This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.
AWS Direct Connect for Amazon Connect
Publication date: November 2, 2022 (Document revisions)
Abstract
Many contact centers and security architects want to use Amazon Connect in conjunction with AWS Direct Connect. This whitepaper outlines best practices, architecture considerations, and technical requirements for using these services together.
Are you Well-Architected?
      The
      AWS       Well-Architected Framework
      For more expert guidance and best practices for your cloud
      architecture—reference architecture deployments, diagrams, and
      whitepapers—refer to the
      AWS       Architecture Center
Introduction
      Amazon
        Connect
However, there are edge cases that might dictate private connectivity between the contact center and your AWS Cloud. Common scenarios that elicit this requirement include:
- 
        Public sector and regulated industries with elevated encryption requirements. 
- 
        Customers with a history of poor internet service that require service levels with providers to improve network conditions. 
- 
        Customers whose security protocols require minimization of traffic exposure to a public wide area network (WAN). 
- 
        Customers with requirements for resiliency over public and private links. 
Public sector and regulated industries with elevated encryption requirements
        Amazon Connect uses Transport Layer Security (TLS) to encrypt
        signaling and messaging traffic and Secure Real-time Transport
        Protocol (SRTP) to encrypt voice traffic, to ensure that traffic
        is protected from interception and snooping. There are times
        when organizations require additional hardening to prevent the
        possibility of
        man-in-the-middle
          attacks
Customers with a history of poor internet service that require service levels with providers to improve network conditions
While software as a service (SaaS) adoption over public internet is both widely used and reliable, there are circumstances where contact centers may require the service level guarantees on throughput and latency that private links can provide. For these use cases, AWS Direct Connect lets you route traffic across dedicated links to the AWS Cloud.
Customers whose security protocols require minimization of traffic exposure to public WAN
Similar to the previous use cases, customers may have security policies in place to prevent business-critical information from traversing public internet. These customers can use dedicated links to avoid routing through the public internet.
Note that even though data is routed with public addresses, the public addresses are advertised through the Direct Connect service. Because of this, a more specific route is available at the customer's router, which prioritizes this private routing of data over the Direct Connect service. Once the traffic reaches the AWS edge routers in the Region, a network address translation takes place to reach the internal service.
Customers with requirements for resiliency over public and private links
        In some cases, meeting business-defined uptime requirements may
        require redundant or resilient connectivity links. There are
        cases when multiple internet service providers (ISPs) are
        unavailable at specific locations, or additional ISPs may ride
        the same fiber links as the incumbent ISP. With AWS Direct Connect, customers can use a Site-to-Site VPN over private
        connections as well as public connections independently, to
        allow for maximum resilience to ISP or private networks. For
        more information about Transit Gateway peering and multicast,
        refer to
        AWS         Transit Gateway features