Editing Amazon Chime SDK Voice Connector settings - Amazon Chime SDK

Editing Amazon Chime SDK Voice Connector settings

After you create an Amazon Chime SDK Voice Connector, you must edit the termination and origination settings that allow outbound and inbound calls. You can also configure a number of other settings, such as streaming to Kinesis and using emergency call routing. You use the Amazon Chime console to edit all settings.

To edit Amazon Chime SDK Voice Connector settings
  1. Open the Amazon Chime SDK console at https://console.aws.amazon.com/chime-sdk/home.

  2. In the navigation pane, under SIP Trunking, choose Voice connectors.

  3. Choose the name of the Amazon Chime SDK Voice Connector to edit.

  4. The Amazon Chime console groups Voice Connector settings on a set of tabs. Expand the sections below for information about using each tab.

Use the General tab to change a Voice Connector's name, enable or disable encryption, and import the wildcard root certificate into your SIP infrastructure.

To change general settings
  1. (Optional) Under Details, enter a new name for the Voice Connector.

  2. (Optional) Under Encryption, choose Enabled or Disabled. For more information about encryption, expand the next section.

  3. Choose Save.

  4. (Optional) Choose the Download here link to download the wildcard root certificate. We assume that you know how to add it to your SIP infrastructure.

When you enable encryption for an Amazon Chime SDK Voice Connector, you use TLS for SIP signaling and Secure RTP (SRTP) for media. The Voice Connector service uses TLS port 5061.

When enabled, all inbound calls use TLS, and unencrypted outbound calls are blocked. You must import the Amazon Chime root certificate. The Amazon Chime SDK Voice Connector service uses a wildcard certificate *.voiceconnector.chime.aws in US Regions, and *.region.vc.chime.aws in other Regions. For example, the service uses *.ap-southeast-1.vc.chime.aws in the Asia Pacific (Singapore) Region. We implement SRTP as described in RFC 4568.


Voice Connectors support TLS 1.2

For outbound calls, the service uses the SRTP default AWS counter cipher and HMAC-SHA1 message authentication. We support the following cipher suites for inbound and outbound calls:

  • AES_CM_128_HMAC_SHA1_80

  • AES_CM_128_HMAC_SHA1_32

  • AES_CM_192_HMAC_SHA1_80

  • AES_CM_192_HMAC_SHA1_32

  • AES_CM_256_HMAC_SHA1_80

  • AES_CM_256_HMAC_SHA1_32

You must use at least one cipher, but you can include all of them in preference order at no additional charge for Voice Connector encryption.

We also support these additional TLS cipher suites:

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA





  • DHE-RSA-AES256-SHA256



  • DHE-RSA-AES128-SHA256

You use the Termination settings to enable and configure outbound calls from your Amazon Chime SDK Voice Connector.


Your Outbound host name resolves to a set of IP addresses that may change as EC2 instances go in or out of service, so don’t cache records for longer than the DNS Time to Live interval. Caching for longer may result in call failures.

Choose Save again.

To edit termination settings
  1. Select Enabled.

  2. (Optional) Under Allowed hosts list, choose New, enter the CIDR notations and values that you want to allow, then choose Add. Note that the IP address values must be publically routable addresses.


    Choose Edit and change the CIDR notation.


    Choose Delete to remove the host.

  3. Under Calls per second, select another value, if available.

  4. Under Calling plan, open the Countries list and choose the countries that the Voice Connector can call.

  5. Under Credentials, choose New, enter a username and password, then choose Save.

  6. Under Caller ID override, choose Edit, select a phone number, then choose Save.

  7. Under Last options ping, view the last SIP options message sent by your SIP infrastructure.

Origination settings apply to inbound calls to your Amazon Chime SDK Voice Connector. You can configure inbound routes for your SIP hosts to receive inbound calls. Inbound calls are routed to hosts in your SIP infrastructure by the priority and weight you set for each host. Calls are routed in priority order first, with 1 the highest priority. If hosts are equal in priority, calls are distributed among them based on their relative weight.


Encryption-enabled Voice Connectors use TLS (TCP) protocol for all calls.

To edit origination settings
  1. Select Enabled.

  2. Under Inbound routes, choose New.

  3. Enter the values for Host, Port, Protocol, Priority, and Weight.

  4. Choose Add.

  5. Choose Save.

To enable emergency calling, you first need to enable termination and origination. See the sections above for information about doing so.

You need at least one emergency call routing number from a third-party emergency service provider to complete these steps. For more information about obtaining numbers, see Setting up third-party emergency routing numbers.

Choose Add.

To edit emergency calling settings
  1. Choose Add.

  2. Under Call send method, select an item from the list, if available.

  3. Enter the emergency routing number.

  4. Enter the test routing number. We recommend obtaining a test routing number.

  5. Under Country, choose the routing number's country, if available.

  6. Choose Add.

You can assign and unassign Voice Connector phone numbers. The following steps assume you have at least one phone number in your Amazon Chime inventory. If not, see Provisioning phone numbers.

To assign phone numbers
  1. Choose Assign from inventory.

  2. Select one or more phone numbers.

  3. Choose Assign from inventory.

The selected number or numbers appear in your list of numbers.

To unassign phone numbers
  1. Select one or more phone numbers.

  2. Choose Unassign.

  3. When asked to confirm the operation, choose Unassign.

The Streaming settings enable Amazon Kinesis Video Streams. The service stores, encrypts, and indexes your streaming audio data.

To edit streaming settings
  1. Under details, choose Start.

  2. Under Streaming notification, select one or more targets from the lists.

  3. Under Data retention period, choose No data retention, or set a retention interval.

  4. Under Call Insights, choose Activate, then do the following:

    1. Under Access permissions, select a role from the list.

    2. Under Kinesis Data Stream, select a stream from the list.

    3. (Optional) Under Amazon Transcribe custom language model, select a model from the list.

    4. Under Personally identifiable information type, choose an option.

    5. Under Filter partial results, choose an option.

    6. Under Send real time notification, choose Start, then choose an option from the Call direction and Speaker lists.

    7. As needed, choose Add a word/phrase, then enter the word or phrase that you want to be notified about.

  5. Choose Save.

The Amazon Chime SDK disables logging for Voice Connectors by default. When you enable logging, the system sends the data to an Amazon CloudWatch log group. For more information about logging, see Monitoring the Amazon Chime SDK with Amazon CloudWatch

To edit logging settings
  1. Under SIP metric logs, choose Enabled.

  2. Under Media metric logs, choose Enabled.

You can add 50 tags to a Voice Connector, and you can choose the keys and optional values for the tags.

To edit tag settings
  1. Choose Manage tags.

  2. Do any of the following:

    • To add a tag, choose Add new tag, then enter a key and an optional value.

    • To remove a tag, choose Remove next to the tag that you want to delete.

  3. When finished, choose Save changes.