I want to collect Contact Flow log for a specific contact to troubleshoot issues related to contact flow. I don’t want to manually search for issues from Amazon CloudWatch log group.
Short description
Use the AWSSupport-CollectAmazonConnectContactFlowLog AWS Systems Manager automation runbook to collect Contact Flow logs for a specific contact. The runbook queries a CloudWatch log group based on your Amazon Connect instance ID and contact ID. Then, the runbook uploads the log to your Amazon Simple Storage Service (Amazon S3) bucket. The runbook also provides you the Amazon S3 console URL and an example AWS Command Line Interface (AWS CLI) command for you to download the log.
Resolution
Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
Prerequisite:
Before you start the AWSSupport-CollectAmazonConnectContactFlowLog runbook, make sure that your AWS Identify and Access Management (IAM) user or role has the required permissions. For more information, see the Required IAM permissions section of AWSSupport-CollectAmazonConnectContactFlowLog.
Complete the following steps:
- Open the AWS Systems Manager console.
- In the navigation pane, under Change Management, choose Automation.
- Choose Execute automation.
- In the search bar, enter CollectAmazonConnectContactFlowLog.
- Select the runbook AWSSupport-CollectAmazonConnectContactFlowLog, and then choose Next.
- Enter the following values for the input parameters:
(Optional) For AutomationAssumeRole, enter the Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Automation to perform the actions. If no role is specified, then Systems Manager Automation uses the permissions of the user that starts this runbook.
For ConnectInstanceId, enter the ID of your Connect instance.
For ContactId, enter the ID of the contact that you want to collect the Contact Flow Log for.
For S3BucketName, enter the Amazon S3 bucket name in your account where you want to upload Contact Flow Logs
(Optional) For S3ObjectPrefix, enter the Amazon S3 object path in the Amazon S3 bucket for an uploaded the Contact Flow Log. For example, if you specify CollectedLogs, then the log is uploaded as s3://your-s3-bucket/CollectedLogs/ContactFlowLog_[ContactId][AWSAccountId].gz. If you don't specify this parameter, then the SSM Automation execution ID is used.
Note: If you specify a value for S3ObjectPrefix and you use the same ContactId to run this automation, the runbook overwrites the Contact Flow Log.
(Optional) For S3BucketOwnerAccount, enter the AWS Account Number that owns the Amazon S3 bucket where you want to upload the Contact Flow Log. If you don't specify this parameter, then the runbooks uses the AWS account ID of the user or role where the Automation runs.
(Optional) For S3BucketOwnerRoleArn, enter the ARN of the IAM role with permissions to get the Amazon S3 bucket. You must also have permissions to get the account block public access settings, bucket encryption configuration, the bucket ACLs, the bucket policy status, and upload objects to the bucket. If this parameter isn't specified, then the runbook uses the AutomationAssumeRole (if specified) or user that starts this runbook.
- Choose Execute.
- After the automation completes, review the detailed results in the Output section. The GenerateReport.OutputPayload tells you that the runbook successfully retrieved Contact Flow logs for the specified contact. The report also contains Amazon S3 console URL and an example AWS CLI command to download the log file.
Related information
AWS Support Automation Workflows (SAW)
Running a simple automation
Setting up Automation