# Create an Amazon Connect instance Create an Amazon Connect instance The first step in setting up your Amazon Connect contact center is to create a virtual contact center instance. Each instance contains all the resources and settings related to your contact center. ## Things to know before you begin + When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon Connect. You are charged only for the services that you use. To create an AWS account, see [How/ do I create and activate an AWS account?](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) + To allow a user to create an instance, ensure that they have the permissions granted by the **AmazonConnect\$1FullAccess** policy. + For a list of the minimum IAM permissions required to create an instance, see [Required permissions for using custom IAM policies to manage access to the Amazon Connect console](security-iam-amazon-connect-permissions.md). + By default when you create an Amazon Connect instance, Next Generation Amazon Connect is enabled. It's pricing model includes unlimited AI features in Amazon Connect. It's an all-inclusive channel pricing model that covers all optimization features for usage on your platform. After you initially create your Amazon Connect instance, you can choose to disable this option and instead pay separately for channels and any optimization features you choose to use. For more information, see [Amazon Connect pricing](enable-nextgeneration-amazonconnect.md). + Amazon Connect is not available to customers in India using Amazon Web Services through Amazon Web Services India Private Limited (AWS India). You will receive an error message if you try to create an instance in Amazon Connect. + When you create an instance, you must decide how you want to manage users. **You can't change the identity management option after you create the instance**. For more information, see [Plan your identity management in Amazon Connect](connect-identity-management.md). ## Step 1: Set identity Permissions to access Amazon Connect features and resource are assigned to user accounts within Amazon Connect. When you create an instance, you must decide how you want to manage users. You can't change the identity management option after you create the instance. For more information, see [Plan your identity management in Amazon Connect](connect-identity-management.md). **To configure identity management for your instance** 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. Choose **Get started**. If you have previously created an instance, choose **Add an instance** instead. 1. Choose one of the following options: + **Store users in Amazon Connect** - Use Amazon Connect to create and manage user accounts. You cannot share users with other applications. + **Link to an existing directory** - Use an Directory Service directory to manage your users. You can use each directory with one Amazon Connect instance at a time. + **SAML 2.0-based authentication** - Use an existing identity provider (IdP) to federate users with Amazon Connect. 1. If you chose **Store users within Amazon Connect** or **SAML 2.0-based authentication**, provide the left-most label for **Access URL**. This label must be unique across all Amazon Connect instances in all Regions. You can't change the access URL after you create your instance. 1. If you chose **Link to an existing directory**, select the Directory Service directory for **Directory**. The directory name is used as the left-most label for **Access URL**. 1. Choose **Next**. ## Step 2: Add administrator After you specify the user name of the administrator for the Amazon Connect instance, a user account is created in Amazon Connect and the user is assigned the **Admin** security profile. **To specify the administrator for your instance (Optional)** 1. Do one of the following, based on the option that you chose in the previous step: + If you chose **Store users within Amazon Connect**, select **Specify an administrator**, and provide a name, password, and email address for the user account in Amazon Connect. + If you chose **Link to an existing directory**, for **Username**, type the name of an existing user in the Directory Service directory. The password for this user is managed through the directory. + If you chose **SAML 2.0-based authentication**, select **Add a new admin** and provide a name for the user account in Amazon Connect. The password for this user is managed through the IdP. 1. You can also select **No administrator** if an administrator is not needed for your instance. 1. (Optional) Add tags to your instance. For more information see [Tagging an Amazon Connect instance](tagging-connect-instance.md). 1. Choose **Next**. ## Step 3: Set telephony Use the options in this section to choose whether you want your agents to receive calls from customers, make outbound calls, and hear early media audio. ### Early media When early media audio is enabled, for outbound calls your agents can hear pre-connection audio such as busy signals, failure-to-connect errors, or other informational messages provided by telephony providers. **Note** The early media feature is not supported for transfers that are dialed through the [Transfer to phone number](transfer-to-phone-number.md) block in flows. **By default, early media is enabled for you. Note the following exception:** + Your instance was created before April 17, 2020, and you weren't enrolled in the preview program. You need to enable early media audio. For instructions, see [Update telephony and chat options](update-instance-settings.md#update-telephony-options). **To configure telephony options for your instance** 1. To allow inbound calls to your contact center, choose **Receive inbound calls with Amazon Connect**. 1. To enable outbound calling from your contact center, choose **Make outbound calls with Amazon Connect**. 1. To enable agents to hear pre-connection audio, choose **Enable early media**. 1. To enable up to six participants on a call, choose **Enable Multi-Party Calls and Enhanced Monitoring for Voice**. 1. To enable up to six participants on a chat, choose **Enable Multi-Party Chats and Enhanced Monitoring for Chat**. 1. Choose **Next**. ## Step 4: Data storage **Note** Amazon Connect does not support Amazon S3 Object Lock in compliance mode to store objects using a write-once-read-many (WORM) model. When you create an instance, by default we create an Amazon S3 bucket. Data, such as reports and recordings of conversations, is encrypted using AWS Key Management Service, and then stored in the Amazon S3 bucket. This bucket and key are used for both recordings of conversations and exported reports. Alternatively, you can specify separate buckets and keys for recordings of conversations and exported reports. For instructions, see [Update settings for your Amazon Connect instance](update-instance-settings.md). **Note** For voice artifacts (analysis files and redacted audio), Contact Lens uses the recording key. For chat artifacts (analysis files), it uses the chat recording key. **By default, Amazon Connect creates buckets for storing call recordings, chat transcripts, exported reports, flow logs, and email messages. ** + When a bucket is created to store call recordings, call recording is enabled at the instance level. The next step for setting up this functionality is to [enable contact recording](set-up-recordings.md) in a flow. + When