By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Rules to restrict outside IP addresses from using AWS Connect

0

Is it possible to prevent users from logging in if they are trying to log in from outside the office, e.g. from their home? We are looking to just allow our agents to use AWS Connect from some IP Addresses for security measures.

Topics
Application IntegrationBusiness Applications
Tags
Amazon Connect
Language
English
lautaroef
asked 19 days ago150 views
3 Answers
1

Yes you can do this IF you are using SAML.

See here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_deny-ip.html

DanB
answered 19 days ago
0

You can create custom CCP [1] and host it with for example, CloudFront which is restricted using AWS WAF [2].

[1]. Custom CCP: https://github.com/aws-samples/amazon-connect-custom-ccp

[2]. CloudFront distribution with AWS WAF: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html

AWS
Makendran G
answered 19 days ago
  • DanB
    19 days ago

    This does not protect the Connect endpoint directly, only your custom CCP. Agents can bypass this.

0

I've not seen any documentation around having your Connect instance inside a VPC, the only thing I can think of for the CCP itself is to deploy a custom CCP via CloudFront and put IP registrations on that. However, if the agents already know the Connect URL there would be nothing stopping them from going directly.

david

profile picture
dmacias
answered 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content