AWS connect documentation change
Summary
Renamed service references from 'Amazon Connect' to 'Connect Customer' throughout the document
Security assessment
The changes are purely branding/naming updates replacing 'Amazon Connect' with 'Connect Customer'. No security vulnerabilities, weaknesses, or incidents are addressed. The security content about restricting resource access remains functionally identical.
Diff
diff --git a/connect/latest/adminguide/restrict-access-examples.md b/connect/latest/adminguide/restrict-access-examples.md index c3f77437c..4fa531d26 100644 --- a//connect/latest/adminguide/restrict-access-examples.md +++ b//connect/latest/adminguide/restrict-access-examples.md @@ -7 +7 @@ -Example 1: Restrict which Amazon S3 buckets can be associated with an Amazon Connect instanceExample 2: Restrict which AWS Lambda functions can be associated with an Amazon Connect instanceExample 3: Restrict which Amazon Kinesis Data Streams can be associated with an Amazon Connect instance +Example 1: Restrict which Amazon S3 buckets can be associated with an Connect Customer instanceExample 2: Restrict which AWS Lambda functions can be associated with an Connect Customer instanceExample 3: Restrict which Amazon Kinesis Data Streams can be associated with an Connect Customer instance @@ -9 +9 @@ Example 1: Restrict which Amazon S3 buckets can be associated with an Amazon Con -# Restrict AWS resources that can be associated with Amazon Connect +# Restrict AWS resources that can be associated with Connect Customer @@ -11 +11 @@ Example 1: Restrict which Amazon S3 buckets can be associated with an Amazon Con -Each Amazon Connect instance is associated with an IAM [ service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role) when the instance is created. Amazon Connect can integrate with other AWS services for use cases such as call recording storage (Amazon S3 bucket), natural language bots (Amazon Lex bots), and data streaming (Amazon Kinesis Data Streams). Amazon Connect assumes the service-linked role to interact with these other services. The policy is first added to the service-linked role as part of corresponding APIs on the Amazon Connect service (that are in turn called by the AWS admin console). For example, if you want to use a certain Amazon S3 bucket with your Amazon Connect instance, the bucket must be passed to the [ AssociateInstanceStorageConfig](https://docs.aws.amazon.com/connect/latest/APIReference/API_AssociateInstanceStorageConfig.html) API. +Each Connect Customer instance is associated with an IAM [ service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role) when the instance is created. Connect Customer can integrate with other AWS services for use cases such as call recording storage (Amazon S3 bucket), natural language bots (Amazon Lex bots), and data streaming (Amazon Kinesis Data Streams). Connect Customer assumes the service-linked role to interact with these other services. The policy is first added to the service-linked role as part of corresponding APIs on the Connect Customer service (that are in turn called by the AWS admin console). For example, if you want to use a certain Amazon S3 bucket with your Connect Customer instance, the bucket must be passed to the [ AssociateInstanceStorageConfig](https://docs.aws.amazon.com/connect/latest/APIReference/API_AssociateInstanceStorageConfig.html) API. @@ -13 +13 @@ Each Amazon Connect instance is associated with an IAM [ service-linked role](ht -For the set of IAM actions defined by Amazon Connect, see [Actions defined by Amazon Connect](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html#amazonconnect-actions-as-permissions). +For the set of IAM actions defined by Connect Customer, see [Actions defined by Connect Customer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html#amazonconnect-actions-as-permissions). @@ -15 +15 @@ For the set of IAM actions defined by Amazon Connect, see [Actions defined by Am -Following are some examples of how to restrict access to other resources that may be associated with an Amazon Connect instance. They should be applied to the User or Role that is interacting with Amazon Connect APIs or the Amazon Connect console. +Following are some examples of how to restrict access to other resources that may be associated with an Connect Customer instance. They should be applied to the User or Role that is interacting with Connect Customer APIs or the Connect Customer console. @@ -21 +21 @@ A policy with an explicit `Deny` would override the `Allow` policy in these exam -For more information about what resources, condition keys, and dependent APIs you can use to restrict access, see [Actions, resources, and condition keys for Amazon Connect](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html). +For more information about what resources, condition keys, and dependent APIs you can use to restrict access, see [Actions, resources, and condition keys for Connect Customer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html). @@ -23 +23 @@ For more information about what resources, condition keys, and dependent APIs yo -## Example 1: Restrict which Amazon S3 buckets can be associated with an Amazon Connect instance +## Example 1: Restrict which Amazon S3 buckets can be associated with an Connect Customer instance @@ -25 +25 @@ For more information about what resources, condition keys, and dependent APIs yo -This example allows an IAM principal to associate an Amazon S3 bucket for call recordings for the given Amazon Connect instance ARN, and a specific Amazon S3 bucket named `my-connect-recording-bucket`. The `AttachRolePolicy` and `PutRolePolicy `actions are scoped to the Amazon Connect service-linked role (a wildcard is used in this example, but you can provide the role ARN for the instance if needed). +This example allows an IAM principal to associate an Amazon S3 bucket for call recordings for the given Connect Customer instance ARN, and a specific Amazon S3 bucket named `my-connect-recording-bucket`. The `AttachRolePolicy` and `PutRolePolicy `actions are scoped to the Connect Customer service-linked role (a wildcard is used in this example, but you can provide the role ARN for the instance if needed). @@ -31 +31 @@ To use an AWS KMS key to encrypt recordings in this bucket, an additional policy -## Example 2: Restrict which AWS Lambda functions can be associated with an Amazon Connect instance +## Example 2: Restrict which AWS Lambda functions can be associated with an Connect Customer instance @@ -33 +33 @@ To use an AWS KMS key to encrypt recordings in this bucket, an additional policy -AWS Lambda functions are associated with an Amazon Connect instance, but the Amazon Connect service-linked role is not used to invoke them, and so is not modified. Instead, a policy is added to the function through the `lambda:AddPermission` API that allows the given Amazon Connect instance to invoke the function. +AWS Lambda functions are associated with an Connect Customer instance, but the Connect Customer service-linked role is not used to invoke them, and so is not modified. Instead, a policy is added to the function through the `lambda:AddPermission` API that allows the given Connect Customer instance to invoke the function. @@ -35 +35 @@ AWS Lambda functions are associated with an Amazon Connect instance, but the Ama -To restrict which functions can be associated with an Amazon Connect instance, you specify the Lambda function ARN that a user can use to invoke `lambda:AddPermission`: +To restrict which functions can be associated with an Connect Customer instance, you specify the Lambda function ARN that a user can use to invoke `lambda:AddPermission`: @@ -63 +63 @@ JSON -## Example 3: Restrict which Amazon Kinesis Data Streams can be associated with an Amazon Connect instance +## Example 3: Restrict which Amazon Kinesis Data Streams can be associated with an Connect Customer instance @@ -65 +65 @@ JSON -This example follows a similar model to the Amazon S3 example. It restricts which specific Kinesis Data Streams may be associated with a given Amazon Connect instance for delivering contact records. +This example follows a similar model to the Amazon S3 example. It restricts which specific Kinesis Data Streams may be associated with a given Connect Customer instance for delivering contact records. @@ -121 +121 @@ Required permissions for custom IAM policies -How Amazon Connect works with IAM +How Connect Customer works with IAM