a bucket is created to store chat transcripts, chat transcription is enabled at the instance level. Now all chat transcripts will be stored. + When a bucket is created to store email messages, a default Amazon Connect email domain is created for your instance. This email domain cannot be customized. After your Amazon Connect instance is created, you can add up to five custom email domains that have been onboarded to Amazon SES. For more information, see [Enable email for your Amazon Connect instance](enable-email1.md). **Important** If you choose **Enable Attachments sharing** for your instance, you must configure a CORS policy on your attachments bucket. If you don't do this, the email channel will not work for your instance. For instructions, see [Step 5: Configure a CORS policy on your attachments bucket](enable-email1.md#config-email-attachments-cors1). + Live media streaming is not enabled by default. + Screen recording is not enabled by default. For more information, see [Enable screen recording for your Amazon Connect instance](enable-sr.md). **By default, Amazon Connect creates a Customer Profiles domain**, which stores profiles that combine customer contact history with customer information such as account number, address, billing address, and birth date. Data is encrypted using AWS Key Management Service. You can configure Customer Profiles to use your own customer managed key after your instance is set up. For more information, see [Create a KMS key to be used by Customer Profiles to encrypt data (required)](enable-customer-profiles.md#enable-customer-profiles-awsmanagedkey). **Review and copy the location of the S3 bucket, flow logs, and whether you want to enable Customer Profiles.** 1. If desired, copy the location of the S3 bucket where your data encryption is stored, and the location of the flow logs in CloudWatch. 1. Choose **Next**. ## Step 5: Review and create **To create your instance** 1. Review the configuration choices. Remember that you cannot change the identity management options after you create the instance. 1. (Optional) To change any of the configuration options, choose **Edit**. 1. (Optional) Add tags to your instance. For more information see [Tagging an Amazon Connect instance](tagging-connect-instance.md). 1. Choose **Create instance**. 1. (Optional) To continue configuring your instance, choose **Get started** and then choose **Let's go**. If you prefer, you can access your instance and configure it later on. For more information, see [Next steps](#get-started-next-steps). If you chose to manage your users directly within Amazon Connect or through an Directory Service directory, you can access the instance using its access URL. If you chose to manage your users through SAML-based authentication, you can access the instance using the IdP. **Important** Next Generation Amazon Connect is now enabled. It provides Amazon Connect with unlimited AI features in an all-inclusive pricing model. To switch to paying separately for channels and any optimization features you choose, [disable Next Generation Amazon Connect](enable-nextgeneration-amazonconnect.md#how-to-disable-ac). ## Next steps After you create an instance, you can assign your contact center a phone number or import your own phone number. For more information, see [Set up contact center phone numbers for your Amazon Connect instance](ag-overview-numbers.md). # Create a development or test instance for your Amazon Connect contact center Create a test instance You might want to create multiple contact center instances, for example, one as a Sandbox for development, another for QA, and a third for Production. Each instance functions only within the AWS Region in which you create it. **Important** Most entities in Amazon Connect can be (re)created and replicated among instances using the Amazon Connect API. While doing that keep the following limitations in mind: Service quotas are specific to each instance. Some supporting services, such as User Directory, can be linked to only one Amazon Connect instance at a time. Any additional external and Region-specific limitations. For more information, see [Can I migrate my Amazon Connect instance from a test environment to a production environment?](https://aws.amazon.com/premiumsupport/knowledge-center/connect-migrate-instance-resources/) **To create another instance** 1. In the AWS Management Console, choose **Amazon Connect**. 1. Choose **Add an instance**. 1. Complete the steps on the Amazon Connect resource configuration page. For instructions see [Create an Amazon Connect instance](amazon-connect-instances.md). # Find your Amazon Connect instance ID or ARN Find your instance ID When you open a support ticket, you may be asked to provide your Amazon Connect instance ID (also called the ARN). Use the following steps to find it. 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. On the instances page, choose the instance alias. The instance alias is also your **instance name**, which appears in your Amazon Connect URL. The following image shows the **Amazon Connect virtual contact center instances** page, with a box around the instance alias. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) On the **Account overview** page, in the **Distribution settings** section, you can see the full instance ARN. ![\[The Distribution settings section, the full ARN.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/find-instance-arn.png) The information after **instance/** is the instance ID. ![\[The characters after the last /.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/find-instance-id.png) If you don't see your instance listed, double-check that you're looking in the correct Region, as shown in the following image. For a list of supported Regions, see [Amazon Connect availability by Region](regions.md#amazonconnect_region). ![\[The Region dropdown list.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/supported-regions.png) # Find your Amazon Connect instance name Find your instance name/alias 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. On the instances page, the instance name appears in the **Instance Alias** column. This instance name appears in the URL you use to access Amazon Connect. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) # Update settings for your Amazon Connect instance To update the instance settings: 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. On the instances page, choose the instance alias. The instance alias is also your **instance name**, which appears in your Amazon Connect URL. The following image shows the **Amazon Connect virtual contact center instances** page, with a box around the instance alias. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) 1. Complete the following procedures. ## Update telephony and chat options 1. In the navigation pane, choose **Telephony**. This opens the **Telephony and chat** options page. 1. To enable customers to call into your contact center, choose **Receive inbound calls with Amazon Connect**. 1. To enable outbound calling from your contact center, choose **Make outbound calls with Amazon Connect**. 1. To enable outbound campaigns, choose **Enable outbound campaigns**. 