Support Automation Workflow (SAW) Runbook: Collect Amazon Connect contact flow logs

Lecture de 4 minute(s)
Niveau du contenu : Intermédiaire
1

How can I use the AWSSupport-CollectAmazonConnectContactFlowLog AWS Systems Manager automation runbook to collect Amazon Connect contact flow logs?

In this article, I will show you how to use the AWSSupport-CollectAmazonConnectContactFlowLog, AWS Systems Manager (SSM) automation runbook to expedite log search and collect the Amazon Connect contact flow logs for a specific contact ID. You can use contact flow logs to understand how a call travels through the different blocks of the contact flow. Also, use contact flow logs to troubleshoot failures and isolate where errors occur.

Learn more about Support Automation Workflows >>

How it works?

The AWSSupport-CollectAmazonConnectContactFlowLog collects the Amazon CloudWatch logs for a given contact ID, and exports the logs to the Amazon Simple Storage Service (S3) bucket of your choice. For example, AWS Support can request contact flow logs in order to assist you troubleshoot the issue, and you can use this runbook to safely export data from an Amazon CloudWatch log group.

Learn more about Amazon Connect flow logs >>

Prerequisites

Before running the automation make sure your IAM user or the role has the following permissions:

  • s3:GetBucketPublicAccessBlock
  • s3:GetBucketPolicyStatus
  • s3:PutObject
  • s3:PutObjectAcl
  • s3:GetBucketAcl
  • s3:GetAccountPublicAccessBlock
  • logs:StartQuery
  • logs:GetQueryResults
  • ssm:GetAutomationExecution
  • ssm:StartAutomationExecution

Instructions

  1. Navigate to the Systems Manager console .
  2. In the navigation pane, choose Documents.
  3. In the search bar, type the following AWSSupport-CollectAmazonConnectContactFlowLog.
  4. Select AWSSupport-CollectAmazonConnectContactFlowLog document.
  5. Click on Execute automation.
  6. For the input parameters enter the following:
    • AutomationAssumeRole (optional): The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
    • ContactId (required): The ID of the contact that you want to collect Contact Flow Log for.
    • ConnectInstanceAlias (required): The Amazon Connect Instance alias.
    • S3BucketName (required): The Amazon S3 bucket name in your account where you want to upload Contact Flow Log. Make sure that bucket policy does not grant unnecessary read/write permissions to parties that do not need access to the collected logs.
    • S3ObjectPrefix (optional): The Amazon S3 object path in the Amazon S3 bucket for an uploaded the Contact Flow Log. For example, if you specify 'CollectedLogs', the log will be uploaded as 's3://your-s3-bucket/CollectedLogs/ContactFlowLog_[ContactId][AWSAccountId].gz'. If you do not specify this parameter, the SSM Automation execution ID is used, example: 's3://your-s3-bucket/[automation:EXECUTION_ID]/ContactFlowLog[ContactId]_[AWSAccountId].gz'. Note: if you specify a value for 'S3ObjectPrefix' and you run this automation using the same [ContactId], the Contact Flow Log will be overwritten.
    • S3BucketOwnerAccountId (optional): The AWS Account Number that owns the Amazon S3 bucket where you want to upload the Contact Flow Log. If you do not specify this parameter, the runbook uses the AWS account ID of the user or role in which the Automation runs.
    • StartTimestamp (optional): The start date and time for querying the Amazon CloudWatch Logs. The format must be 'yyyy-MM-ddTHH:mm:ss' and timezone needs to be UTC. For example, 2023-01-20T00:00:00. It will be 5 days before the current date and time if this parameter is not specified.
    • EndTimestamp (optional): The end date and time for querying the CloudWatch Logs. The format must be 'yyyy-MM-ddTHH:mm:ss' and timezone needs to be UTC. For example, 2023-01-25T00:00:00. It will be the current date and time if this parameter is not specified.

The following example demonstrates how to use the AWSSupport-CollectAmazonConnectContactFlowLog automation to collect the contact flow logs and store them in the S3 bucket in the same account.

The runbook input parameters

  1. Click on Execute.
  2. You should see that the automation has been initiated.
  3. Once completed, you can review the Outputs section to see a direct link to the S3 object that was created. In addition to the direct console link, runbook provides a S3Uri format for easy consumption via AWS CLI:

The runbook outputs

You can use contact flow logs to troubleshoot failures and isolate where errors occur. Learn more how to troubleshoot contact flow errors in Amazon Connect.

Conclusion

In this article, I demonstrated how to collect Amazon Connect contact flow logs by using the SSM Automation runbook AWSSupport-CollectAmazonConnectContactFlowLog, available in the System Manager.

References

Systems Manager Automation

Run this Automation (console)

Running a simple automation: https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-working-executing.html

Setting up Automation: https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-setup.html

Documentation related to the AWS service

Troubleshoot contact flow errors in Amazon Connect: https://aws.amazon.com/premiumsupport/knowledge-center/connect-contact-flow-errors/

To help you troubleshoot, remediate, manage, and reduce costs on your AWS resources, AWS Support maintains a subset of the AWS provided predefined runbooks . These runbooks are prefixed with “AWSSupport-“ or “AWSPremiumSupport-“.