Security - AI Powered Speech Analytics for Amazon Connect

Security

When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model can reduce your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. For more information about security on AWS, visit the AWS Security Center.

User Authentication

The AI Powered Speech Analytics for Amazon Connect solution uses a combination of Amazon Connect and AWS Security Token Service (AWS STS) to authenticate users. Agents log into a web UI using Amazon Connect user credentials to set their availability and answer calls. AWS STS provides temporary credentials for agents to access Amazon API Gateway, Amazon Comprehend, Amazon Translate, and to store the complete customer transcription history.


        User authentication diagram

Figure 2: User authentication diagram

  1. Agents log into the web client using their Amazon Connect credentials and set their availability to answer calls.

  2. When an end user calls into the call center, Amazon Connect invokes an AWS Lambda function to create an AWS STS token, and stores the token in the call attributes.

  3. The agent uses the web client to accept a call. After accepting a call, the web client uses the Amazon Connect SDK to retrieve the AWS STS token from the call attributes and updates the AWS SDK configuration to use the AWS STS token for authenticating AWS API calls.

  4. The web client uses the AWS STS token to create an authenticated web socket connection to Amazon API Gateway, provides their 16-character connection ID and 32-character contact ID, and receives real-time transcriptions as they are stored in Amazon DynamoDB.

  5. The web client uses the AWS STS token to send the transcriptions to Amazon Comprehend and Amazon Translate for sentiment analysis and translation throughout the call.

  6. Once the call is completed, the web client uses the AWS STS temporary credentials to store the transcription in the customer-defined Amazon Simple Storage Service (Amazon S3) bucket, and the AWS STS credentials are removed from the call attributes.