AWS Cloud Operations & Migrations Blog

Integrate AWS Support with Amazon Connect to receive critical outbound voice notifications

Notifications for critical AWS Support cases are essential to ensure that issues that affect your workloads are addressed quickly. AWS Support sends email notifications automatically when support cases are newly created or updated in your AWS accounts, and they can be viewed in AWS Support Center, or the AWS Managed Services (AMS) console for customers using AMS. For critical or high priority cases, customers prefer voice notification for more immediate notice, especially during non-business hours. Today, customers use a variety of third-party tools to manage this requirement.

AWS Managed Services (AMS) leverages standard AWS services, and extends you team with guidance and execution of operational best practices with specialized automations, skills, and experience that are contextual to your environment and applications. In this blog post, we will describe best practices from the AMS on how you can leverage Amazon EventBridge, AWS Support API, and Amazon Connect to receive voice notifications when there are critical updates to your AWS Support cases.

Solution Overview

With this solution, AWS Support API and Amazon EventBridge are integrated with Amazon Connect. AWS Support API provides access to AWS Support case management, allowing customers to manage the entire lifecycle of AWS Support cases, from case creation to resolution. Amazon EventBridge integration enables customers to rapidly detect and react to changes to their AWS Support cases.

This solution includes the setup and configuration of the following resources in your AWS account across multiple regions:

  • Step-1: An Amazon Connect instance that is configured to send outbound voice notifications in the AWS Region where you need the notifications to be sent.

The AWS Support API and the Amazon EventBridge integration with the Support API are accessible via US-EAST-1 endpoint. Therefore, this solution must be deployed in the US-EAST-1 Region.

Solution components deployed in US-EAST-1 Region:

  • Step-2: An Amazon EventBridge rule to initiate automated actions when AWS Support Cases are created or updated.
  • Step-3: An Amazon Simple Notification Service (Amazon SNS) topic to which the EventBridge rule will publish when support activity has taken place.
  • Step-4: An AWS Lambda function that gets triggered when SNS messages are received and makes Amazon Connect outbound calls to report high severity incidents.

In step 1, an EventBridge rule evaluates AWS support activity when cases are created or updated. In step 2, the EventBridge sends a message to the SNS topic if the event matches create or update criteria. In step 3, a Lambda function retrieves the SNS message from the topic, parses the case id and makes an API call to AWS support for additional information of the case. In Step 5, if the case priority matches high severity, Lambda invokes outbound calls via Amazon Connect API.

Figure 1: High level Solution Architecture

The solution works as follows:

  1. When an AWS Support case is created or updated in your AWS account, an event is placed on the EventBridge event bus, and this event is evaluated by EventBridge to determine if there is a matching EventBridge rule.
  2. An EventBridge rule is triggered when the event matches the following pattern: 
    {
  "detail-type": ["Support Case Update"],
  "source": ["aws.support"],
  "detail": {
    "event-name": ["CreateCase"]
  }
}

    3. The EventBridge rule publishes the event to a SNS Topic. The SNS Topic triggers a Lambda function, passing a copy of the message received from EventBridge to the function.

    4. The Lambda function evaluates the message and retrieves the severity of the incident from AWS Support.

    5. The Lambda function initiates an outbound voice notification to the users through Amazon Connect when the severity of the incident matches the high severity.

Prerequisites

  • The following are the prerequisites to deploy this solution:
  • An AWS Account with AWS Command Line Interface (AWS CLI) configured. The AWS account must be enrolled in Business Support, Enterprise On-Ramp, or Enterprise Support to access the AWS Support API.
    • Git to download the sample file source code.

Solution Walkthrough

Following are the steps involved in setting up the solution

  1. Create an Amazon Connect Instance and configure to make outbound calls.
  2. Create an Amazon Connect contact flow for outbound voice contact.
  3. Deploy the CloudFormation template.
  4. Create a test AWS Support Case to verify that the solution has been implemented.

Provision an Amazon Connect instance and configure to make outbound calls

  1. The AWS Region where your Amazon Connect instance is provisioned determines which countries you can send outbound calls or voice notifications. Refer to the countries you can call here. Select the appropriate AWS Region for your Amazon Connect instance where you could send outbound support notifications to your phone numbers.
  2. Follow the steps detailed in the link to create an Amazon Connect instance – https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-instances.html.
  3. When setting up Telephony during the Amazon Connect Instance creation, make sure you choose Allow outgoing calls.
  4. Login to the Amazon Connect instance you created and claim a phone number to use for outbound voice notifications. Follow the steps described here – https://docs.aws.amazon.com/connect/latest/adminguide/contact-center-phone-number.html. Make sure the phone number you claim is in the same country as the phone number that need to receive the voice notification.
  5. Navigate to Routing and Queues. Edit the BasicQueue and update the below information:
    1. Settings – Setup Default caller ID name and select the phone number you claimed for the Outbound caller ID number. Save the configurations.
  6. Navigate to Users and choose Routing profiles and edit the Basic Routing Profile. Navigate to Settings and Queues. Then, navigate to Default outbound queue and choose BasicQueue to be associated with outbound calls.

Create an Amazon Connect contact flow for outbound voice contact

  1. Download the contact flow json file from Github.
  2. Login to the Amazon Connect instance you provisioned in earlier step, and navigate to Routing, Flows and Create flow.
    • Using the dropdown button on the right, choose Import (beta).
    • Select the contact flow you downloaded. The imported contact flow appears on the canvas as described below with three blocks – Entry point, Play prompt, and Disconnect.

