We want to use Amazon Connect for multiple clients. When a call comes to agent queue can we:

  1. Limit Agent data access to specific Customer Data- demographics, cases, previous notations, previous call records etc…
  2. Restrict agent data access. Customer data accessible to an agent is to be limited to a specified customer.
  3. Customer specific branding is exposed to an agent when accepting the call.
asked a year ago614 views
2 Answers

Contact base tagging access control is not currently supported. What should explore is the permission "Restrict contact access" in Security Profile. This leverages Agent Hierarchy so only Contacts that were handled within the same level or lower can be accessed by the agent


This means you have to setup an Agent Hierarchy and group your agents appropriately. It is difficult when you have agents that could take calls from multiple clients. In situation where you only want your agent to see contact information related to the queue or brand on a particular call, it is best to create a custom flow to pull the data you want to show the agent, and potentially leverage Step by Step guide to show them. Or custom build a CCP to display these data according to your rules.

Agents in Connect does not get affected by IAM role/polices and only by Security Profiles as they are not IAM users

profile pictureAWS
answered a year ago

Apart from the User management console in Connect, where you can set up users with different levels of permissions, if you need a more granular control over which data are your Connect users accessing you can use Tag-based access control.

With Tag-based access control you can configure granular access to specific resources based on assigned resource tags. You configure tag based access controls by using the API/SDK or within the Amazon Connect console. To use tags to control access to resources within your AWS accounts, you need to provide tag information in the condition element of an IAM policy. For more info see Controlling access to AWS resources using tags.

I leave you also the link to this blog post where you can see the implementation of tag-based access control in Amazon Connect for a real use case.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions