Salesforce Voice: Create AWS IAM user with Read Only Access for Salesforce Support

Create an IAM User for the AWS Console. Follow this document for step-by-step instructions. Please make sure to only allow Console access and no programmatic access.
Create an IAM policy for the Amazon Connect debugging. Please note that although there is an out-of-the-box AmazonConnectReadOnlyAccess policy, however, that won’t be sufficient and we need to create a new policy.
1. Follow this document for creating a new IAM Policy.
2. Add the following JSON policy
3. {
  "Version": "2012-10-17",
  "Statement": [
  {
  "Sid": "AmazonConnectReadOnlyPolicy",
  "Effect": "Allow",
  "Action": [
  "connect:ListPhoneNumbers",
  "connect:ListContactFlowModules",
  "connect:DescribeInstance",
  "connect:DescribeQueue",
  "connect:GetMetricData",
  "connect:ListBots",
  "connect:GetTaskTemplate",
  "connect:DescribeUserHierarchyGroup",
  "connect:ListSecurityProfilePermissions",
  "connect:ListInstances",
  "connect:ListRealtimeContactAnalysisSegments",
  "connect:DescribeForecastingPlanningSchedulingIntegration",
  "connect:ListSecurityKeys",
  "connect:ListRoutingProfileQueues",
  "connect:DescribeInstanceAttribute",
  "connect:ListInstanceAttributes",
  "connect:DescribeRule",
  "connect:ListInstanceStorageConfigs",
  "connect:GetTrafficDistribution",
  "connect:SearchSecurityProfiles",
  "connect:ListHoursOfOperations",
  "connect:ListLambdaFunctions",
  "connect:SearchRoutingProfiles",
  "connect:DescribeHoursOfOperation",
  "connect:SearchQueues",
  "connect:ListAgentStatuses",
  "connect:ListPrompts",
  "connect:ListRules",
  "connect:ListQueueQuickConnects",
  "connect:ListTrafficDistributionGroups",
  "connect:ListUseCases",
  "connect:DescribeUserHierarchyStructure",
  "connect:DescribeInstanceStorageConfig",
  "connect:ListQueues",
  "connect:GetContactAttributes",
  "connect:ListUsers",
  "connect:ListIntegrationAssociations",
  "connect:DescribeAgentStatus",
  "connect:ListRoutingProfiles",
  "connect:DescribeTrafficDistributionGroup",
  "connect:GetCurrentMetricData",
  "connect:ListUserHierarchyGroups",
  "connect:ListContactFlows",
  "connect:DescribeSecurityProfile",
  "connect:ListPhoneNumbersV2",
  "connect:SearchAvailablePhoneNumbers",
  "connect:DescribeUser",
  "connect:DescribeQuickConnect",
  "connect:DescribePhoneNumber",
  "connect:DescribeRoutingProfile",
  "connect:ListLexBots",
  "connect:ListDefaultVocabularies",
  "connect:DescribeContactFlowModule",
  "connect:ListQuickConnects",
  "connect:GetMetricDataV2",
  "connect:SearchUsers",
  "connect:ListApprovedOrigins",
  "connect:ListTagsForResource",
  "connect:ListContactReferences",
  "connect:ListTaskTemplates",
  "connect:GetCurrentUserData",
  "connect:SearchVocabularies",
  "connect:DescribeContact",
  "connect:DescribeContactFlow",
  "connect:ListSecurityProfiles",
  "connect:DescribeVocabulary",
  "connect:GetFederationToken",
  "connect:AdminGetEmergencyAccessToken"
  ],
  "Resource": "*"
  }
  ]
  }
4. Name this policy as ‘AmazonConnectSFDCSupport’ Policy. This policy will enable READ ONLY access for Amazon connect and allow emergency login access in the Amazon Connect so that Salesforce support can look into user, queues, contact flow, etc configurations.
For the IAM User attach the following permissions
1. ReadOnlyAccess policy which is AWS managed. — This will give read-only access to cloud watch, cloud trail, lambda, etc within AWS.
2. AmazonConnectSFDCSupport policy was created in step 2.
Share the temporary passwords with Salesforce support and require a new password reset upon the next login.

Salesforce Voice: Create AWS IAM user with Read Only Access for Salesforce Support

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List