Skip to main content

Amazon Connect Integration

Set up Amazon Connect to see your calls in MaestroQA

Adam avatar
Written by Adam
Updated this week

Setting up the Amazon Connect integration will enable you to access your calls from Amazon Connect in MaestroQA. Also, depending on your MaestroQA package, the integration also supports bringing in Amazon Connect metrics in MaestroQA. See Amazon's Metric API Documentation for more details.

Please note that each part of this article may require admin access to Amazon Connect, Amazon Kinesis, IAM, S3, and MaestroQA.

NOTE: If you encounter errors in MaestroQA after enabling the integration, please please send the following to your MaestroQA contact so they can help troubleshoot:

  • the complete IAM policy for your MaestroQA role or user

  • all S3 bucket policies for the S3 buckets accessed by this role or user

I. Set up recording

Set up recording for any Contact Flow that you might want to QA if you have not already done so. Please make sure to record Agent and Customer. The instructions for doing this can be found here:

https://docs.aws.amazon.com/connect/latest/adminguide/set-up-recordings.html#how-to-set-up-recording-behavior

call recording behavior amazon connect

II. Set up Data streaming with Amazon Kinesis Firehose

If you are using Salesforce Service Cloud Voice and your AWS account is managed by Salesforce, please see these instructions to use Amazon Kinesis Data Stream:

https://help.maestroqa.com/en/articles/8482456-amazon-connect-integration-for-salesforce-service-cloud-voice

  1. From the Amazon Connect console at https://console.aws.amazon.com/connect,
    click on the instance alias of the Amazon Connect instance you would like to QA.

  2. Click on Data Streaming.

  3. Check the box Enable data streaming.

  4. Under Contact Trace Records, select Kinesis Firehose.

  5. If you have not already set up Kinesis Firehose, click the link
    Create a new Kinesis Firehose. If you have already done this, go to step 19.

    • There may be some limited costs associated with Amazon Kinesis Firehose. At a rate of 1,000,000 calls per day with each Contact Trace Record being less than 5 KB in size, at the US East rate of $0.029/GB the total cost over a 30 day period will be only $4.15.

    • Full pricing information is outlined here: https://aws.amazon.com/kinesis/data-firehose/pricing/

  6. On the new KinesisStreamsConsole tab that just opened, select Kinesis Data Firehose and click

    Create delivery stream

  7. Under Source select Direct PUT.

  8. Under Destination select Amazon S3.

  9. Choose a descriptive Delivery stream name, such as
    amazon-connect-contact-trace-record-stream

  10. Data transformation and record format conversion can remain disabled.

  11. Create an S3 bucket that is only used for Amazon Connect Contact Trace Records.

    1. Set the Bucket name to a descriptive name such as
      connect-contact-trace-records-{your company name}

      • Record this bucket name, as it will be needed for MaestroQA's integration information.

    2. Select the AWS Region, using the same region as Amazon Connect.

    3. Click

      Create bucket

    4. This S3 tab can now be closed.

  12. Select the S3 bucket that was just created, using Browse and refreshing if needed.

  13. Leave S3 bucket prefix blank so the default date prefix of YYYY/MM/dd/HH is used.

    • If an S3 bucket prefix is specified (not recommended), record this for Part IV.

  14. (optional) Set Buffer hints, compression and encryption, if desired.

    1. A higher Buffer interval would mean greater potential for delay in updating the data in S3, but even the maximum value of 900 seconds is unlikely to have any noticeable impact on QA.

  15. Under Advanced settings, Permissions, allow Firehose to create or update the IAM Role (default selection), or Choose an existing IAM role if one was already created for this purpose.

  16. (optional) Edit Amazon CloudWatch error logging and Tags, if desired.

  17. Click

    Create delivery stream

    • Wait for the Status to update from Creating to Active.

      • This may take several minutes.

      • When this completes, you may close the tab.

  18. After Kinesis finishes creating the delivery stream, go back to the Amazon Connect tab, refresh the page, and click on Data Streaming again.

