Skip to main content
Home Documentation Pages

Which AWS Permissions are needed for WFM & Amazon Connect Integration

Kyle Rayner

0 comments

The article outlines necessary AWS permissions for Workforce Management (WFM) integration with Amazon Connect, including S3 bucket permissions (s3:GetObject, s3:ListBucket) for accessing reports, Amazon Connect API permissions (AmazonConnectReadOnlyAccess and specific connect actions) for retrieving scheduling and contact data, optional EventBridge permissions for event handling, and other permissions like lambda:InvokeFunction, sts:AssumeRole, and execute-api:Invoke based on use case.

 

1. S3 Bucket Permissions

  • Purpose: Allow  WFM to access exported reports and agent productivity data stored in S3.
  • Required Permissions:
    • s3:GetObject
    • s3:ListBucket

  • Scope: The S3 buckets configured for Amazon Connect’s exported data.

     

2. Amazon Connect API Permissions

  • Purpose: Enable  WFM to retrieve schedule, agent, and contact data, and to integrate with Amazon Connect.
  • Recommended AWS Managed Policy:
    • AmazonConnectReadOnlyAccess
  • For advanced API access or custom integration, consider:
    • connect:DescribeInstance
    • connect:Get*
    • connect:List*

3. EventBridge (Optional, if contact events are required)

  • Purpose: Allow interaction with Amazon EventBridge for contact or agent event records.
  • Typical Permissions:
    • events:PutRule
    • events:PutTargets
    • events:DescribeRule
    • events:List*

4. Other Possible Permissions (Based on Use Case)

  • Lambda execution (if used in integration):
    • lambda:InvokeFunction
  • IAM Role Assumption (if WFM uses roles):
    • sts:AssumeRole
  • API Gateway (if REST APIs are involved):
    • execute-api:Invoke

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

0 comments

Please sign in to leave a comment.