1. By enabling early media audio, your agents can hear pre-connection audio such as busy signals, failure-to-connect errors, or other informational messages from telephony providers, when making outbound calls. Choose **Enable early media**. **Note** The early media feature is not supported for transfers that are dialed through the [Transfer to phone number](transfer-to-phone-number.md) block in flows. 1. By default, you can have three participants on a voice call (for example, two agents and a customer, or an agent, a customer, and an external party). You [enable this default three-party](enable-three-party-monitoring.md) capability by adding and configuring a **Set recording and analytics behavior** block to your flow. However, instead of adding the block, you can choose the following options to allow more participants on a voice or chat contact, provide your agents with an enhanced conferencing experience, and allow supervisors to barge in: + **Enable Multi-Party Calls and Enhanced Monitoring for Voice**. Choose this option to enable the barge capabilities. This feature is only available in CCPv2. For more information about this capability, see [Enable enhanced multi-party contact monitoring](monitor-conversations.md). + **Enable Multi-Party Chats and Enhanced Monitoring for Chat**. Choose this option to enable up to six participants on chats, and to barge chats. For a comparison of how the agents' experience differs between the default three-party and the enhanced multi-party capabilities, see [Comparison of multi-party and three-party functionality](three-party-multi-party-comparison.md). **Important** If you enabled chat barge-in before the release of multi-party chats in December 2024, you need to toggle this setting off and then on to enable multi-party chats. For more information, see [Barge into live voice and chat conversations between contact center agents and customers](monitor-barge.md). 1. Choose **Save**. ## Update data storage + In the navigation pane, choose **Data storage**. Choose the following: + **Call recordings**: Choose **Edit**, specify the bucket and KMS key for recordings of voice conversations, and then choose **Save**. When this bucket is created, call recording is enabled at the instance level. The next step for setting up this functionality is to [set up recording behavior in a flow](set-up-recordings.md). + **Chat transcripts**: Choose **Edit**, specify the bucket and KMS key for recordings (transcripts) of chat conversations, and then choose **Save**. When this bucket is created, chat transcripts are enabled at the instance level. Now all chat transcripts will be stored here. + **Live media streaming**: Choose **Edit** to enable live media streaming, choose **Edit**. For more information, see [Set up live media streaming of customer audio in Amazon Connect](customer-voice-streams.md). + **Exported reports**: Choose **Edit**, specify the bucket and KMS key for exported reports, and then choose **Save**. + **Attachments**: Choose **Edit**, then **Enable Attachments sharing** to enable file sharing for both agents and customers. For more information about this option and additional steps, see [Enable attachments in your CCP so customers and agents can share and upload files](enable-attachments.md). **Important** If you choose **Enable Attachments sharing** for your instance, you must configure a CORS policy on your attachments bucket. If you don't do this, the email channel will not work for your instance. For instructions, see [Step 5: Configure a CORS policy on your attachments bucket](enable-email1.md#config-email-attachments-cors1). + **Contact evaluations**: Choose **Edit**, specify the bucket and KMS key for performance evaluations, and then choose **Save**. When this bucket is created, evaluations are enabled at the instance level. The next step for setting up this feature is to [create an evaluation form](create-evaluation-forms.md). + **Screen recordings**: Choose **Edit**, specify the bucket and KMS key for recordings of agent screens, and then choose **Save**. When this bucket is created, screen recording is enabled at the instance level. The next step for setting up this functionality is to download and install the agent app, and then enable screen recording in the Set recording and analytics behavior block. For more information, see [Enable screen recording for your Amazon Connect instance](enable-sr.md). + **Email messages**: Choose **Edit**, specify the bucket and KMS key for email messages, and then choose **Save**. When this bucket is created, the email channel is enabled at the instance level. **Important** If you choose **Enable Attachments sharing** for your instance, you must configure a CORS policy on your attachments bucket. If you don't do this, the email channel will not work for your instance. For instructions, see [Step 5: Configure a CORS policy on your attachments bucket](enable-email1.md#config-email-attachments-cors1). ## Update data streaming options 1. In the navigation pane, choose **Data streaming**. 1. Choose **Enable data streaming**. For more information, see [Enable data streaming for your Amazon Connect instance](data-streaming.md). 1. For **Contact records**, do one of the following: + Choose **Kinesis Firehose** and select an existing delivery stream, or choose **Create a new Kinesis Firehose** to open the Kinesis Firehose console and create the delivery stream. + Choose **Kinesis Stream** and select an existing stream, or choose **Create a new Kinesis Firehose** to open the Kinesis console and create the stream. 1. For **Agent Events**, select an existing Kinesis stream or choose **Create a new Kinesis Stream** to open the Kinesis console and create the stream. 1. Choose **Save**. ## Update analytics tools options 1. In the navigation pane, choose **Analytics tools**. 1. Choose **Enable Contact Lens**. For more information, see [Analyze conversations using conversational analytics in Amazon Connect Contact Lens](analyze-conversations.md). 1. Choose **Save**. ## Update flow settings 1. In the navigation pane, choose **Flows**. 1. (Optional) To add a signing key for use in flows, choose **Add key**. For more information, see [Encrypt sensitive customer input in Amazon Connect](encrypt-data.md). 1. (Optional) To integrate with Amazon Lex, select a Lex bot. For more information, see [Create conversational AI bots in Amazon Connect](connect-conversational-ai-bots.md). 1. (Optional) To integrate with AWS Lambda, select a Lambda function. For more information, see [Grant Amazon Connect access to your AWS Lambda functions](connect-lambda-functions.md). 1. (Optional) To enable flow logs, choose **Enable flow logs**. For more information, see [Use flow logs to track events in Amazon Connect flows](about-contact-flow-logs.md). 1. (Optional) To use the best available voice from Amazon Polly, choose **Use the best available voice**. For more information, see [Amazon Polly best sounding voice](text-to-speech.md#amazon-polly-best-sounding-voice). 1. (Optional) Use the voices available in Amazon Polly. 