Create an IAM role for Twilio
To allow Twilio to write data to the Kinesis stream, create an Identity and Access Management (IAM) Role in AWS. This Twilio role has specific permissions and a trust relationship with the Kinesis stream. The Role ARN and External ID are required later to set up the Sink in Twilio Flex. The Service Provider creates the role.
What to do next
If recorders deployed in AWS: Create an IAM role for Verint components
If recorders not deployed in AWS: Set up an IAM user account
Procedure
-
In AWS, create a role for the AWS account of the cloud that hosts the Twilio Flex Contact Center, This Twilio role must have a policy with the following permissions:
-
kinesis:PutRecord
-
kinesis:PutRecords
-
kinesis:ListShards
-
kinesis:DescribeLimits
For an example of the JSON policy, see Sample IAM Policies.
-
- Set up a trust relationship that allows the Twilio AWS account to invoke AssumeRole into the Role that allows access to Kinesis. The account reference at "AWS" is the Twilio AWS account. For example:Copy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::009145568234:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "5fc06fc0bef0d226fff5cbc76217968fc06931af85c0ec32c8ed0252e4b4d338b428198afab64a18"
}
}
}
]
} -
Copy the Twilio Role ARN and External ID for the role. This information is required later in the configuration process.