  19. Under Contact Trace Records, in the dropdown menu, select the name of the stream you would like to use.

  20. Click

    Save

III. Set up IAM (role credentials only)

If you are creating a dedicated IAM user instead of an IAM role

(not recommended), follow this link for alternate instructions for parts III and IV.

We'll now create an IAM role for MaestroQA to use with the AWS Security Token Service (AWS STS).

  1. Go to https://console.aws.amazon.com/iam

  2. Click Roles.

  3. Click

    Create role

  4. For Trusted entity type, select AWS account.

  5. Under An AWS account, select Another AWS account and enter the MaestroQA AWS Account ID.

    • To obtain the MaestroQA AWS Account ID, please contact your CSM.

  6. (recommended) Under Options, select Require External ID and enter any valid value for External ID

    • Record this External ID to be provided to MaestroQA

    • Note that MFA is not supported.

  7. We'll now create the S3 policy for s3:GetObject and s3:ListBucket actions.

    1. Click

      Create policy

    2. Click JSON.

    3. Copy and paste the following policy:

      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "s3:GetObject",
              "s3:ListBucket"
            ],
            "Resource": [
              "arn:aws:s3:::YOUR_RECORDING_BUCKET_NAME_HERE",
              "arn:aws:s3:::YOUR_RECORDING_BUCKET_NAME_HERE/Analysis/*",
              "arn:aws:s3:::YOUR_RECORDING_BUCKET_NAME_HERE/YOUR_RECORDING_PREFIX_HERE/*",
              "arn:aws:s3:::YOUR_CTR_BUCKET_NAME_HERE",
              "arn:aws:s3:::YOUR_CTR_BUCKET_NAME_HERE/YOUR_CTR_PREFIX_HERE/*"
            ]
          }
        ]
      }

      1. Replace YOUR_RECORDING_BUCKET_NAME_HERE with the name of your S3 recordings bucket.

      2. Replace YOUR_RECORDING_PREFIX_HERE with the S3 object prefix of the recording objects.

      3. Replace YOUR_CTR_BUCKET_NAME_HERE with your S3 Contact Trace Record (CTR) bucket (omit if not using CTRs).

      4. Replace YOUR_CTR_PREFIX_HERE with the S3 object prefix of the Contact Trace Record (CTR) objects (omit if not using CTRs).


      The "Resource" array should now include following, with arn:aws:s3::: at the beginning of each resource:

      1. your S3 recordings bucket (no trailing /)

        • You can find this by going to https://console.aws.amazon.com/connect, selecting the appropriate instance alias, and clicking on Data storage.

        • Under "Call recordings will be stored in this S3 bucket", the information is presented as {bucket}/{prefix}

        • Do NOT include the prefix path or the / in this first entry.

      2. your S3 recordings location (including the S3 object prefix) followed by /*

      3. your S3 Contact Trace Record (CTR) bucket (no trailing /)

        • This was recorded on step 11 of part II.

        • This can be omitted if not using CTRs.

      4. your S3 Contact Trace Record (CTR) bucket (including the S3 object prefix) followed by /*

        • This would have been specified on step 13 of part II.

        • Most commonly, if these objects have no S3 object prefix, then this would be arn:aws:s3:::YOUR_CTR_BUCKET_NAME_HERE/*

        • This can be omitted if not using CTRs.


      If you are using Amazon Connect Contact Lens, also include the following in the "Resource" array:

      1. To grant access to all Contact Lens voice transcripts, include arn:aws:s3:::YOUR_RECORDING_BUCKET_NAME_HERE/Analysis/Voice/*

      2. To grant access only to redacted Contact Lens voice transcripts, include arn:aws:s3:::YOUR_RECORDING_BUCKET_NAME_HERE/Analysis/Voice/Redacted/*


      If you are using or plan to use Amazon Connect Chat, also include the following in the "Resource" array:

      1. your S3 chat transcripts bucket (no trailing /)

        • This information can be found and entered the same way as for recordings.

