Amazon. The following Lambda Functions will be created:

  • AutoAdminFunction

  • CFNLambda

  • ConnectLambda

  • ConnectUtilFunction

  • DeleteTmpFilesLambda

  • ESCFNProxyLambda

  • ESCleaningLambda

  • ESLoggingLambda

  • ESProxyLambda

  • ESQidLambda

  • ESQueryLambda

  • ESWarmerLambda

  • ExampleJSLambdahook

  • ExampleJSLambdaQuiz

  • ExamplePYTHONLambdaBotBroker

  • ExamplePYTHONLambdaConnectCallback

  • ExamplePYTHONLambdaFeedback

  • ExamplePYTHONLambdahello

  • ExamplePYTHONLambdaNext

  • ExamplePYTHONLambdaPrevious

  • ExampleWriteLambda

  • ExportStepLambda

  • EXTCreateRecentTopicsResponse

  • EXTCustomJSHook

  • EXTCustomPYHook

  • FulfillmentLambda

  • GenesysLambda

  • GetExportOptionsLambda

  • GetLogGroupsLambda

  • GetLogKeysLambda

  • ImportStartLambda

  • ImportStepLambda

  • IterateLogExportLambda

  • KendraNativeCrawlerLambda

  • KendraNativeCrawlerScheduleUpdateLambda

  • KendraNativeCrawlerStatusLambda

  • KendraSyncLambda

  • LexBuildLambda

  • LexConfigLambda

  • Lexv2BotLambda

  • ProcessLogsLambda

  • ProcessQnaFileLambda

  • RepeatHookLambda

  • S3Clean

  • SaveSettingsLambda

  • SchemaLambda

  • SendMeThatLambda

  • SIPMediaApplicationCustomResourceProvider

  • SMAHandlerFunction

  • SolutionHelper

  • TestAllStepLambda

  • TranslateLambda

  • UtteranceLambda

  • ZipPackageLambda

Personal Information

The following personal data is collected by the CloudFormation template. This data will never be used for marketing purposes or shared with a third party.

  • Email - Used to send a welcome message to the administrative user during installation

Warranty

Customers are responsible for making their own independent assessment of the information in this document. This document: (a) is for informational purposes only, (b) represents Paragon’s current product information (c) is based on AWS current product offerings and practices, which are subject to change without notice, and (d) does not create any commitments or assurances from Paragon, AWS and their affiliates, suppliers or licensors. Paragon and AWS products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied.