How do I set up a deny list in my Amazon Connect contact center that allows agents to flag numbers in real time?

Last updated: 2021-05-24

I want agents in my Amazon Connect contact center to be able to add numbers to a deny list in real time. I also want to be able to add numbers to the list manually. How do I set that up?

Short description

To allow agents in your Amazon Connect contact center to add numbers to a deny list in real time, do the following:

Note: You can also manually add numbers to the deny list by editing the DynamoDB table directly.

Resolution

Important: Make sure that you follow these steps in the same AWS Region that your Amazon Connect instance is in.

Create a DynamoDB table that holds denied numbers

1.    Open the DynamoDB console.

2.    Choose Create DynamoDB table. Then, do the following:
For Table name, enter DenylistingTable.
In the Partition key panel, for Primary key, enter ContactNumber.
For Data type, choose String.
Choose Create.

Note: For more information, see Write data to a table using the console or AWS CLI.

Create an IAM role that a Lambda function can assume to either look up or add denied numbers in DynamoDB

1.    Create an IAM role that uses the following JSON policy:

Important: Make sure that the AWSLambdaBasicExecutionRole is included in the policy along with the DynamoDB permissions. If the AWSLambdaBasicExecutionRole isn't included in the policy, then the function won't invoke.

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of this
software and associated documentation files (the "Software"), to deal in the Software
without restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "cloudwatch:GetInsightRuleReport",
            "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "iam:PassedToService": [
                        "application-autoscaling.amazonaws.com",
                        "application-autoscaling.amazonaws.com.cn",
                        "dax.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "replication.dynamodb.amazonaws.com",
                        "dax.amazonaws.com",
                        "dynamodb.application-autoscaling.amazonaws.com",
                        "contributorinsights.dynamodb.amazonaws.com",
                        "kinesisreplication.dynamodb.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Sid": "VisualEditor3",
            "Effect": "Allow",
            "Action": [
                "lambda:CreateFunction",
                "cloudwatch:DeleteAlarms",
                "sns:Unsubscribe",
                "dynamodb:*",
                "lambda:GetFunctionConfiguration",
                "datapipeline:CreatePipeline",
                "kinesis:ListStreams",
                "logs:CreateLogStream",
                "kinesis:DescribeStreamSummary",
                "resource-groups:GetGroup",
                "cloudwatch:DescribeAlarmsForMetric",
                "lambda:DeleteFunction",
                "sns:Subscribe",
                "iam:GetRole",
                "application-autoscaling:RegisterScalableTarget",
                "sns:ListSubscriptionsByTopic",
                "datapipeline:ListPipelines",
                "dax:*",
                "lambda:ListFunctions",
                "sns:CreateTopic",
                "application-autoscaling:DeleteScalingPolicy",
                "cloudwatch:GetMetricStatistics",
                "logs:CreateLogGroup",
                "resource-groups:CreateGroup",
                "application-autoscaling:DescribeScalingPolicies",
                "lambda:ListEventSourceMappings",
                "application-autoscaling:PutScalingPolicy",
                "cloudwatch:DescribeAlarms",
                "resource-groups:ListGroupResources",
                "ec2:DescribeSubnets",
                "lambda:DeleteEventSourceMapping",
                "datapipeline:ActivatePipeline",
                "resource-groups:GetGroupQuery",
                "tag:GetResources",
                "sns:DeleteTopic",
                "cloudwatch:GetMetricData",
                "sns:ListTopics",
                "sns:SetTopicAttributes",
                "lambda:CreateEventSourceMapping",
                "datapipeline:DescribePipelines",
                "cloudwatch:ListMetrics",
                "cloudwatch:DescribeAlarmHistory",
                "application-autoscaling:DescribeScalingActivities",
                "kms:DescribeKey",
                "datapipeline:PutPipelineDefinition",
                "application-autoscaling:DescribeScalableTargets",
                "datapipeline:QueryObjects",
                "iam:ListRoles",
                "datapipeline:DescribeObjects",
                "kinesis:DescribeStream",
                "sns:ListSubscriptions",
                "resource-groups:ListGroups",
                "datapipeline:GetPipelineDefinition",
                "logs:PutLogEvents",
                "ec2:DescribeSecurityGroups",
                "resource-groups:DeleteGroup",
                "cloudwatch:PutMetricAlarm",
                "ec2:DescribeVpcs",
                "kms:ListAliases",
                "datapipeline:DeletePipeline",
                "application-autoscaling:DeregisterScalableTarget"
            ],
            "Resource": "*"
        }
    ]
}
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of this
software and associated documentation files (the "Software"), to deal in the Software
without restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lambda:*",
                "dynamodb:*"
            ],
            "Resource": "*"
        }
    ]
}

