AWS Contact Center

Best practices: Managing call recordings in Amazon Connect

Providing excellent customer service is crucial to the success of any business in today’s highly competitive world. Contact centers are often one of the main points of interaction with customers, and call recordings are a valuable tool to help a business deliver the best customer experience possible. Providing a rich source of insightful information, they can serve multiple purposes including:

  • Quality assurance: Call recordings offer a reliable method of gauging the effectiveness of an agent’s customer service. They can be utilized to evaluate factors such as an agent’s performance, alignment with company standards, and customer satisfaction.
  • Training: Call recordings offer a valuable training resource for new agents to familiarize themselves with different scenarios, as well as for existing agents to self-evaluate their performance, and for managers to construct targeted training programs.
  • Insights: Call recordings provide valuable insights into customer behavior and sentiment, allowing businesses to gather customer feedback and reviews, identify recurring themes, and assess the impact of marketing initiatives.
  • Compliance: Call recordings can assist contact centers in meeting regulatory requirements by providing a record of customer interactions and ensuring adherence to company policies and procedures.

Despite their numerous advantages, call recordings can also present a range of management challenges. With the continual growth of call recordings produced by contact centers, the accumulated volume of data can become difficult to manage in a cost-effective manner. Moreover, several industries are subject to stringent regulations regarding the storage and preservation of call recordings. This can pose a substantial challenge, especially for companies that are obligated to store call recordings for extended durations. In addition, it is essential for companies to ensure the security and protection of call recordings and the sensitive information they hold.

Amazon Connect provides a fully managed native call recording feature that enables customers to record and securely store conversations between their agents and customers with minimal configuration and operational effort. This post will explore a set of additional best practices that can be applied to call recordings within Amazon Connect to address the common challenges previously mentioned including cost optimization, security, and data strategies. Topics covered include:

  1. Protecting call recordings from accidental or malicious deletes.
  2. Understanding and management of the call recording lifecycle, and cost optimization approaches.
  3. Auditing call recording access.

1. Protecting call recordings from accidental and malicious deletes

Call recordings are natively stored in Amazon S3, and provide 99.99999999999% (11 x 9s) of data durability. In addition to the high durability provided, it is a best practice for companies to have a defined approach, and safeguards in place to protect these call recordings from potential malicious or accidental deletions and overwrites. Various approaches can be used including:

  • IAM and bucket policy. Ensure any bucket and/or user policies that are applied to the call recording bucket adhere to the least-privilege permissions model. Undertake regular reviews of any existing policies, and remove any that are no longer required. Customers can use IAM’s last accessed information to assist during these reviews.
  • Amazon Connect user permissions. Ensure configured users within an Amazon Connect instance have been provided with the appropriate permissions for their role and responsibility. It is best practices to scope down permissions to only what is required.
  • Backup. Taking a traditional backup of call recordings, and storing these in accordance with your retention requirements. AWS Backup for Amazon S3, a fully-managed service that makes it easy to centralize and automate data protections across AWS Services can be leveraged to simplify this practice.
  • Amazon Connect S3 Object Lock for call recordings. In busy contact centers, call recordings can quickly accumulate. A conventional backup method of creating and storing extra copies of the data will lead to increased storage costs that may become cost prohibitive at large scale. Combing Amazon S3 Object Lock with the call recording bucket can provide an alternative, cost-efficient approach to safeguard call recordings from accidental or malicious deletions for a specified amount of time, or indefinitely by utilizing Write-Once-Read-Many (WORM) storage. Moreover, there are no additional costs associated with using Object Lock. For further details refer to the Amazon S3 User Guide, and the Amazon Connect Administrator Guide.

2. Understanding and management of the call recording lifecycle

Typically, within a call center environment, a call recording is most frequently accessed in the initial stages of its lifecycle, shortly after it has been recorded as part of quality assurance, agent evaluation, and training and development. As call recordings age they are less frequently accessed, with a smaller subset of recordings being accessed to support specific long running customer inquiries, internal investigations, and for compliance and audit purposes.

Understanding how call recordings are typically accessed, and how this access changes through the life of a call recording can provide a significant cost optimization opportunity. By default, call recordings are stored in a highly available and durable storage class primarily designed for frequently accessed data. Moving older, less frequently accessed call recordings to lower cost, archive storage classes can help significantly reduce storage costs while still maintaining the same high levels of data durability, availability and access times.

The Amazon S3 Lifecycle policy provides an automated mechanism to move call recordings to alternative storage classes based on the age of each individual call recording. For example, customers can move call recordings over a predetermined age to Amazon S3 Glacier Instant Retrieval, an instant access low-cost archive storage class. It should be noted Glacier Instant Retrieval charges for retrieval requests, however this is typically outweighed by the significant storage cost savings. Customers with different access patterns can follow a similar approach by adjusting the storage class used to meet their requirements.

3. Logging and auditing access to call recordings

To ensure the highest level of security and monitoring, it is important to implement a comprehensive logging and auditing approach for call recording access. This not only helps to detect and prevent unauthorized access, but also provides a clear and verifiable record of who accessed a recording, the date and time of access, and the location from where it was accessed. This information can be used in compliance audits as well as assisting in case of any security investigation.

By using either of the following approaches, customers can easily log, audit, and gain insights into all access within the call recording bucket:

  • Logging Amazon S3 API calls using AWS CloudTrail. AWS CloudTrail is a service that provides a record of actions taken by users, roles, or an AWS service. CloudTrail logs include details about the API calls made such as when a user retrieves a call recording for playback. Using Amazon Athena, a serverless interactive query service, customers can quickly analyze and gain valuable insights from these logs using standard SQL. The Athena User Guide provides step-by-step instructions on how to quickly get started.
  • Logging requests using server access logging. Amazon S3 server access logging can provide detailed records of requests made to the call recording bucket. Amazon Athena can again be used to analyze the logs using standard SQL. The following knowledge article provides a step-by-step guide with sample queries to get up and running quickly.

The following resource provides information on the above logging options, and highlights the differences between them to help in determining the optimal approach to take. It is possible to combine both, depending on the requirements.


In this blog, a set of best practices for managing call recordings in Amazon Connect have been explored. First different approaches to protecting call recordings from accidental and malicious deletes were reviewed, including access permissions, backups, and object lock. Following this, the call recording lifecycle was examined, and how leveraging alternative storage classes can be used to optimize on cost. Finally, two straightforward methods for logging and auditing access to call recordings have been detailed, including the use of AWS CloudTrail, S3 Server Access Logging, and how Amazon Athena can be employed to quickly analyze and gain valuable insights from these.

Next steps

If you are interested in learning more about additional call recording optimizations, we encourage you to review the following blog post, Serverless architecture for optimizing Amazon Connect call-recording archival costs and the associated code repository.

If you have any questions or need guidance on any of the topics covered here, we are here to help. You can reach us via the AWS Support Center. For AWS customers that have Enterprise Support, make sure to engage your TAM to help with any support-related items and to help escalate any urgent issues.

Join us for AWS Contact Center Day, a free virtual event where you’ll learn about the future of customer service, how machine learning can optimize customer and agent experiences—and more. Register now »