Contact flow describing the three blacks Entry point, Play prompt, and Disconnect. Entry point initiates the Play prompt and after completion of the Play prompt, Disconnect block terminates the call.

Figure 2: Amazon Connect Contact Flow

    • You will observe that the Play prompt block has an attribute SUPPORT_INCIDENT_DETAILS configured under Text-to-speech or chat text. This attribute is updated by the Lambda function deployed in the next step with the high priority support incident subject to trigger outbound voice notifications, hence do not change this attribute name.
    • Save the contact flow by choosing Save. Choose Publish and publish the flow.

Deploy the CloudFormation template

You can deploy the CloudFormation template either by logging into the AWS Console or via AWS CLI. The CloudFormation template requires four parameters.

  1. PhoneNumberToNotify: Phone number that receives the Incident notification call. Phone number should be in E.164 format +(Country Code)(Phone Number) Example: +61464646464
  2. ConnectOutboundInstanceID: Amazon Connect Instance ID provisioned for facilitating the Outbound Incident calls. You can find details on how to find the Instance ID here: https://aws.amazon.com/premiumsupport/knowledge-center/find-connect-instance-id/
  3. ConnectOutboundSourcePhone: Amazon Connect Instance outbound phone number that was claimed earlier (Step 1 (b)) to initiate the outbound incident notifications. Phone number should be in E.164 format +(Country Code)(Phone Number).
  4. ConnectOutboundContactFlowID: Amazon Connect Contact Flow ID configured for sending the outbound notification. You can find more details on how to find the contact flow id here: https://docs.aws.amazon.com/connect/latest/adminguide/find-contact-flow-id.html
  5. ConnectRegion: AWS Region where your Amazon Connect instance for making outbound calls is deployed in ‘Create an Amazon Connect Instance and configure to make outbound calls’.

Update the parameters below

Deploying the CloudFormation template via AWS CLI into the us-east-1 Region

#Clone the Git Repository
git clone https://github.com/aws-samples/aws-support-connect-integration.git
# Change Directory into the repository
cd ./aws-support-connect-integration
# Use the AWS CLI to deploy the CloudFormation template
aws cloudformation deploy \
--template-file support-incident-outbound-connect-calling.yml \
--stack-name <stackname> \
--capabilities CAPABILITY_IAM \
--region us-east-1 \
--parameter-overrides PhoneNumberToNotify=<include phone number> ConnectOutboundInstanceID=<include Connect InstanceID> ConnectOutboundSourcePhone=<include Connect Outbound Phone> ConnectOutboundContactFlowID=<include Connect Contact Flow ID> ConnectRegion=<include Amazon Connect Region>

Create a test AWS Support Case to verify that the solution has been implemented

Using the AWS Console, AWS CLI, or APIs, create a new AWS Support Case with severity level ‘High’. For test cases, use the subject TEST CASE-Please ignore.

After creating the case, you will receive a phone call on the number configured as ‘PhoneNumberToNotify’ and you will hear the incident subject.

Considerations for production use

The following aspects should be considered for use in production:

Encryption – To automatically encrypt the messages during transit, it is recommended to use HTTPS. To enforce only encrypted connections over HTTPS, add the aws:SecureTransport condition in the IAM policy that’s attached to unencrypted SNS topics. For data protection at rest, leverage server-side encryption (SSE). SSE uses keys managed in AWS Key Management Service (KMS). Please refer to SNS security best practices – https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html

Logging – As a best practice, it is recommended to include structured logging in the AWS Lambda function to help interpret and analyze programmatically. In the sample code, structured logging isn’t included. Please refer to structured logging details here –https://docs.aws.amazon.com/lambda/latest/operatorguide/parse-logs.html

Reserved concurrency – You may need to consider reserved concurrency if there are other Lambda functions in the Region that may consume all of the available account capacity, and could prevent the Lambda function in this solution from running.

Log retention – The sample code provided with this post has Amazon CloudWatch Logs retention period set to seven days. Customers should consider their own data storage retention policies when using it in production.

Amazon Connect – Please refer to Amazon Connect security best practices – https://docs.aws.amazon.com/connect/latest/adminguide/security-best-practices.html

Cleanup

You can clean-up the AWS Resources that were deployed in two steps.

  • From AWS CLI run the following command to delete the EventBridge setup and configurations:
aws cloudformation delete-stack --stack-name <stackname> --region us-east-1

Conclusion

In this blog post, we covered the solution architecture and setup of Amazon Connect and Amazon EventBridge integration with AWS Support. This solution meets the requirement of receiving voice notifications for critical cases raised via AWS Support. We started by showing how to provision and configure an Amazon Connect instance in the AWS Region where you need the notifications to be sent. Then, we showed you how to deploy the CloudFormation stack that sets up an Amazon EventBridge rule and a Lambda function to trigger notifications via the Amazon Connect when high priority incidents are updated or raised. Finally, we showed you how to test the solution and provided references to best practices for production use. For help in scaling and operating more efficiently on AWS, visit AWS Managed Services for more information.

About the authors:

Chandra Allaka

Chandra is a Principal Specialist Solution Architect with AWS Managed Services. During his tenure with AWS, he worked in multiple roles. He is passionate about helping customers with their cloud operations excellence and building effective solutions to manage cloud environments at scale.

Rajni Bisht

Rajni is a Cloud Architect with AWS Managed Services at AWS. She joined AWS in 2019 and she has taken delight in utilizing her AMS-specific technical expertise and knowledge to assist customers in qualifying, supporting, and transforming potential opportunities into successful ventures.