Amazon Connect
Administrator Guide

Configuring Your Amazon Connect Instance

You can configure your Amazon Connect instance using the AWS Management Console. To access instance settings, choose the name of the instance in the Instance Alias column.

Overview

The Overview section displays the following information about your Amazon Connect instance.

  • Instance ARN—the ARN for the instance. The instance ID for the instance is included in the ARN, and is the value after the instance/. For example, the instance ID in the following instance ARN is df9e742b-310b-4eb2-a062-31bc99177ed4.

    arn:aws:connect:us-east-1:361814831152:instance/df9e742b-310b-4eb2-a062-31bc99177ed4

  • Directory—The instance alias for the instance.

  • Login URL—The URL to use in a browser to log in directly to the contact center for your instance.

    If your agents (users that are assigned only the Agent security profile) try to use this URL to log in to Amazon Connect, "Error 403! (Forbidden) is displayed on the page. The agent can still open the Contact Control Panel (CCP) by selecting the phone icon in the top-right corner of the page.

You can use the Login as administrator button to log in to the instance using your AWS account with full admin permissions. This can be helpful if you ever forgot the password for the admin account, or need to update Amazon Connect settings.

Telephony

Select whether to accept incoming calls to, or allow outbound calls from, your Amazon Connect instance. You can use security profiles to set permissions to enable or disable outbound calling.

Data Storage

Data, such as call recordings and reports, is stored securely in an Amazon S3 bucket. During setup, a default Amazon S3 bucket is created and encrypted using AWS Key Management Service. This bucket and key are used for both calling recordings and reports. Alternatively, you can use separate buckets and keys for call recordings and reports.

Call recordings in Amazon Connect are stored as .wav files, and played back in 8 Khz pulse-code modulation (PCM) format.

Before updating the data storage settings, ensure that you are familiar with Amazon S3 and AWS KMS.

To update data storage settings

  1. Open the Amazon Connect console at https://console.aws.amazon.com/connect/.

  2. Choose the name of the instance from Instance Alias.

  3. In the navigation pane, choose Data storage.

  4. The steps in the following procedures describe each data storage setting.

Update Call recordings settings

  1. Under Call recordings, choose Edit.

  2. To enable call recordings, choose Enable call recording.

  3. Do one of the following:

    • Choose Create a new S3 bucket for me (recommended).

      1. Enter a Name for the bucket.

      2. Optionally, enter a Path prefix for the bucket. A prefix makes it easier to identify the bucket in the S3 console.

      3. Choose whether to enable encryption for call recordings. If enabled, choose a KMS master key to use for encrypting the call recordings in your instance.

      4. Choose Save under Call recordings.

    • Choose Select an existing S3 bucket.

      1. Select the bucket to use for call recordings from the Name drop-down list.

      2. Optionally, enter a Path prefix to use.

      3. Choose whether to enable encryption for call recordings. If enabled, choose a KMS master key to use for encrypting the call recordings in your instance.

      4. Choose Save under Call recordings.

  4. Choose Save to save your changes.

Set Live media streaming settings

  1. Choose Edit under Live media streaming.

  2. Choose Enable live media streaming.

  3. Enter a Prefix to use for the Kinesis Video Stream created for your instance. The prefix makes it easier to identify the stream you want after data is sent there.

  4. Choose the KMS Master Key to use to encrypt the data sent to Kinesis.

  5. Specify a number and unit for the Data retention period. If you select No data retention, data is not retained and can be used only for immediate consumption.

  6. Choose Save under Live media streaming.

  7. Choose Save (at the bottom of the page).

Set Exported reports settings

  1. Under Exported reports, choose Edit.

  2. To enable exported reports, choose Enable exported reports.

  3. Do one of the following:

    • Choose Create a new S3 bucket for me (recommended).

      1. Enter a Name for the bucket.

      2. Optionally, enter a Path prefix for the bucket. A prefix makes it easier to identify the bucket in the S3 console.

      3. Choose whether to enable encryption for exported reports. If enabled, choose a KMS master key to use for encrypting the call recordings in your instance.

      4. Choose Save under Call recordings.

    • Choose Select an existing S3 bucket.

      1. Select the bucket to use for exported reports from the Name drop-down list.

      2. Optionally, enter a Path prefix to use.

      3. Choose whether to enable encryption for exported reports. If enabled, choose a KMS master key to use for encrypting the call recordings in your instance.

      4. Choose Save under Exported reports.

  4. Choose Save (at the bottom of the page) to save your changes.

Data Streaming

You can export contact trace records (CTRs) and agent events from Amazon Connect and perform real-time analysis on contacts. Data streaming sends data to Amazon Kinesis.

Enable data streaming

  1. Open the Amazon Connect console at https://console.aws.amazon.com/connect/.

  2. Choose the name of the instance from Instance Alias.

  3. Choose Data streaming.

  4. Choose Enable data streaming.

  5. Select Kinesis or Kinesis Data Firehose, and then do one of the following:

    • To use an existing Amazon Kinesis stream or Kinesis Data Firehose, select the resource in the drop-down list.

    • To create a new resource, choose Create a new Amazon Kinesis stream (or Kinesis Data Firehose).

      This opens the Amazon Kinesis console where you can create the stream or firehose to use with Amazon Connect. Wait until the stream or firehose is created, then return to the Amazon Connect console.

      Reload the page so that the stream or firehose you created is displayed in the resource selection, then select the stream or firehose.

    Note

    If you enable server-side encryption for the Kinesis stream you select, Amazon Connect cannot publish to the stream because it does not have permission to Kinesis kms:GenerateDataKey. To work-around this, enable encryption for call recordings or scheduled reports, create a customer master key (CMK) using KMS to use for encryption, and then choose the same CMK for your Kinesis data stream that you use for call recording or scheduled reports encryption so that Amazon Connect has appropriate permissions to encrypt data sent to Kinesis. To learn more about creating a customer master key (CMK) KMS key, see Creating Keys.

  6. Choose Save.

Application Integration

All domains that embed the CCP for a particular instance must be explicitly whitelisted for cross-domain access to the instance. For example, to integrate with Salesforce, you must whitelist your Salesforce Visualforce domain.

To whitelist a domain URL

  1. Open the Amazon Connect console at https://console.aws.amazon.com/connect/.

  2. Choose the name of the instance from Instance Alias.

  3. In the navigation pane, choose Application integration.

  4. Choose Add origin.

  5. Type the URL and choose Add.

Contact Flows

A contact flow defines the customer experience with the contact center from start to end. You can configure your contact flow using the AWS Management Console as follows.

Security Keys

Amazon Connect can encrypt sensitive data collected by contact flows using public-key cryptography. Provide an X.509 certificate within your contact flow to encrypt data captured using the stored customer input system attribute. You must upload a signing key in .pem format in order to use this feature. The signing key is used to verify the signature of the certificate used within the contact flow.

Note

You can have up to two signing keys active at one time to facilitate rotation.

Data that is encrypted within a contact flow is made available through the stored customer input system attribute. The AWS Encryption SDK can be used to decrypt this data within your system. For more information, see the AWS Encryption SDK Developer Guide.

To add a security key

  1. Open the Amazon Connect console at https://console.aws.amazon.com/connect/.

  2. Choose the name of the instance from the Instance Alias column.

  3. In the navigation pane, choose Contact flows.

  4. Choose Add key.

  5. Paste the contents of your public key in Public key contents and choose Add.

Add an Amazon Lex bot to Your Instance

With Amazon Lex, you can build conversational interactions (bots) that feel natural to your customers, giving you access to the same speech recognition and natural language understanding technology that powers Alexa. After you create an Amazon Lex bot, you can add it to your instance and then integrate it into your contact flows. You can add bots from the same region as your Amazon Connect instance, or from a different region.

Add an Amazon Lex bot to your instance

  1. Open the Amazon Connect console at https://console.aws.amazon.com/connect/.

  2. Choose the name of the instance from the Instance Alias column.

  3. In the navigation pane, choose Contact flows.

  4. Under Amazon Lex, in the Region drop-down list, choose the Region in which you created your Amazon Lex bot.

    If there are bots associated with your AWS account in the chosen region, the bots are displayed in the Bot drop-down list. If no bots are found in the Region, or when there are no additional bots to add from that Region, the drop-down menu is disabled. A message indicates that there are no bots available to choose in that Region.

  5. In the Bots drop-down menu, choose your bot, then choose + Add Lex bot.

To create a new bot, choose Create a new Lex bot to open the Amazon Lex console. You may need to select a region where Amazon Lex is available.

To remove a bot from your instance, choose Remove next to the bot to remove.

Add an AWS Lambda Function to Your Instance

To simplify referencing your Lambda functions when you use them in a contact flow. Once added to your instance, you can easily use the functions in your contact flow.

Add a Lambda function to your instance

  1. Open the Amazon Connect console at https://console.aws.amazon.com/connect/.

  2. Choose the name of the instance from the Instance Alias column.

  3. In the navigation pane, choose Contact flows.

  4. Under AWS Lambda, select the function to add to your instance from the Function drop-down.

  5. Choose + Add Lambda Function. The function is added to your instance and listed under Lambda Functions. Choose the icon next to the name to copy the ARN for the function to the clipboard so that you can use the ARN in your contact flow to reference the function.

The list of functions includes all of the functions in your AWS account. If there are no functions in your account, the list is empty. Choose Create a new Lambda function to open the AWS Lambda console to create a new function.

To remove a function from your instance, choose Remove next to the function name.

Contact flow logs

Select the Enable Contact flow logs check box to start sending your contact flow logs to Amazon CloudWatch. To learn more about Contact flow logs, see Contact Flow Logs.