Skip to main content

Amazon Web Services

Invoking Lambda Functions with Amazon Connect

Amazon is continuing to release new features for Amazon Connect at a rapid clip. In this blog post I will take a deeper look at a new change to the contact flow configuration page that can make integrating with Lambda significantly easier. I will also detail some of the downsides you should be aware of when using this new configuration.

Before we get started, here is a screenshot of the new section you can find by navigating to your Amazon Connect instance inside the AWS console and selecting contact flows.

As we’ve noted in several previous blog posts and Amazon points out in the official documentation, for Amazon Connect to properly invoke a Lambda function we need to make sure the function has the right policy applied. You can check all the policies of a function by navigating to Lambda and using the view permissions button. Here is how that might look for a function that has had policies applied via the AWS CLI.

This view is incredibly useful if you want to see all details about who can invoke your function and in turn what services Lambda can access. To add more permissions, you can run a command like the one below within the AWS CLI.

aws lambda add-permission --function-name function:my-lambda-function --statement-id 1 --principal connect.amazonaws.com --action lambda:InvokeFunction --source-account 123456789012 --source-arn arn:aws:connect:us-east-1:123456789012:instance/def1a4fc-ac9d-11e6-b582-06a0be38cccf

However, by using the contact flow settings page in Amazon Connect this step is no longer necessary. All you have to do now is select the function you want your call center to invoke and click the add Lambda function button. Once you get a success message you’re ready to reference the function inside your contact flows.

Note, that you will still need to use the function ARN. There is no drop-down menu inside the invoke Lambda node that shows all your options the way all Lex bots are available inside the get customer input node. However, the helpful copy button next to your function name will grab the ARN for you, so there is no real need to go into the Lambda console.

Another thing to note is that when navigating to a function that is configured as detailed above the view permissions button will not display the lambda:InvokeFunction action. This can make it a bit harder to keep track of what permissions are applied to each one of your functions.

 

Not having a specific policy applied to your Lambda function means that you will not be able to control exactly which AWS account can invoke Lambda or set things up so that your function can be used by any account or instance. This can be an issue if you have a Lambda function used by multiple instances of Amazon Connect. You will also not be able to use this configuration for Lambda functions in other AWS regions.

Finally, if you are deploying multiple Lambda functions and don’t want to go into a GUI for each one, it might still be easier to use CloudFormation to apply the proper policies when the function is created. In case you’ve never used CloudFormation to apply policies to a Lambda function, here is how that could look.

 "AmazonConnectUpdateRights": {
           "Type": "AWS::Lambda::Permission",
            "Properties": {
                "FunctionName": {
                    "Ref": "FUNCTIONNAME"
                },
                "Action": "lambda:InvokeFunction",
                "Principal": "connect.amazonaws.com",
                "SourceAccount": {
                    "Ref": "AWS::AccountId"
                }
            }
        }

All of that said, this new way to use Lambda with Amazon Connect will certainly be useful for simple deployments with just one Amazon Connect instance. For more tips on how to use Lambda or help with any Amazon Connect related topic please Request an Amazon Connect Demo.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Alex Moisi

Alex Moisi is a Senior Technical Consultant at Perficient focusing on call center solutions including Amazon Connect.

More from this Author

Follow Us