1. (Optional) To enables logs of automated interactions using IVR and Lex bot transcripts and analytics as a part of your Contact details page and Connect analytics dashboards, you need to select **Enable Bot Analytics and Transcripts in Amazon Connect**. # Enable attachments in your CCP so customers and agents can share and upload files Enable attachments to share files You can allow customers and agents to share files using chat and email, and allow agents to upload files to cases. After you complete the steps in this topic, an attachment icon automatically appears in your agent's Contact Control Panel so they can share attachments on chats and emails. **Important** You must complete steps 1 and 2 in this topic (create an Amazon S3 bucket and configure a CORS policy) for email attachments. If you don't do this, yet have selected **Enable Attachments sharing** for your instance, the email channel will not work for your instance. For a list of supported file types, see [Amazon Connect feature specifications](feature-limits.md). If you are not using the hosted communications widget, you need to update your customer-facing chat interfaces to support attachment sharing. **Using a custom chat application?** Check out the APIs we've added to support attachment sharing: [StartAttachmentUpload](https://docs.aws.amazon.com/connect-participant/latest/APIReference/API_StartAttachmentUpload.html), [CompleteAttachmentUpload](https://docs.aws.amazon.com/connect-participant/latest/APIReference/API_CompleteAttachmentUpload.html), and [GetAttachment](https://docs.aws.amazon.com/connect-participant/latest/APIReference/API_GetAttachment.html). **Using a custom agent application?** Check out the attached file APIs: [StartAttachedFileUpload](https://docs.aws.amazon.com/connect/latest/APIReference/API_StartAttachedFileUpload.html), [CompleteAttachedFileUpload](https://docs.aws.amazon.com/connect/latest/APIReference/API_CompleteAttachedFileUpload.html), and [GetAttachedFile](https://docs.aws.amazon.com/connect/latest/APIReference/API_GetAttachedFile.html), [BatchGetAttachedFileMetadata](https://docs.aws.amazon.com/connect/latest/APIReference/API_BatchGetAttachedFileMetadata.html), and [DeleteAttachedFile](https://docs.aws.amazon.com/connect/latest/APIReference/API_DeleteAttachedFile.html). ## Step 1: Enable attachments Step 1: Enable attachments 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. On the instances page, choose the instance alias. The instance alias is also your **instance name**, which appears in your Amazon Connect URL. The following image shows the **Amazon Connect virtual contact center instances** page, with a box around the instance alias. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) 1. On the **Data storage** page, under the **Attachments**, choose **Edit**, select **Enable Attachments sharing**, and then choose **Save**. Storage options appear, similar to the following image. ![\[The attachment section.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/attachments-enable.png) 1. You can change the Amazon S3 bucket location where attachments are stored. By default, your existing Amazon Connect bucket is used, with a new prefix for attachments. **Note** Currently, Amazon Connect doesn’t support S3 buckets with [Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) enabled. The attachments feature leverages two Amazon S3 locations: a staging location and a final location. Note the following about the staging location: + The staging location is used as part of a business validation flow. Amazon Connect uses it to validate the file size and type before it is available for download by using the `GetAttachedFile` or `GetAttachment` APIs. + The staging prefix is created by Amazon Connect based on the bucket path you have selected. Specifically, it includes the S3 prefix for where you are saving files, with **staging** appended to it. + We recommend that you change the data retention policy for the staging prefix to one day. This way you won't be charged for storing the staging files. For instructions, see [How do I create a lifecycle rule for an S3 bucket?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-lifecycle.html) in the *Amazon S3 User Guide*. **Warning** Only change the lifecycle for the **file staging location**. If you accidentally change the lifecycle for the entire Amazon S3 bucket, all transcripts and attachments will be deleted. S3 objects are **permanently deleted** if S3 bucket versioning is not enabled. ## Step 2: Configure a CORS policy on your attachments bucket Step 2: Configure a CORS policy To allow customers and agents to upload and download files, update your cross-origin resource sharing (CORS) policy to allow `PUT` and `GET` requests for the Amazon S3 bucket you are using for attachments. This is more secure than enabling public read/write on your Amazon S3 bucket, which we don't recommend. **To configure CORS on the attachments bucket** 1. Find the name of the Amazon S3 bucket for storing attachments: 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. In the Amazon Connect console, choose **Data storage**, and locate the Amazon S3 bucket name. 1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/). 1. In the Amazon S3 console, select your Amazon S3 bucket. 1. Choose the **Permissions** tab, and then scroll down to the **Cross-origin resource sharing (CORS)** section. 1. Add a CORS policy that has one of the following rules on your attachments bucket. For example CORS policies, see [Cross-origin resource sharing: Use-case scenarios](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html#example-scenarios-cors) in the *Amazon S3 Developer Guide*. + Option 1: List the endpoints from where attachments will be sent and received, such as the name of your business web site. This rule allows cross-origin PUT and GET requests from your website (for example, http://www.example1.com). Your CORS policy may look similar to the following example: ``` [ { "AllowedMethods": [ "PUT", "GET" ], "AllowedOrigins": [ "http://www.example1.com", "http://www.example2.com" ], "AllowedHeaders": [ "*" ] } ] ``` + Option 2: Add the `*` wildcard to `AllowedOrigin`. This rule allows cross-origin PUT and GET requests from all origins, so you don't have to list your endpoints. Your CORS policy may look similar to the following example: ``` [ { "AllowedMethods": [ "PUT", "GET" ], "AllowedOrigins": [ "*" ], "AllowedHeaders": [ "*" ] } ] ``` ## Step 3 (Optional): Integrate with the APIs to enhance your custom UIs Step 3 (Optional): Integrate with the APIs to enhance your custom UIs If you are skipping the out-of-the-box Chat UI or Agent workspace, you can use the Amazon Connect Participant attachments APIs, or Amazon Connect attached files APIs to build your own UIs and provide attachments support for Cases and Chats. For the general steps in working with both sets of APIs, see [Working with attachments](https://docs.aws.amazon.com/connect/latest/APIReference/working-with-acps-api). ## Next step Next step We recommend enabling attachment scanning to meet compliance requirements or security policies that your organization may have in place for file sharing. For more information, see [Set up attachment scanning in Amazon Connect](setup-attachment-scanning.md). ## Attachments not appearing? Attachments not appearing? If your agents report problems receiving and sending attachments in chat messages, see [Internal firewall or missing CORS policy prevents access to chat, email, or case attachments](ts-agent-attachments.md). # Set up attachment scanning in Amazon Connect Set up attachment scanning **Note** This topic is for developers who are familiar with Lambda. If you're new to Lambda, see [Getting started with Lambda](https://docs.aws.amazon.com/lambda/latest/dg/getting-started.html) in the AWS *Lambda Developer's Guide*. You can configure Amazon Connect to scan attachments that are