Create a Lambda function (function A) that stores denied numbers in the DynamoDB table

Use the following Python code to create a Lambda function and attach the role created previously:

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of this
software and associated documentation files (the "Software"), to deal in the Software
without restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

import json
import boto3 

client = boto3.client('dynamodb')

def lambda_handler(event, context):
    response = client.put_item(
    TableName='DenylistingTable',
    Item={
        'ContactNumber':{
            'S':event['Details']['ContactData']['CustomerEndpoint']['Address']
        }
    }
    )
    
    return{'Success':True}

Create a second Lambda function (function B) that queries the Dynamo DB table to check if an incoming call is from a number on the deny list

Use the following Python code to create a second Lambda function and attach the role created previously:

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of this
software and associated documentation files (the "Software"), to deal in the Software
without restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

import json
import boto3 

client = boto3.client('dynamodb')

def lambda_handler(event, context):
    
    response = client.query(
        TableName="DenylistingTable",
        Select= 'ALL_ATTRIBUTES',
        KeyConditionExpression='ContactNumber = :ConNum',
        ExpressionAttributeValues={":ConNum":{
            "S": event['Details']['ContactData']['CustomerEndpoint']['Address']
        }}
        )
    if (len(response['Items']) == 0):
        return {'Success':'false'}
    else:
        return {'Success':'true'}

Add the Lambda functions (function A and function B) to your Amazon Connect instance

1.    Open the Amazon Connect console.

2.    In the Instance Alias column, choose the name of your Amazon Connect instance.

3.    In the left navigation pane, choose Contact flows.

4.    In the AWS Lambda section, choose the Function dropdown list. Then, choose the name of function A.
Note: The Function dropdown list names the functions that are in the same AWS Region as your Amazon Connect instance only. If no functions are listed, choose Create a new Lambda function to create a new function in the correct Region.

5.    Choose Add Lambda Function. Then, confirm that the Amazon Resource Name (ARN) of the function is added under Lambda Functions.

6.    Add function B to your Amazon Connect instance by repeating steps 1-5. For step 4, make sure that you choose the name of function B.

For more information, see Invoke AWS Lambda functions.

Create an inbound contact flow

Create a new inbound contact flow associated with a claimed number. After you choose Create contact flow, the contact flow designer opens.

In the contact flow designer, do the following:

Note: The following is an example of a basic inbound contact flow. You can add or edit blocks for your use case.

Add a Set logging behavior block

Important: If you haven't already, turn on contact flow logging for your instance.

To turn on contact flow logs in your Amazon Connect CloudWatch Logs, use a Set logging behavior block.

1.    Choose Set.

2.    Drag and drop a Set logging behavior block onto the canvas to the right of the Entry point block.

3.    Choose the block title (Set logging behavior). The block's settings menu opens.

4.    Choose Enable.

Add an Invoke AWS Lambda function block

To invoke function B and check if an incoming call is from a number on the deny list, use an Invoke AWS Lambda function block.

1.    Choose Integrate.

2.    Drag and drop an Invoke AWS Lambda function block onto the canvas to the right of the Set logging behavior block.

3.    Choose the block title (Invoke AWS Lambda function). The block's settings menu opens.

4.    Choose the name of function B.

5.    Choose Save.

Add a Check contact attributes block

To confirm if the number was added to the deny list or not, use a Check contact attributes block.

1.    Choose Branch.

2.    Drag and drop a Check contact attributes block onto the canvas to the right of the Invoke AWS Lambda function block.

3.    Choose the block title (Check contact attributes). The block's settings menu opens.

4.    For Type, choose External.

5.    For Attribute, choose Success.

6.    Choose Add another Parameter twice so that two parameters are created.

7.    Under Conditions to check, choose Equals for both parameters. Then, for the value of the first parameter, enter true. For the value of the second parameter, enter false.

8.    Choose Save.

Add a Play prompt block

To play a prompt that informs agents when a deny list request error occurs, use a Play prompt block.

1. Choose Interact.

2.    Drag and drop a Play prompt block onto the canvas to the right of the Invoke AWS Lambda function block. Then, connect the Play prompt block to the Error output of the Invoke AWS Lambda function block.

3.    Choose the block title (Play prompt). The block's settings menu opens.

4.    For Prompts, choose Text-to-speech. Then, choose one of the following:
Enter text allows you to play text as a lifelike audio message.
-or-
Enter dynamically allows you to upload .wav files to play a recorded audio message.

5.    Choose Save.

Add a Transfer to queue block

To end the contact flow and transfer the call to your regular customer queue flow, use a Transfer to queue block.

1.    Choose Terminate/Transfer.

2.    Drag and drop a Transfer to queue block onto the canvas to the right of the Play prompt block.

Note: No settings need to be configured for the Transfer to queue block for this use case.

Add a Disconnect block

To disconnect a caller from the contact flow if the incoming call is from a number that's on the deny list, add a Disconnect block.

1.    Choose Terminate/Transfer.

2.    Drag and drop a Disconnect block onto the canvas to the right of the Transfer to queue block.

Note: No settings need to be configured for the Disconnect block for this use case.

Activate the contact flow

1.    To save a draft of the flow, Choose Save.

2.    To activate the flow, Choose Publish.

Create a Transfer to queue flow that allows agents to add numbers to the deny list in real time

Create a new Transfer to queue flow. After you choose Create contact flow, the contact flow designer opens.

In the contact flow designer, do the following:

Add a Play prompt block

To let agents know that a number is in the process of being added to the deny list, use a Play prompt block.

1.    Choose Interact.

2.    Drag and drop a Play prompt block onto the canvas to the right of the Entry point block.

3.    Choose the block title (Play prompt). The block's settings menu opens.

4.    For Prompts, choose Text-to-speech. Then, choose either Enter text or Enter dynamically to create an audio message.

5.    Choose Save.

Add an Invoke AWS Lambda function block

To invoke function A when an agent adds a number to the deny list using the CCP, use an Invoke AWS Lambda function block.

1.    Choose Integrate.

2.    Drag and drop an Invoke AWS Lambda function block onto the canvas to the right of the Play prompt block.

3.    Choose the block title (Invoke AWS Lambda function). The block's settings menu opens.

4.    Choose the name of function A.

5.    In the Function input parameters section, choose Add a parameter and choose Use attribute. Then, do the following: For Destination key, enter CustomerNumber. For Type, choose System. For Attribute, choose Customer Number.

6.    Choose Save.

Add a second Play prompt block

To let agents know that a number was added to the deny list, use a second Play prompt block.

1.    Choose Interact.

2.    Drag and drop a Play prompt block onto the canvas to the right of the Invoke AWS Lambda function block. Then, connect the Play prompt block to the Success output of the Invoke AWS Lambda function block.

3.    Choose the block title (Play prompt). The block's settings menu opens.

4.    For Prompts, choose Text-to-speech. Then, choose either Enter text or Enter dynamically to create an audio message.

5.    Choose Save.

Add a third Play prompt block

To let agents know that a number wasn't added to the deny list because of an error, use a third Play prompt block.

1.    Choose Interact.

2.    Drag and drop a Play prompt block onto the canvas to the right of the Invoke AWS Lambda function block. Then, connect the Play prompt block to the Error output of the Invoke AWS Lambda function block.

3.    Choose the block title (Play prompt). The block's settings menu opens.

4.    For Prompts, choose Text-to-speech. Then, choose either Enter text or Enter dynamically to create an audio message.

5.    Choose Save.

Add a Disconnect block

To disconnect agents from the contact flow, add a Disconnect block.

1.    Choose Terminate/Transfer.

2.    Drag and drop a Disconnect block onto the canvas to the right of the three Play prompt blocks.

3.    Connect all the flow's branches to the Disconnect block.

Note: No settings need to be configured for the Disconnect block for this use case.

Activate the Transfer to queue flow

1.    To save a draft of the flow, choose Save.

2.    To activate the flow, choose Publish.

Create a quick connect that allows agents to add numbers to the deny list using the CCP

1.    Create a quick connect using the Amazon Connect console that has the following settings:
For Name, enter a name for the quick connect. For example: Deny list.
For Type, choose Queue.
For Destination, enter the name of the queue that you want to have the deny list functionality.

2.     Add the quick connect to the queues assigned to the agents that you want to have access to the deny list feature.

Now, when an agent is on a call, they can use the deny list quick connect in the CCP to add the number to the deny list. The next time a call comes in to your Amazon Connect contact center from that number, the call will be automatically disconnected without being placed in a queue.


Did this article help?


Do you need billing or technical support?