search

service-cloud-voice / ServiceCloudVoiceLambdas

This application provides a set of Lambda functions, which are available within your Amazon Connect instance after provisioning the instance with your Service Cloud Voice contact center. You can use these Lambdas in Amazon Connect contact flows.
BSD 3-Clause "New" or "Revised" License
14 stars 18 forks source link

Confusion/concern over different integration methods and the future #65

Open vgw-chriskruger opened 9 months ago

vgw-chriskruger commented 9 months ago

I notice an update in the Salesforce Winter ’24 Release Notes pertaining to Service Cloud Voice that introduces a new way to use an existing AWS Connect instance during service cloud voice integration.

For lack of a better description I would characterise this new method it as role assumption via wizard.

I can see some documentation on this approach from initial integration (from scratch) and some documentation referring to migrating from the "import xml" methodology described in the well known document Get Started with Service Cloud Voice with Partner Telephony from Amazon Connect to this new method. The migration process is documented in this help article

As an organisation that prefers to keep control of what is happening in their AWS account via Terraform we have a strong preference towards being able to control when we deploy updates and how this is done. As far as I know for my organisation to continue operating this way the only option we really have is the "import xml" method. I have heard the future of this "import.xml" method is uncertain?

Using the new recommended way to Set Up Service Cloud Voice with Partner Telephony from Amazon Connect it seems implementers are expected to create a role with the linked permissions.

Reading these permissions, I note that they are fairly broad (bringing with it the risk of interfering with other things in the AWS account - for example we run two SCV installations - dev and staging within one account). They also seem production centric, I infer this because I note specifically several s3 resources with "prod" explicitly hardcoded into the name. e.g. 

     ...snip
    "arn:aws:s3:::prod-scv-resources-*",
    "arn:aws:s3:::prod-byoa-scv-resources-*",
     ...snip

Q: I would like to understand what is the future plan for Service Cloud Voice integration for organisations that would prefer to control the integration part themselves (i.e. deployment of lambdas from AWS SAR etc).

jinalkathiara commented 4 months ago

Can you let us know that how are the latest IAM provisioning Role permissions ? We have done lots of work in this area and now the permissions should be very specific to only the SCV resources.

Let us know your thoughts @vgw-chriskruger