sent in email, during a chat, or uploaded to a case. You can scan attachments by using your preferred scanning application. For example, you can scan attachments for malware before they are approved to be shared between participants of a chat. To enable attachment scanning you perform two steps: + [Configure a Lambda function that calls your preferred scanning application](#lambda-scanning). + [Add the scanner to your Amazon Connect instance](#add-attachment-scanner). ## Step 1: Create a Lambda function that handles scanning Step 1: Create a Lambda function that handles scanning Create a Lambda function, using any runtime, and configure it. This function must be in the same AWS Region and account as your Amazon Connect instance. For every attachment uploaded through Amazon Connect a request is sent with information about the attachment. Following is an example JSON request for scanning: ``` { "Version": "1.0", "InstanceId": "your instance ID", "File": { "FileId": "your file ID", "FileCreationTime": 1689291663582, "FileName": "example.txt", "FileSizeInBytes": 10, "FileLocation": { "S3Location": { "Key": "connect/your-instance/Attachments/chat/2023/07/13/your file ID_20230713T23:41_UTC.txt", "Bucket": "connect-example", "Arn": "arn:aws:s3:::connect-example/connect/your-instance/Attachments/chat/2023/07/13/your file ID_20230713T23:41_UTC.txt" } } } } ``` ### Required response ``` { "Status": "APPROVED" | "REJECTED" } ``` ### Invocation retry policy If your Lambda invocation gets throttled, the request is retried. It is also retried if a general service failure (500 error) happens. When a synchronous invocation returns an error, Amazon Connect retries up to 3 times, for a maximum of 60 seconds. At that point, the attachment is marked rejected. For more information about how Lambda retries, see [Error handling and automatic retries in AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/invocation-retries.html). ### Rejection behavior Amazon Connect marks the attachment `REJECTED` and automatically deletes attachment files in S3 from both staging and final locations when one of the following occurs: + Your Lambda scanner returns a status of `REJECTED`. + Amazon Connect is unable to parse the response from the Lambda scanner. + Amazon Connect is unable to invoke the Lambda function. ## Step 2: Add an attachment scanner to your Amazon Connect instance Step 2: Add an attachment scanner to your Amazon Connect instance After you create a Lambda for attachment scanning, you need to add the Lambda to your Amazon Connect instance. Perform the following steps to add the Lambda. 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. On the instances page, choose the instance alias. The instance alias is also your **instance name**, which appears in your Amazon Connect URL. The following image shows the **Amazon Connect virtual contact center instances** page, with a box around the instance alias. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) 1. In the navigation pane, choose **Data storage**. 1. On the **Data storage** page, in the **Attachments** section, choose **Edit**, and then select **Enable attachments scanning**, as shown in the following image. ![\[The attachments page, the enable attachments scanning option.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/scanner.png) 1. Use the **Lambda Functions** drop-down box to select the Lambda function that you added in [Step 1: Create a Lambda function that handles scanning](#lambda-scanning). 1. Choose **Save**. Attachment scanning is now enabled for your Amazon Connect instance. # Enable data streaming for your Amazon Connect instance Enable data streaming You can export contact records and agent events from Amazon Connect and perform real-time analysis on contacts. Data streaming sends data to Amazon Kinesis. **To enable data streaming for your instance** 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. On the instances page, choose the instance alias. The instance alias is also your **instance name**, which appears in your Amazon Connect URL. The following image shows the **Amazon Connect virtual contact center instances** page, with a box around the instance alias. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) 1. In the navigation pane, choose **Data streaming**. 1. Choose **Enable data streaming**. 1. For **Contact records**, do one of the following: + Choose **Kinesis Firehose** and select an existing delivery stream, or choose **Create a new Kinesis firehose** to open the Kinesis Firehose console and create the delivery stream. For more information, see [Creating an Amazon Data Firehose Delivery Stream](https://docs.aws.amazon.com/firehose/latest/dev/basic-create.html). + Choose **Kinesis Stream** and select an existing stream, or choose **Create a Kinesis stream** to open the Kinesis console and create the stream. For more information, see [Creating and Managing Streams](https://docs.aws.amazon.com/streams/latest/dev/working-with-streams.html). 1. For **Agent Events**, select an existing Kinesis stream or choose **Create a new Kinesis stream** to open the Kinesis console and create the stream. 1. Choose **Save**. ## Use server-side encryption for the Kinesis stream Amazon Connect supports streaming to Amazon Kinesis Data Streams and Firehose streams that have server-side encryption with a [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt) enabled. For a general overview of this feature, see [What Is Server-Side Encryption for Kinesis Data Streams?](https://docs.aws.amazon.com/streams/latest/dev/what-is-sse.html) To stream to Kinesis Data Streams, you need to grant your Amazon Connect instance permission to use a customer managed key. For details on the permissions needed for KMS keys, see [Permissions to Use User-Generated KMS Master Keys](https://docs.aws.amazon.com/streams/latest/dev/permissions-user-key-KMS.html). (Amazon Connect acts as the Kinesis stream producer that is described in that topic.) When Amazon Connect puts records into your Kinesis Data Streams, it uses the service-linked role of the instance for authorization. This role needs permission to use the KMS key that encrypts the data stream. To assign permissions to the role, perform the following steps to update the [key policy ](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) of that KMS key. **Note** To avoid missing data, update the permission of the KMS key before using a KMS key with Amazon Connect streaming. ### Step 1: Obtain the ARN for the service-linked role of your Amazon Connect instance You can use the Amazon Connect console or the AWS CLI to obtain the ARN. **Use the Amazon Connect console to obtain the ARN** 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. On the instances page, choose the instance name, as shown in the following image. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) 1. On the **Account overview** page, in the **Distribution settings** section, the service-linked role is displayed. ![\[The account overview page, the service-linked role ARN.