Define a policy for the IAM role

Complete this procedure if you are using an Amazon Role. If you are using Access Keys as the method of identifying the adapters to Amazon Connect, the following procedure is not necessary.

To create two-way communication between the Verint cloud and the role under the Amazon Cloud with Amazon Connect, perform the following tasks on the Verint Cloud instance. These tasks give permission from the call center to allow access to the Verint party with the correct ARN and External ID, and likewise give the Recorder permission to use this access.

Perform this procedure in the Verint cloud site.

Before you begin

Create an IAM role.

Procedure 

  1. Define an Instance of the Recorder Server in the AWS Cloud.

  2. Create an EC2 role, with any name and account number.

    1. Click Next: Permissions.

    2. Click Create Policy.

    3. Click the JSON tab. You should see something like the following:

      {

      "Version": "2012-10-17",

      "Statement": []

      }

    4. Between the square brackets, enter the following:

      {

      "Sid": "AllowIPToAssumeCrossAccountRole",

      "Effect": "Allow",

      "Action": "sts:AssumeRole",

      "Resource": "arn:aws:iam::222222222222:role/efgh"

      }

    5. On the "Resource" line, replace 222222222222 with the customer's 12-digit AWS account ID number, and replace efgh by the name of the IAM role created earlier.

  3. Click Next: Tags, then Next: Review.

  4. Click Create role.

  5. While still on the Verint site, associate this policy with the IAM roles created previously on the customer cloud site, under Instances.

From the AWS side, it’s only possible to assign a single IAM role directly to each server. The actual security permissions should be defined in a Role (or multiple Roles if the customer wants to have separate Roles) configured in the Customer’s AWS account. These role(s) can then be assumed into from the role that is assigned to the Verint server.

The IAM role that is configured in Verint’s AWS account must be assigned to all servers that need to access the customer’s AWS resources.

In the case where it is required to assume different roles for different services which are running on the Recorder server (for example Archiver and Recorder adapters), both roles which we need to assume must be specified within the same security policy that allows the assigned server role to assume into those roles.

What to do next 

IAM User Permissions

Related information 

Amazon Resource Names (ARNs) - AWS General Reference

Related information 

Sample IAM Policy