# Agent activity audit report in Amazon Connect The agent activity audit is like a report version of the [agent event stream](agent-event-streams.md). All of the data in this report is also in the agent event stream. For example, if there's something in the audit report you want to recreate, or if you want to recreate a different time period, you can do so using the agent event stream. **Topics** + [ ## Run the agent activity audit report ](#access-agent-activity-audit) + [ ## Status definitions ](#agent-activity-status-definitions) + [ ## Status changes ](#agent-activity-status-changes) + [ ## When is the status Agent Disconnected, Contact Missed, or Rejected? ](#rejected-missed-disconnected) + [Required permissions](#agent-activity-audit-permissions) + [Agent activity audit tag-based access control](agent-activity-audit-tag-based-access-control.md) ## Run the agent activity audit report For a list of required permissions to perform this procedure, see [Assign permissions](dashboard-required-permissions.md). 1. Log in to the Amazon Connect admin website at https://*instance name*.my.connect.aws/. 1. Choose **Analytics and optimization**, **Historical metrics**, **Agents**, **Agent activity audit**. 1. Choose the agent login, date, and timezone, and then choose **Generate Report**. 1. To download the results, choose **Download CSV**. ## Status definitions The following values may appear in the **Status** column on agent activity audit report. + **Available**: The agent has set their status in the Contact Control Panel (CCP) to **Available**. Contacts can be routed to them. + **Offline**: The agent has set their status in the Contact Control Panel (CCP) to **Offline**. Contacts can not be routed to them. + **Custom status**: The agent has set their status in the Contact Control Panel (CCP) to a custom status. Contacts can not be routed to them. + **Connecting**: The state between an inbound contact arriving in the flow and routing to the agent. + **Connecting Agent**: The state between an inbound contact being routed to an agent and the agent receiving the contact. + **Call Connected**: When an inbound Voice contact has been established by the agent choosing **Accept** in their CCP + **Connected**: When an inbound **Chat/Task/Email** contact has been established by the agent choosing **Accept** in their CCP. + **Busy**: The agent is interacting with a **Voice/Task/Email** customer. + **Agent Disconnected**: When the agent doesn't choose **Accept** on the inbound voice contact in 20 seconds, or they choose **Reject**. + **Calling Customer**: The state before an outbound call is established. + **Contact Missed**: When the agent misses a chat or task contact. + **Missed Call Agent**: When an agent accepts a callback, but they end the call before ringing the customer has finished. + **Paused**: When a contact has been paused after being connected to an agent using the CCP or public API. + **Telecom issue**: When an outbound call is ended before the call is established. For example, there was an error with the agent's soft phone connection. + **On Hold**: When the agent pauses a contact. **Note** If a status appears in your report but is not listed on this page, it is a custom status created by your organization. Contact your Amazon Connect admin to learn the definition. ## Status changes Starting March 09, 2026, the following statuses have been updated for the corresponding contact types. + Chat + **Joining Customer** → **Connecting** + **Busy** → **Connected** + Voice + **Connected** → **Call Connected** Starting March 09, 2026, a new status has been added for the corresponding contact types. + Voice/Chat/Task/Email + **On Hold** **Note** Reports generated before March 09, 2026, will reflect the previous status values. ## When is the status Agent Disconnected, Contact Missed, or Rejected? Following is a summary of when the **Status** column can be **Agent Disconnected**, **Contact Missed**, or **Rejected**: + Voice contact + When anyone misses a voice contact, the status in the agent audit is **Agent Disconnected**. + When anyone rejects a voice contact, the status in the agent audit is **Agent Disconnected**. + Chat contact + When anyone misses a chat contact, the status in the agent audit is **Contact Missed**. + When anyone rejects a chat contact, the status in the agent audit is **Contact Missed**. + Task contact + When anyone misses a task contact, the status in the agent audit is **Contact Missed**. + When anyone rejects a task contact, the status in the agent audit is **Rejected**. + Email contact + When anyone misses an email contact, the status in the agent audit is **Contact Missed**. + When anyone rejects an email contact, the status in the agent audit is **Rejected**. ## Permissions required to view agent activity audit reports Required permissions To view real-time metrics reports, you need to be assigned to a security profile that has either the **Access metrics - Access** permission or the **Real-time metrics - Access** permission. Note the following behavior when you assign these permissions: + When **Access metrics - Access** is selected, the **Real-time metrics**, **Historical metrics**, and **Agent activity audit** permissions are also automatically assigned. + When **Access metrics - Access** is assigned, you have access to all real-time and historical metrics reports. ![\[The Analytics and Optimization section of the security profiles permissions page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/permissions-create-and-share-reports.png) If only **Agent activity audit - Access** is selected, you have access to only agent activity audit report and no other analytics pages or reports. The following image shows the **Analytics and Optimization** section, with only **Agent activity audit - Access** selected. ![\[The agent activity audit permission on the security profile permissions page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/permissions-create-and-share-reports-3.png) # Agent activity audit tag-based access control in Amazon Connect Agent activity audit tag-based access control You can use resource tags and access control tags to apply granular access to users for the agent activity audit report. For example, you can control who has access to view agent status history for specific users in the report. The following images provide example views of the agent activity audit report with and without tag-based access controls: **Without tag-based access controls, you see all agents:** ![\[Without tag-based access controls, you see all agents.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/agent-activity-audit-tag-based-access-control-before.png) **By using tag-based access controls, you can see a limited set of agents:** ![\[By using tag-based access controls, you can see a limited set of agents.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/agent-activity-audit-tag-based-access-control-after.png) Tag-based access controls are available for real-time metrics; however, they are not applicable to other historical metric reports or the login/logout report. For more information, please see [Real-time metrics tag-based access control in Amazon Connect](rtm-tag-based-access-control.md). Tag-based access controls enable you to configure granular access to specific resources based on assigned resource tags. You can configure tag based access controls by using the API/SDK or the Amazon Connect admin website (for supported resources). You must configure user resource tags and access control tags before tag-based access control is applied to users for the agent activity audit report. For more information, see [Add tags to resources in Amazon Connect](tagging.md) and [Apply tag-based access control in Amazon Connect](tag-based-access-control.md). ## How To Enable Tag-based Access Control for Agent Activity Audit Report To use tags to control access to users for the agent activity audit report, you must first configure user resource tags and access control tags. After your resource tags and access control tags are configured, you need to apply the appropriate permissions. After your resource tags, access control tags, and permissions have been appropriately configured, you will have access controls applied to users for the agent activity audit report. For more information on tagging resources and tag-based access control in Amazon Connect, see [Add tags to resources in Amazon Connect](tagging.md) and [Apply tag-based access control in Amazon Connect](tag-based-access-control.md). ## Permissions To view agent activity audit reports with tag-based access controls applied, you need to be assigned to a security profile that has Access selected for **Agent Activity Audit** or has Access selected for **Access metrics** permission, along with access to the user resource. Note that if you enable **Access metrics**, then **Real-time metrics**, **Historical Metrics**, and **Agent Activity Audit** will be filled in automatically, and you therefore will be enabling users to see all data for historical metrics for which tag-based access controls are not currently applied. ![\[The Analytics and Optimization section of the security profiles permissions page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/agent-activity-audit-tag-based-access-control-permissions-1.png) ![\[The Analytics and Optimization section of the security profiles permissions page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/agent-activity-audit-tag-based-access-control-permissions-2.png) ![\[The Analytics and Optimization section of the security profiles permissions page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/agent-activity-audit-tag-based-access-control-permissions-3.png)