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/service-linked-role.png) 1. Choose the copy icon to copy the role ARN to your clipboard, and save that ARN. You're going to use it in [Step 2: Construct a policy statement](#step2-sse). **Use the AWS CLI to obtain the ARN** 1. Run the following command: `aws connect describe-instance --instance-id your_instance_id` 1. Save the ServiceRole value from the CLI output. ### Step 2: Construct a policy statement Construct a policy statement that gives permission to the ARN of the Amazon Connect service-link role to generate data keys. The following code shows a sample policy. ``` { "Sid": "Allow use of the key for Amazon Connect streaming", "Effect": "Allow", "Principal": { "AWS": "the ARN of the Amazon Connect service-linked role" }, "Action": "kms:GenerateDataKey", "Resource": "*" } ``` Add this statement to the KMS key policy by using your preferred mechanism, such as the AWS Key Management Service console, the AWS CLI, or the AWS CDK. # Emergency login to the Amazon Connect admin website As a best practice, users assigned to the Amazon Connect **Admin** security profile should always use their Amazon Connect instance URL to login: + Log in to the Amazon Connect admin website at https://*instance name*.my.connect.aws/. This method ensures the appropriate levels security. However, if there's an emergency, you can log in from the Amazon Connect console using your AWS account credentials. For example, you may need to login in this way in the following situations: + You forgot your Amazon Connect administrator password and no other Amazon Connect administrators are around to reset it. + Someone deleted the Amazon Connect **Admin** security profile by mistake. **To login for emergency access** 1. Make sure you have your AWS account credentials at hand and that you have the [required permissions](security-iam-amazon-connect-permissions.md#federations). 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. If prompted to login, enter your AWS account credentials. 1. Choose the name of the instance from the **Instance alias** column. ![\[The Amazon Connect virtual contact center instances page, the instance alias.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance.png) 1. In the navigation pane, choose **Overview**. 1. Choose **Log in for emergency access**. You aren't prompted for your credentials because you are federated in from the AWS console. **Important** For daily usage, we strongly recommend always using your instance URL to login. The procedure provided in this article should only be used for emergency access when using the instance URL is not an option. **To log out** To log out of your instance, go to the title bar at the top of the screen and select the icon with the arrow (**Log out**) that appears next to your user name. # Delete your Amazon Connect instance Delete your instance If you no longer need your Amazon Connect instance, you can delete it. Here's what happens when you delete it: + Its claimed phone number is released back to inventory. + When customers call the phone number that you've released, they'll get a message that it's not a working phone number. ## Important things to know Important things to know + You can't restore a deleted Amazon Connect instance or access its settings, data, metrics, and reports. + Due to GDPR compliance, scheduling data is retained for 30 days and you are be billed for usage during this time. For information about GDPR compliance and Amazon Connect forecasting, capacity planning, and scheduling, see this [FAQ](https://aws.amazon.com/connect/optimization/#topic-0). + If you have [enabled Amazon Connect flow logging](contact-flow-logs.md), you need to delete the CloudWatch log groups manually if they are no longer needed. You can do this by using the CloudWatch console. For programmatic instructions, see [Use DeleteLogGroup with an AWS SDK or CLI](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_DeleteLogGroup_section.html). ## Delete your instance You must have the appropriate AWS permissions to delete an Amazon Connect. If your organization is using IAM, see [Required permissions for using custom IAM policies to manage access to the Amazon Connect console](security-iam-amazon-connect-permissions.md). 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. Select the radio button for the instance. 1. Choose **Delete**. If you don't see the **Delete** button, you don't have permissions to delete instances. Contact your AWS administrator for help. ![\[The Amazon Connect virtual contact center instances page, the delete button.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/instance-delete.png) 1. When prompted, enter the name of the instance and then choose **Delete**. ## Error message: "Region Unsupported. Amazon Connect is not available in [Region]" Error message: Region Unsupported If you get this error message, it means that you selected a Region in the AWS Management Console that is not the Region in which you created the Amazon Connect instance, and Amazon Connect isn't available in that Region. **To switch Regions and delete your Amazon Connect instance** 1. From the navigation bar, open the Region selector. Select the Region in which you created the Amazon Connect instance. ![\[The list of Regions in the Region selector.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/aws-management-console-region.png) 1. From the navigation bar, choose **Amazon Connect** from the list of services to open the Amazon Connect console. If you don't see the instance, keep selecting from the supported Regions until you find your instance. 1. Select the radio button for the instance. 1. Choose **Delete**. If you don't see the **Delete** button, you don't have permissions to delete instances. Contact your AWS administrator for help. 1. When prompted, enter the name of the instance and then choose **Delete**. # Tagging an Amazon Connect instance Tagging an instance Instance Tagging provides the ability for you to tag Amazon Connect instances and build tailored authorization through tag-based access control (TBAC). To help you manage your Amazon Connect instances, you can assign your own metadata in the form of tags to the instance. If you have multiple Amazon Connect instances in a single AWS account, each serving different functions or catering to specific lines of business, using tags can help you better organize and apply tag-based access control (TBAC) policies to these instances for improved management and control. [AWS Tags](tagging.md) serve as a useful tool for organizing your AWS resources. They consist of key-value pairs that help you categorize resources based on criteria like purpose, owner, or environment. This enables you to identify and manage your resources. Amazon Connect, allows you to add tags to your instances directly from the AWS console, or by utilizing public APIs. ## Tagging Amazon Connect instances at creation Tagging Amazon Connect instances at creation 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. Choose **Add an instance**. ![\[Add an instance that you would like to tag.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-instance-at-creation-1.png) 1. Under **Set identity**, select the type of **Identity management** that you would like to use, enter a customer **Access URL**, and choose **Next**. ![\[Set identity management options and enter a customer access URL.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-instance-at-creation-2.png) 1. Under the **Add administrator** section, you can choose the **Add new tag** option if you would like to add tags to your instance. ![\[You can chose to add tags on this step of instance creation.