Step 1: Set Up Amazon Services
Set up and configure several Amazon services in the AWS management console.
If you do not already have an Amazon Connect instance, you must create one. For more information about how to create an Amazon Connect instance, see the “Getting Started with Amazon Connect” section of the Amazon Connect Administrator Guide.
When you create a new Amazon Connect instance, AWS also creates a new S3 bucket. You can use this S3 bucket for Calabrio ONE, or you can create another one. In both cases, all data that Calabrio ONE imports from Amazon Connect (including call recordings, contact trace records, and exported reports) must be stored in a single, dedicated S3 bucket.
The contents of the S3 bucket can be encrypted in either of the following ways:
- Through Amazon Connect, by enabling encryption and selecting a KMS key when you configure Data Storage.
- Through S3, by enabling default encryption (AES-256 or AWS-KMS) on the bucket itself.
Calabrio ONE does not support enforcing encryption with a bucket policy (for example, a policy that rejects upload requests that do not include the following header: x-amz-server-side-encryption).
Create a new S3 bucket
- In the AWS management console, navigate to the S3 service.
- Click Create bucket.
- Configure the S3 bucket. The region must be the same as the region of your Amazon Connect instance.
- Click Create bucket.
If you are using QM, you can create a Kinesis firehose to stream contact trace records (CTRs) to the S3 bucket.
Create a Kinesis firehose
- In the AWS Management Console, navigate to the Kinesis service.
- In the left-hand menu, click Data Firehose.
- Click Create delivery stream.
-
Configure the fields as follows.
Field Configuration Delivery stream name Enter a unique name for the firehose. Source Select Direct PUT or other sources. - Click Next.
- In the Record transformation field, select Disabled.
- In the Record format conversion field, select Disabled.
- Click Next.
-
Configure the fields as follows.
Field Configuration Destination Select Amazon S3. S3 Destination S3 bucket—Select the S3 bucket that you are using for Calabrio ONE.
Prefix—Enter a unique prefix followed by a forward slash. Failing to add a forward slash results in errors when configuring the Amazon Connect ACD. This prefix creates a folder in the S3 bucket where the CTRs are stored. S3 automatically adds the current year as a suffix when it creates this folder.
BEST PRACTICE Enter CTRs/ as the prefix.
- Click Next.
-
Configure the fields as follows.
Field Configuration S3 buffer conditions Select the buffer conditions that you want. S3 compression and encryption Leave the S3 compression and S3 encryption options disabled (default). Error logging Enable or disable error logging. IAM role Select firehose_delivery_role. - Click Next.
- Review your firehose configuration, and then click Create delivery stream.
IAM
You must create an access key for an IAM user who is assigned to a policy that, at a minimum, grants the permissions for the S3 bucket and the Kinesis Stream that Calabrio ONE requires.
Store both the access key ID and the secret access key in an easy-to-access location. You need both to complete Step 3: Add Amazon Connect as an ACD .
The following table contains the permissions that Calabrio ONE requires for each service.
| Service | Permissions | Calabrio ONE Use |
|---|---|---|
| S3 Bucket | ListBucket | Inventory the contents in the S3 bucket that the Data Server needs to process. |
| GetBucketLocation | Retrieve the region of the S3 bucket. | |
| GetObject |
Import CTRs, reports, and call recordings. |
|
| PutObject | Create folders and subfolders in the S3 bucket and make copies of CTRs and report files that are stored in the archive folder. Once Calabrio ONE processes the CTRs and report files and stores copies of them in the archive folder, it deletes the duplicates. | |
| DeleteObject | Delete duplicate CTRs and report files after Calabrio ONE creates copies of the files and stores them in the archive folder. | |
| Kinesis stream | DescribeStream | Retrieve information about the Kinesis stream. |
| GetRecords |
Retrieve real-time agent events from the Kinesis stream. |
|
| GetShardIterator |
Retrieve a shard iterator so that real-time agent events can be read sequentially. |
The following is an example JSON document for a policy that can be attached to an IAM user in order to grant the minimum permissions that Calabrio ONE requires.
{
“Version”: “<current policy language version>”,
“Statement”: [
{
“Sid”: “<statement ID>”,
“Effect”: “Allow”,
“Action”: [
“kinesis:GetShardIterator”,
“kinesis:GetRecords”,
“kinesis:DescribeStream”,
“s3:ListBucket”,
“s3:GetBucketLocation”
],
“Resource”: [
“arn:aws:kinesis:<region>:<account-id>:stream/C<name of stream for Calabrio ONE>”,
“arn:aws:s3:::<name of S3 bucket for Calabrio ONE>”
]
},
{
“Sid”: “statement ID”,
“Effect”: “Allow”,
“Action”: [
“s3:GetObject”,
“s3:PutObject”,
“s3:DeleteObject”
],
“Resource”: [
“arn:aws:s3:::<name of S3 bucket for Calabrio ONE>/*”
]
}
]
}
For more information about creating IAM users and assigning them to policies, consult AWS Identity and Access Management documentation.
Update IAM Access and Secret Keys using an API
The IAM Keys API enables users to update Amazon Connect IAM and secret keys using GET or PUT methods.
| URI | /api/rest/it/server/<ID> |
| Method | GET or PUT |
| Permission | ReportAuthoring |
| Content Type | application/JSON |
| Name | Description |
|---|---|
| ID | Numerical value of the ACD Server in Calabrio ONE |
The following is an example of a request body:
{
"id": <acdServerId>,
"tenantId": <numericalTenantId>,
"ipHostName": "<Name of S3 Bucket>",
"serverType": "ACD Server",
"type": 12,
"Action": "Configuration",
"settings": [{
"id": "awsBucket",
"setting": "<Name of S3 Bucket>"
}, {
"id": "serverName",
"setting": "<Label of acdServer>"
},
{
"id": "awsAccessKey",
"setting": "<AccessKeyValue>"
},
{
"id": "awsSecretKey",
"setting": "<SecretKeyValue>"
}
]
}