Verified AI summary ◀▼
Understand the key components of Contact Center: Amazon Connect for handling calls and chats, Amazon Cognito for user authentication, and Amazon CloudFormation for automating AWS resource setup. The Contact Center app enhances the Connect experience with features like an agent desktop and AI tools. Data stays in your AWS account, ensuring security. For updates, use a dual-stack process for safe rollbacks.
Take a moment to understand the building blocks of Contact Center and how they interact.
This article contains the following topics:
Amazon Connect Customer
Amazon Connect Customer (Connect) is a cloud-based contact center service provided by AWS that helps you set up and manage customer support calls and chats. Think of it as the telephony and contact routing engine for Contact Center. It handles phone calls, chat conversations, queues, contact flows, and more. Connect is the foundation of Contact Center; every customer who uses Contact Center must have their own Connect instance in their AWS account. Each Contact Center environment links one-to-one with a specific Connect instance. You can't link multiple Connect instances to one Contact Center account or vice versa.
Amazon Cognito
Amazon Cognito is an AWS service for user authentication and authorization. It allows you to manage user sign-up, sign-in, and access control for web or mobile applications. Amazon Cognito provides a user pool where user accounts (agents, supervisors, admins) who will log into Contact Center are stored. Cognito securely handles passwords and sign-in, so that users can sign into the Contact Center app (web application). Cognito is used to create and manage agent identities instead of using a custom system. During setup, a Cognito user pool is automatically created using CloudFormation to facilitate identity management.
Amazon CloudFormation
AWS CloudFormation is a service that helps you automate the setup of AWS resources using templates. CloudFormation uses templates to deploy the necessary AWS components, services, and permissions for Contact Center, with minimal manual input.
The CloudFormation stack (a collection of AWS resources defined by a template) creates and configures resources such as the Amazon Cognito user pool, Identity and Access Management (IAM) roles and permissions, AWS Lambda functions, streaming connections, and other components that allow Connect and Contact Center to work together. Using CloudFormation saves time and reduces errors in setting up the backend services that power Contact Center.
AWS Lambda functions
AWS Lambda is a serverless compute service that runs code in response to events. Contact Center uses Lambda functions to automate deployment tasks and process runtime events from services such as Amazon Connect Customer, Amazon S3, and Amazon Kinesis.
Deployment lambdas
These lambdas run during deployment to discover or configure the AWS resources that Contact Center uses.
| Lambda | What |
| FetchConnectDetails | Reads the Connect instance configuration at deployment time, including storage settings, bucket names, KMS keys, Kinesis streams, and the Amazon Customer Profiles domain. The outputs drive nested stack parameters. |
| SubscribeRecordingBucket | Enables EventBridge notifications on the recording S3 bucket at deployment time. |
| ContactLensStreamsLambda | Associates the Amazon Contact Lens Kinesis stream with the Connect instance storage configuration at deployment time, if no existing stream is already configured. |
Runtime lambdas
These lambdas run when Contact Center needs to process call activity, conversation data, or user requests.
| Lambda | What | When |
| ZendeskVoicePostCall | Processes Contact Trace Record stream records, reads the call recording from S3, and sends call data to the Zendesk Voice API. | After a voice call ends, when CTR stream records are available. |
| ZendeskVoiceSearch | Searches for the caller’s Zendesk ticket or contact record. | During a live voice call, when Connect invokes the Lambda. |
| ContactLensEventsLambda | Consumes the Contact Lens Kinesis stream and forwards real-time conversation analysis events to Zendesk. | When Amazon Contact Lens emits stream events. |
| CTRIngestLambda | Ingests Contact Trace Record data from Kinesis and forwards analytics data to Zendesk, including data used for the Resolution Code dashboard. | When Connect publishes CTR records to the stream. |
| TranscriptIngestLambda | Reads chat transcript JSON from S3 and uploads it to Zendesk. | When EventBridge detects that a chat transcript file is available in S3. |
| RecordingIngestLambda | Notifies Zendesk when a voice call recording .wav file is available in S3. | When EventBridge detects that a recording file is available in S3. |
| ZendeskAPI | Serves as the API Gateway proxy for the Zendesk admin UI. It reads and writes AWS Systems Manager Parameter Store values and AWS Secrets Manager values. | When the Zendesk admin UI makes API requests. |
| VoiceAIBrokerRegisterContext | Registers a Voice AI context and returns the transfer phone number and DTMF tones needed to continue the call flow. | When Connect invokes the Lambda from a contact flow. |
| MainHandler | Handles browser requests from the Contact Center agent UI. It proxies calls to Connect, Customer Profiles, and Wisdom, generates presigned S3 URLs for transcripts and attachments, and manages Cognito sessions. | When the agent UI sends browser requests. |
Zendesk Identity Provider
Zendesk provides single sign-on (SSO) by acting as a SAML 2.0 identity provider (IdP) to the AWS services that power Contact Center. You keep using your corporate IdP to sign in to Zendesk, such as Okta, Entra ID, or Google Workspace. After you sign in to Zendesk, it acts as a SAML 2.0 IdP and signs you in to Amazon Connect Customer, Amazon Cognito, and the AWS Management Console with IdP-initiated SAML SSO. You don’t need to configure separate SSO integrations for those services, and your multi-factor authentication (MFA) and access policies stay in your IdP. This is built for Contact Center’s AWS services, not as a general SAML broker for arbitrary third-party service providers.
Contact Center app
Zendesk for Contact Center is a built-by-Zendesk app that works with Connect. It provides an intuitive agent interface and additional features (like omnichannel inbox, AI-powered tools, and advanced dashboards) to enhance the Connect experience. Agents log into the Contact Center web interface to receive calls or messages, handled through the customer’s Connect instance.
Contact Center is deployed in the customer’s AWS environment. All customer and contact center data (call recordings, customer info, and so on) stays in the customer’s AWS account instead of Zendesk's servers. This helps to ensure security and privacy. To use Contact Center, you need to link the Connect instance to the Contact Center app and deploy the AWS components (using CloudFormation) that facilitate the integration. Once set up, Contact Center and Connect operate as a unified contact center solution.
For more information, see Navigating the Contact Center app.
Dual-stack upgrade process
The required infrastructure for Contact Center is deployed to your AWS environment using CloudFormation. Once deployed, that stack is never updated using the CloudFormation update process. Instead, a new (dual) CloudFormation stack is created and, once ready, Contact Center is reconfigured to use the new infrastructure. Once tested and validated, the old stack can be deleted. This ensures you have a safe rollback point.
To perform an update, an updated template URL must be requested from Zendesk.