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-instance-at-creation-3.png) 1. Enter a `Key` and `Value` pair and choose **Next**. 1. Once you have made your desired configurations under the **Set telephony** and **Data storage** steps, review your configurations and choose **Create instance**. ![\[Create you instance after reviewing your desired configurations.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-instance-at-creation-4.png) 1. Once the instance has been created, navigate to the **Account overview** page of the instance and the tags that you added will appear in the **Tags** section. ![\[The characters after the last /.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-instance-at-creation-5.png) ## Tagging an existing Amazon Connect instance Tagging an existing Amazon Connect instance 1. Open the Amazon Connect console at [https://console.aws.amazon.com/connect/](https://console.aws.amazon.com/connect/). 1. Select an existing instance that you would like to add tags too. ![\[Select an instance that you would like to tag.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-existing-instance-1.png) 1. On the **Account overview**, choose **Add new tag**. ![\[Choose the add tag button.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-existing-instance-2.png) 1. Enter a `Key` and `Value` pair and choose **Next**. You can add up to 50 tags on a single instance. ![\[Add key and value pairs for your tags.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-existing-instance-3.png) 1. Choose **Save** to add your tags to your instance. ![\[Choose save to add your tags to your instance.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/tag-existing-instance-4.png) ## Tagging an Amazon Connect instance using the API Tagging an Amazon Connect instance using the API To tag Amazon Connect instances using the public APIs, see [TagResource](https://docs.aws.amazon.com/connect/latest/APIReference/API_TagResource.html) and [UntagResource](https://docs.aws.amazon.com/connect/latest/APIReference/API_UntagResource.html). ## Sample IAM policies for scenarios with and without instance tags Sample IAM policies for scenarios with and without instance tags For TBAC on instances, you can define IAM policies based on instance tags and assign them to IAM roles to control access to specific instances. The following are sample scenarios and sample IAM policies for how to use conditions on tags or conditions on resource IDs. **Scenario 1**: Controlling access to a specific Amazon Connect instance through an IAM role using tags associated with the instance. The following policy allows access only to instances which are tagged with key:`Environment` and value:`Dev`. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "connect:*", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/Environment": "Dev" } } } ] } ``` ------ **Scenario 2**: Controlling access to a specific instance and all resources within the instance without using tags. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "connect:*", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "connect:InstanceId": [ "AllowedInstanceID-1", "AllowedInstanceID-2" ] } } }, { "Sid": "VisualEditor1", "Effect": "Deny", "Action": "connect:*", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "connect:InstanceId": "DeniedInstanceID-1" } } } ] } ``` ------ ## Additional information about instance tagging Additional information about instance tagging **Replicating instances:** When you create a [replica of your existing Amazon Connect instance](create-replica-connect-instance.md) to another region using the [ReplicateInstance](https://docs.aws.amazon.com/connect/latest/APIReference/API_ReplicateInstance.html) API, tags from the source instance will not be automatically tagged to the newly replicated instance. You will have to tag the replicated instance manually. **Tag inheritance:** When you tag an Amazon Connect instance, all underlying resources in Amazon Connect, such as routing profiles, queues, will not inherit the instance tags. To learn how to control granular access to specific resources in Amazon Connect, see how to configure more granular access by using [ tag-based access control](tag-based-access-control.md). # Set up granular billing for a detailed view of your Amazon Connect usage Set up granular billing By default bills for Amazon Connect channels (voice calls, chat, tasks, and emails) are summarized at the AWS account level by usage type. For example: + Voice calls - by outbound (telephony) / inbound (telephony) / service minutes + Chat – by messages + Task - by units + Email - by messages To obtain a more detailed view of your bill and usage, you can add cost allocation tags (key:value pairs) to contacts, and then use the tags to aggregate and analyze the data in the AWS Billing and Cost Management console. + Amazon Connect automatically adds the following system-defined tags to each contact: + **aws:connect:instanceId**: This represents the ID of the Amazon Connectinstance. If you have multiple instances under multiple AWS accounts for each line-of-business, you can view usage bills aggregated against different instances. + (**aws:connect:systemEndpoint**): This represents the your contact center number (the endpoint) that the customer reaches (inbound) or is reached from (outbound). This AWS generated tag helps if you have multiple phone numbers used within your contact center. It enables you to group the costs associated against different phone numbers. For example, group inbound phone numbers for incoming calls, and group outbound numbers that are used for making outbound calls. + **aws:connect:transferredFromEndpoint**: This represents the outbound caller ID that the call was transferred from. You can see the third-party transfer call's usage bills aggregated against the telephone numbers that the calls were transferred from. Currently, this AWS generated tag is only added to contacts for third-party external transfer calls. + You can add up to 6 user-defined tags. For example, department, cost center, or business unit. Use these tags to organize your AWS bill to reflect your own cost structure. The following image shows two user-defined tags on the **Contact details** page: CostCenter and Department. It also shows two system-defined tags: instance ID and the contact center phone number (aws:connect:systemEndpoint). ![\[Contact tags on a Contact details page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-contactdetails.png) This topic explains how to add tags to contacts, activate the cost allocation tags, and view them in the AWS Billing dashboard. **Topics** + [Things to know about user-defined tags](#about-user-defined-tags) + [Step 1: Add user-defined tags to contacts](#step1-tagcontacts) + [Step 2: Activate cost allocation tags](#step2-activate-tags) + [Step 3: View cost and usage trends using cost allocation tags](#step3-view-billingapp) + [(Optional) Step 4: Enable Cost and Usage reports in the AWS Billing and Cost Management console](#step4-cost-and-usage-reports) + [More reporting options](#step5-contactlevel-cost-and-usage-reports) ## Things to know about user-defined tags Things to know about user-defined tags + Amazon Connect automatically applies user-defined tags to new contact segments for scenarios like transfers or contact re-hydration (for example, persistent chat, and tasks related to contacts). + Use the [DescribeContact](https://docs.aws.amazon.com/connect/latest/APIReference/API_DescribeContact.html) API to list the tags on a contact. + You can remove and/or overwrite the tags by using the [Contact tags](contact-tags-block.md) block or the [TagContact](https://docs.aws.amazon.com/connect/latest/APIReference/API_TagContact.html) and [UntagContact](https://docs.aws.amazon.com/connect/latest/APIReference/API_UntagContact.html)APIs. + By using the [TagContact](https://docs.aws.amazon.com/connect/latest/APIReference/API_TagContact.html) and [UntagContact](https://docs.aws.amazon.com/connect/latest/APIReference/API_UntagContact.html) APIs, you can update user-defined tags for a contact up to 3 hours after the contact was disconnected. However, any future updates on the contact tags are not reflected in the billing system. For example, you make a change to the value of a tag within 3 hours after the contact was disconnected. The AWS Billing console will show the old value of the tag, but the S3 bucket and contact record have the new value. + After you add tags to Amazon Connect, they are available across all contact interfaces: contact records, contact events, and the **Contact details** page. You can also access them by using the `$.Tags` JSONPath Reference, and by using [Amazon Connect Streams](https://github.com/aws/amazon-connect-streams). + You cannot use tags as filters on the **Contact search** page. In addition, they cannot be included in any of the analytics or reporting pages. + Contact tags only function as cost allocations tags. You cannot use them for tag-based access controls on contacts. + Tags are available in the Amazon Connect data lake [Contact record table](data-type-definitions.md#data-lake-contacts-record) under tags\$1references\$1items. ## Step 1: Add user-defined tags to contacts Step 1: Add user-defined tags to contacts To add user-defined tags like Department and Cost Center to contacts, you have two options: + Use the [TagContact](https://docs.aws.amazon.com/connect/latest/APIReference/API_TagContact.html) API. + Add a [Contact tags](contact-tags-block.md) block to your flow. The following image shows an example of a **Properties** page of a **Contact tags** block that is configured with a tag named **Department**. Its value is set manually to **Finance**. ![\[The properties page of a Contact tags block.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-contacttags-properties.png) **Important** Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use contact tags to provide you with billing services. Tags are not intended to be used for private or sensitive data. ## Step 2: Activate cost allocation tags in the AWS Billing console Step 2: Activate cost allocation tags **Tip** It takes up to 24 hours for the tags to activate. To enable AWS billing applications to organize your billing information according to resources with the same tag key values (either for system-defined and user-defined contact tags), you must activate the tags. Perform the following steps. 1. Open the AWS Billing and Cost Management console at [https://console.aws.amazon.com/costmanagement/](https://console.aws.amazon.com/costmanagement/). 1. In the left navigation menu, choose **Cost Allocation Tags**. 1. Select the system-defined and user-defined tags, and then choose **Activate**. It can take up to 24 hours for tags to activate. The following image shows an example tag on the **Cost allocation tags** page. ![\[Contact tags on the cost allocation tags page.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-costallocationtags.png) ## Step 3: View cost and usage trends using cost allocation tags Step 3: View cost and usage trends using cost allocation tags You can view the month-over-month trends at the granular level by using cost allocation tags. 1. Open the AWS Billing and Cost Management console at [https://console.aws.amazon.com/costmanagement/](https://console.aws.amazon.com/costmanagement/). 1. In the left navigation, choose **AWS Cost Explorer**. 1. On the **Cost Explorer** page, choose **Tags**, and then select the tags you want to view, for example, department or inbound telephone number. The following image of AWS Cost Explorer shows a sample report where **department** is a filtered cost allocation tag. ![\[The AWS Cost Explorer, Amazon Connect cost and usage trends.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-awscostmanagement.png) If you use the AWS account level bill summary to view the service level cost breakdown in the AWS Billing dashboard, you won't see any changes on the dashboard after implementing contact tags. The following image shows an example AWS Billing dashboard. ![\[The AWS billing dashboard, a sample Amazon Connect bill.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-billingdashboard.png) For more information about using AWS Cost Explorer, see [Analyzing your costs with AWS Cost Explorer](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html) in the *AWS Cost Management User Guide*. ## (Optional) Step 4: Enable Cost and Usage reports in the AWS Billing and Cost Management console (Optional) Step 4: Enable Cost and Usage reports in the AWS Billing and Cost Management console You can enable AWS Cost and Usage reports on the AWS Billing and Cost Management console, and configure your S3 bucket to export data to along with time granularity for reports (hourly, daily, monthly). After you set this up, you will receive reports with tags in additional columns. By default reports are aggregated by usage-type and tags. For instructions, see [Creating Cost and Usage Reports](https://docs.aws.amazon.com/cur/latest/userguide/creating-cur.html) in the *AWS Data Exports User Guide*. The following image shows what a Cost and Usage report looks like with columns for system and user-defined tags. ![\[An Amazon Connect cost and usage report with tags.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-after-cur.png) The following image shows what a cost and usage report looks likes without system or user-defined tags. ![\[An Amazon Connect cost and usage report without granular billing.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-before-cur.png) ## More reporting options More reporting options Another option is to view usage data for each contact. You can enable contact resource IDs to appear on your cost and usage reports in the AWS Billing and Cost Management console. After choosing this option, you will receive detailed reports in your S3 buckets, and the data will be categorized by each contact resource ID. You can use the reports for analysis by third-party applications. **Note** Including resource IDs creates individual line items for each of your resources. This might increase the size of your Cost and Usage Reports files significantly, based on your AWS usage. The following image shows where you enable **Include resource IDs** on the AWS Billing console. ![\[The AWS Billing console.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-contactlevel-usagedata.png) The following image shows a sample cost and usage report when **Include resource IDs** is enabled. ![\[A sample cost and usage report with resource IDs.\]](http://docs.aws.amazon.com/connect/latest/adminguide/images/granularbilling-includeresourceids.png) For instructions for this option, see [Creating Cost and Usage Reports](https://docs.aws.amazon.com/cur/latest/userguide/cur-create.html) in the *AWS Data Exports User Guide*.