      2. your S3 chat transcripts location (including the S3 object prefix)
        followed by an asterisk (*)

      If you are using Amazon Connect Chat with Amazon Connect Contact Lens, also include the following in the "Resource" array:

      1. To grant access to all Contact Lens chat transcripts, include arn:aws:s3:::YOUR_CHAT_BUCKET_NAME_HERE/Analysis/Chat/*

      2. To grant access only to redacted Contact Lens chat transcripts, include arn:aws:s3:::YOUR_CHAT_BUCKET_NAME_HERE/Analysis/Chat/Redacted/*


      As a complete example S3 policy:
      https://drive.google.com/file/d/1jGFAWGT5iHfVKGIjPIkC33DqvXt74qDv/view

    4. (optional) Add tags, if desired.

    5. For Name, enter a descriptive policy name, such as MaestroQA-S3-Policy

    6. Click

      Create policy

  8. Now we'll repeat the process for the Amazon Connect policy actions.

    1. Click

      Create policy

    2. Click JSON.

    3. Copy and paste the following policy exactly:

      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "connect:DescribeContact",
              "connect:DescribeContactEvaluation",
              "connect:DescribeEvaluationForm",
              "connect:DescribeUser",
              "connect:GetContactAttributes",
              "connect:GetMetricData",
              "connect:GetMetricDataV2",
              "connect:ListContactEvaluations",
              "connect:ListContactReferences",
              "connect:ListEvaluationForms",
              "connect:ListRealtimeContactAnalysisSegments",
              "connect:ListUsers",
              "connect:SearchContacts"
            ],
            "Resource": "*"
          }
        ]
      }

    4. (optional) Add tags, if desired.

    5. For Name, enter a descriptive policy name, such as
      MaestroQA-Amazon-Connect-Policy

    6. Click

      Create policy

  9. Back on the "Create role" tab, refresh the list of policies.

  10. Select the two policies just created in steps 7 and 8.

  11. For Role name, enter a descriptive role name, such as MaestroQA-API-Role

  12. Click

    Create role

  13. Record the role's ARN, as this will need to be provided to MaestroQA.

IV. Enter information into MaestroQA (role credentials only)

  1. Go to https://app.maestroqa.com/settings/integrations

  2. Click on Amazon Connect.

  3. Enter the Amazon Connect Instance Id.

  4. Enter the Region Code (e.g. us-east-1, us-west-2). This can be found in the instance ARN from the previous step after arn:aws:connect: and before the next :

  5. Enter the Call recording S3 data storage location.

    • On the Amazon Connect Data storage tab, this is found under "Call recordings will be stored in this S3 bucket" in the Call recordings section.

  6. Enter the Chat transcript S3 data storage location (if applicable)

    • On the Amazon Connect Data storage tab, this is found under "Chat transcripts will be stored in this S3 bucket" in the Chat transcripts section.

  7. If you are using Amazon Connect Contact Lens, enable Contact Lens Voice Transcripts and Contact Lens Chat Transcripts as appropriate, either with or without redaction according to your configuration in Amazon Connect.

  8. If you are using Amazon Connect Contact Lens with redacted call recordings and would like to use redacted call recordings in MaestroQA, enable Use redacted call recordings.

  9. Enter the CTR Bucket, which was recorded on step 11 of part II.

    • This is ONLY the name of the S3 bucket for CTRs, not the full ARN.

    • This should NOT be entered with any prefix or trailing /

  10. Enter the CTR S3 Prefix if it was specified on step 13 of part II.

    • In most cases, this should be left blank.

    • This is ONLY the CTR object prefix, not the full ARN.

    • The CTR bucket name should NOT be included.

    • If this prefix is not blank, it should end in a trailing /

  11. Enter the Role ARN recorded on step 13 of part III.

  12. Enter the External ID recorded on step 6 of part III.

  13. Click

    Submit
Did this answer your question?