- Newest
- Most votes
- Most comments
Yes you can do this IF you are using SAML.
See here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_deny-ip.html
You can create custom CCP [1] and host it with for example, CloudFront which is restricted using AWS WAF [2].
[1]. Custom CCP: https://github.com/aws-samples/amazon-connect-custom-ccp
[2]. CloudFront distribution with AWS WAF: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html
I've not seen any documentation around having your Connect instance inside a VPC, the only thing I can think of for the CCP itself is to deploy a custom CCP via CloudFront and put IP registrations on that. However, if the agents already know the Connect URL there would be nothing stopping them from going directly.
david
Relevant content
- asked a year ago
- asked 4 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
This does not protect the Connect endpoint directly, only your custom CCP. Agents can bypass this.