Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Concepts: Stir/Shaken - Amazon Connect

Concepts: Stir/Shaken

PDFRSS

STIR/SHAKEN framework is designed to combat caller ID spoofing by verifying a caller's right to use a telephone number. It consists of two components:

  • STIR (Secure Telephone Identity Revisited): A standard for using digital certificates to authenticate the calling party's identity and right to use a phone number.

  • SHAKEN (Signature-based Handling of Asserted Information Using toKENs): Guidelines for implementing these protocols across networks.

Within this framework, attestation plays a crucial role in indicating the level of confidence a service provider has in the caller's identity.

When a call is made, the originating provider assesses and assigns an attestation level—Full (A), Partial (B) and Gateway (C)—based on their relationship with the caller. This attestation information is included in the SIP header. It helps the receiving network evaluate the trustworthiness of the caller ID.

  • A Full attestation means the identity of the caller is known and they have the right to use a particular phone number as caller ID for an outbound telephone call.

  • A Partial attestation means the identity of the caller is known but the service provider does not know if the caller has the right to use a number.

Amazon Connect is a multi-carrier service that provides phone numbers from various service providers to deliver outbound calls. With Amazon Connect's call resiliency, the service ensures a high level of confidence that calls reach customers. For example:

  • When calls are made through the primary provider (a carrier that has provided the phone number used to make the call), the calls receive a Full (A) attestation.

  • In contrast, calls made through a failover carrier route receive a Partial (B) attestation level, indicating a fallback route is being used.

This setup enhances the reliability of call delivery by using diverse network paths.

Amazon Connect provides attestation for eligible calls leaving its system in countries that have implemented STIR/SHAKEN. However, after a call enters the telephone network, the attestation may not be preserved. Maintaining this attestation is beyond the control of Amazon Connect due to the nature of legacy networks.

Amazon Connect supports the various implementations of the anti-spoofing configuration in United States, Canada, and France.

Previous topic:

Voice channel

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.