Setting up the Amazon Connect integration will enable you to access your calls from Amazon Connect in MaestroQA. Please note that each part of this article may require admin access to Amazon Connect, Amazon Kinesis, IAM, S3, and MaestroQA.

I. Set up recording

Set up recording for any Contact Flow that you might want to QA if you have not already done so. Please make sure to record Agent and Customer. The instructions for doing this can be found here:

call recording behavior amazon connect

II. Set up Data streaming with Amazon Kinesis Firehose

1. From the Amazon Connect console at, click on the instance alias of the Amazon Connect instance you would like to QA.

2. Click on "Data Streaming".

3. Check the box "Enable data streaming".

4. Under Contact Trace Records, select "Kinesis Firehose".

5. If you have not already set up Kinesis Firehose, click the link "Create a new Kinesis Firehose". If you have already done this, go to step 19.

6. On the new "Amazon Kinesis Firehose" tab that just opened, click the button "Create delivery stream".

(There may be some limited costs associated with Amazon Kinesis Firehose. At a rate of 1,000,000 calls per day with each Contact Trace Record being less than 5 KB in size, at the US East rate of $0.029/GB the total cost over a 30 day period will be only $4.15. Full pricing information is outlined here:

7. Choose a descriptive Delivery stream name, such as "amazon-connect-contact-trace-record-stream".

8. Under Source select "Direct PUT or other sources".

9. Data transformation and Record format conversion can remain disabled.

10. Under Destination select "Amazon S3".

11. Create an S3 bucket that is only used for Amazon Connect Contact Trace Records, using a descriptive name such as "connect-contact-trace-records-{your company name}". Record this bucket name, as it will be needed for MaestroQA's integration information.

12. Select the region, using the same region as Amazon Connect. Click Create S3 bucket.

13. Leave S3 prefix blank so the default is used. If an S3 prefix is specified, record this for Part IV.

14. Edit Buffer size and Buffer interval, if desired. A higher Buffer interval would mean greater potential for delay in updating the data in S3, but even the maximum value of 900 seconds is unlikely to have any noticeable impact on QA.

15. Set S3 compression and encryption, error logging, and tags, if desired.

16. Under Permissions, allow Firehose to create the IAM Role "firehose_delivery_role" with the default policy.

17. On the Review page, click "Create delivery stream".

18. After Kinesis finishes creating the delivery stream, close this tab, go back to the Amazon Connect tab, refresh the page, and click on "Data Streaming" again.

19. Under Contact Trace Records, in the dropdown menu, select the name of the stream you would like to use.

20. Click Save.

III. Set up IAM

1. Go to

2. Click "Users".

3. Click "Add user".

4. Enter a descriptive name, such as "MaestroQA-API-User".

5. Next to Access Type, check the box labeled "Programmatic Access".

6. Under permissions, select "Attach existing policies directly".

7. We'll now create the S3 policy for s3:GetObject and s3:ListBucket actions.

Click "Create policy", "JSON", and then paste the policy found here:

Then carefully replace the values in "Resource" with the following, with arn:aws:s3::: at the beginning of each resource:

  • your S3 recordings bucket

  • your S3 recordings location followed by an asterisk ("*")

  • your S3 chat transcripts bucket (if different)

  • your S3 chat transcripts location followed by an asterisk ("*")

  • your S3 Contact Trace Record (CTR) bucket

  • your S3 Contact Trace Record (CTR) bucket followed by an asterisk ("*")

8. Now we'll repeat the process for the Amazon Connect policy for the connect:ListUsers and connect:DescribeUser actions. Again click "Create policy" and "JSON", pasting the following policy verbatim:

9. Add tags, if desired.

10. On the Review page, click "Create user".

11. On the next page, you will be shown the Access key ID and the Secret access key. Record both of these now, as it will not be possible to view the Secret access key again.

IV. Enter information into MaestroQA

1. Go to

2. Click on "Amazon Connect".

3. Enter the Access key ID and Secret access key obtained on step 11 of part III.

4. Enter the Amazon Connect Instance ID. To find this, go to, select the appropriate instance alias, and take the 36-character alphanumeric string at the end of the instance ARN after the slash "/". See this for details:

5. Enter the Region Code (e.g. us-east-1, us-west-2). This can be found in the instance ARN from the previous step after arn:aws:connect: and before the next colon ":".

6. Enter the Amazon Connect Contact Trace Record (CTR) S3 bucket name, which was set on step 11 of part II.

7. Enter CTR S3 prefix if it was specified on step 13 of part II. In most cases, this can be left blank.

8. Enter the Amazon Connect Call recording S3 bucket and location. If applicable, also enter the Amazon Connect Chat transcript S3 bucket (typically the same bucket) and location. You can find this by going to, selecting the appropriate instance alias, and clicking on "Data storage".

Did this answer your question?