Skip to main content
All CollectionsIntegrations in MaestroQAAmazon Connect
User credentials for Amazon Connect integration
User credentials for Amazon Connect integration

Set up the Amazon Connect integration with user credentials instead of role credentials

Adam avatar
Written by Adam
Updated over a year ago

This article details how to grant access to MaestroQA for the Amazon Connect integration by creating a new user and using AWS access keys.

To set up the Amazon Connect integration with the default, recommended approach of creating a role instead of a user, please follow the instructions in https://help.maestroqa.com/en/articles/4063505-amazon-connect-integration.

Please note that each part of this article may require admin access to Amazon Connect, Amazon Kinesis, IAM, S3, and MaestroQA.

To begin, please follow along parts I and II of https://help.maestroqa.com/en/articles/4063505-amazon-connect-integration.


III. Set up IAM (user credentials only)

2. Click "Users".

3. Click "Add user".

4. Enter a descriptive name (e.g. "MaestroQA-API-User").

5. Next to Access Type, check the box labeled "Programmatic Access".

6. Under permissions, select "Attach existing policies directly".

7. We'll now create the S3 policy for s3:GetObject and s3:ListBucket actions.

Click "Create policy", "JSON", and then paste the policy found here:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::YOUR_RECORDING_BUCKET_NAME_HERE",
"arn:aws:s3:::YOUR_BUCKET_NAME_HERE/YOUR_RECORDING_PREFIX_HERE/*",
"arn:aws:s3:::YOUR_CTR_BUCKET_NAME_HERE",
"arn:aws:s3:::YOUR_CTR_BUCKET_NAME_HERE/*"
]
}
]
}
  • Replace YOUR_RECORDING_BUCKET_NAME_HERE with the name of your S3 recordings bucket.

  • Replace YOUR_CTR_BUCKET_NAME_HERE with your S3 Contact Trace Record (CTR) bucket.

  • Replace YOUR_RECORDING_PREFIX_HERE with the S3 object prefix of the recording objects.

The "Resource" array should now include following, with arn:aws:s3::: at the beginning of each resource:

  • your S3 recordings bucket (no trailing /)

  • your S3 recordings location (including the S3 object prefix) followed by *

    • (uncommon) If there is no S3 object prefix, then this would be arn:aws:s3:::YOUR_BUCKET_NAME_HERE/*

  • your S3 Contact Trace Record (CTR) bucket (no trailing /)

  • your S3 Contact Trace Record (CTR) bucket followed by *

    • (uncommon) If these objects have an S3 object prefix, then this would be arn:aws:s3:::YOUR_CTR_BUCKET_NAME_HERE/YOUR_CTR_PREFIX_HERE/*

(uncommon) If you are using Amazon Connect Chat, also include the following in the "Resource" array:

  • your S3 chat transcripts bucket (no trailing /)

  • your S3 chat transcripts location followed by an asterisk (*)

As a complete example S3 policy:

8. Now we'll repeat the process for the Amazon Connect policy for the connect:ListUsers and connect:DescribeUser actions. Again click "Create policy" and "JSON", pasting the following policy verbatim:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"connect:ListUsers",
"connect:DescribeUser"
],
"Resource": "*"
}
]
}

9. Add tags, if desired.

10. On the Review page, click "Create user".

11. On the next page, you will be shown the Access key ID and the Secret access key. Record both of these now, as it will not be possible to view the Secret access key again.


IV. Enter information into MaestroQA (user credentials only)

2. Enter the Access Key Id and Secret Access Key obtained on step 11 of part III.

3. Click

Did this answer your question?