AWS Contact Center

How to analyze Amazon Connect Voice ID metrics using Amazon CloudWatch

Join us for AWS Contact Center Day, a free virtual event where you’ll learn about the future of customer service, how machine learning can optimize customer and agent experiences—and more. Register now »

Today, contact centers adopting Amazon Connect Voice ID are seeking insights from aggregated metrics such as number of successful enrollments and authentications over specific time periods. These metrics provide visibility for contact center managers to understand how Voice ID is utilized in the Amazon Connect contact center. For example, a contact center manager might want to know how many callers were enrolled into Voice ID on a given day or evaluate how many fraud risks were flagged.

Amazon Connect Voice ID generates events for every Voice ID transaction: enrollment, authentication, or detection of fraudsters in a fraud watchlist. Events are sent to the Amazon EventBridge default event bus, allowing you to take actions based on the events received. By ingesting these events into Amazon CloudWatch, you can build powerful machine intelligence capabilities, such as CloudWatch anomaly detection, to give your contact center managers and fraud teams a live view of Voice ID performance.

In this blog post, you will learn how to capture Amazon Voice ID events and build a centralized event-driven monitoring solution to view aggregated metrics using Amazon EventBridge and Amazon CloudWatch. We will also provide you with the necessary building blocks to build your own custom monitoring solutions.

Solution Overview

Amazon Connect Voice ID delivers Events to the default event bus. An Amazon EventBridge Rule will capture all Voice ID events and deliver them to Amazon CloudWatch Logs (/aws/events/voiceid ).

The solution consists of configuring the EventBridge rules to listen and filter for Voice ID events that are relevant, and then sending them to CloudWatch log group target. We will combine this log data with both custom and standard CloudWatch metrics display them in CloudWatch dashboard. Dashboards can be accessed from the CloudWatch console and can also be shared with people who do not have direct access to your AWS account. Sharing allows Voice ID metrics to be consumed by stakeholders such as fraud teams and/or contact center supervisors.

You can configure CloudWatch alarms that can notify you via Amazon Simple Notification Service (SNS) whenever an alarm is triggered for specific purposes. We will showcase how to create a fraud risk alert and enrolled speakers metric in this example.


For the walkthrough, you should be familiar and have access to the following AWS services and features:


The following steps can be used to deploy the solution:

  1. Sign in to the AWS Management Console
  2. Click the link below to launch the stack in AWS CloudFormation

  1. Ensure the region selected also contains your Amazon Connect instance
  2. If necessary, adjust the stack name
  3. Check your stack is updated with the following parameters. All others can be left as default or modified based on your requirements:
    1. VoiceIdDomainId: Enter the Domain ID of your existing Voice ID Domain. Assistance on confirming your ID can be found in the Voice ID Domains documentation

  1. Keep the defaults on the remaining options page and select Create Stack


Once deployed, access Amazon CloudWatch and open the Voice ID Dashboard. By default the dashboard widgets will report for the previous period of 24 hours, however, this can be adjusted to suit your requirements. Please note that some metrics used to populate the dashboard will not appear until data is generated by Amazon Connect.

The solution will have created the following custom metrics to capture and display in the Amazon CloudWatch Dashboard.

  • Fraudster HIGH RISK metric: This custom metric shows the total number of High Risk Fraud Detection events that happened in the day. These are events where known fraudster called to the contact center. These are captured by filtering events that match the following pattern: $.detail.session.fraudDetectionResult.decision =
  • Enrolled Speakers metric: This custom metric shows the number of new speakers who enrolled to Voice ID in your Connect instance. These are captured by filtering events that match the following pattern: $.detail.action = "ENROLL_SPEAKER".
  • Voice ID Authentication metrics which track the number of successful authentications and number of rejected authentications. These are composed of two separate metrics
    • VoiceIdAccept metric: This tracks all the successful (or accepted) authentication decisions. They are captured by filtering events that match the following pattern:
      $.detail.session.authenticationResult.decision = "ACCEPT".
    • VoiceIdReject metric: This tracks all the unsuccessful (or rejected) authentication decisions. They are captured by filtering events that match the following pattern:
      $.detail.session.authenticationResult.decision = "REJECT".

In addition, we have also displayed the following Voice ID metrics that are sent to Cloudwatch by default:

  • Active Sessions (Today): This standard metric tracks the total number of active sessions for the Voice ID domain today. Active sessions are Voice ID sessions that are pending or ongoing.
  • Total Speakers Enrolled: This standard metric shows the total number of Speakers enrolled in the Voice ID domain .
  • Total Fraudsters Registered: This standard metric shows the number of Fraudsters registered in the Voice ID Domain.
  • Active Speaker Enrollment Jobs: This standard metric shows the number of active Batch Enrollment Jobs in the domain. Active Jobs are those which are in a Pending or InProgress state.

Extending the solution with a Fraudster High Risk Alarm

You can also create alarms that can be triggered on specific metrics. As an example, you can create an alarm based on the Fraudster HIGH RISK custom metric, so when a Fraudster calls, a notification can be sent to a supervisor using Amazon Simple Notification Service (SNS).

To create an alarm to notify when a Fraudster call to the Contact Center, follow the instructions defined in Create a CloudWatch alarm based on a static threshold and select the custom FraudsterHighRisk metric in the ConnectVoiceID custom namespace, and alarm when the maximum value is higher than one (1). In the VoiceID logs and in the content of the alarm message, the “detail.session.sessionName” is the same as the Contact Id which will help you to map it back to a specific contact in Amazon Connect console.

Clean up

In order to remove the resources by this solution, follow the following steps:

  1. Navigate to the CloudFormation console and select the VoiceIDDashboard stack or the stack name you provided.
  2. Choose the Delete button. Delete the stack resources by choosing the Delete stack button on the confirmation screen.


In this post, we implemented and demonstrated a solution allowing supervisors to gain insights into customer authentication and fraud detection events; helping ensure customers are securely identified and to help mitigate fraud. We did this by deploying a CloudFormation stack which included an EventBridge rule and a CloudWatch Dashboard. Amazon Connect Voice ID events are sent to Eventbridge where the events are processed and stored in CloudWatch Logs. When combined with standard and custom metrics, these were presented in a CloudWatch dashboard. We then described how the solution could be extended to generate high risk alerts based on the custom metrics to identify when fraudsters were targeting the contact center.

With Amazon Connect Voice ID you pay for what you use on a per transaction basis. There are no upfront payments, long-term commitments, or minimum monthly fees. The pricing structured is detailed on Amazon Connect pricing.

We would love to hear feedback on your experience of deploying this solution and how you have expanded it based on your requirements. Should you need help with setting this up, you can get assistance from AWS Professional Services. You can also seek assistance from Amazon Connect partners available worldwide.


Iain Truesdale is an Amazon Connect Specialist Solutions Architect at Amazon Web Services (AWS) and is based near Perth, Scotland. Iain enjoys helping customers understand how they can quickly and easily improve their customer experience using cloud technologies. Prior to this, Iain spent over 15 years working in support, implementation and architecture roles as a customer and partner before going all in on AWS.
Nelson Martinez is an Amazon Connect Specialist Solutions Architect Service-aligned based in Seattle with over 28 years of experience on Contact Centre, Unified Communications, IP Telephony, and Networking. In the last 2 years at AWS Nelson helped Enterprise Support customers to achieve Operational Excellence on their Amazon Connect cloud contact center implementations worldwide.
Sathish Jothikumar is a Senior Product Manager at Amazon Web Services (AWS), and is based in Washington, USA. He manages Amazon Connect Voice ID, an ML-based service to improve customer experience with caller authentication and fraud detection.