Create an IAM role for Verint components

If the Verint recording components are hosted in AWS, create another IAM role. This Verint role allows the Verint services to read data from the Kinesis stream. The Role ARN and External ID are used in the data source configuration. The Service Provider creates the role.

If the Verint recording components are not hosted in AWS, Set up an IAM user account.

Procedure

Create a role for the AWS account of the cloud that hosts the Verint components, The Verint role must have a policy with the following permissions:
- kinesis:ListShards
- kinesis:GetShardIterator
- kinesis:DescribeStream
- kinesis:GetRecords
- dynamodb:CreateTable
- dynamodb:DescribeTable
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:Scan
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- cloudwatch:PutMetricData
If Twilio content is being stored in Amazon S3 storage, the policy must also allow access to the storage:
- s3:ListBucket
- s3:GetObject
See DynamoDB and the CreateTable action

For an example of the JSON policy, see Sample IAM Policies.
Set up a trust relationship that allows the Verint AWS account to AssumeRole into this role, which allows access to the Kinesis stream. The account reference at "AWS" is the Service Provider AWS account. For example:
Copy
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::177261743968:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "verint_recorder"
}
}
}
]
}
```
Copy the Verint Role ARN and External ID for the role. You need this later in the configuration process.

What to do next

Assign the EC2 role