Skip to main content

Setting Up Salesforce Organization and AWS Account

Salesforce Organization

  1. Create required Salesforce Org and log in as System Administrator user.

  2. To create required users: Choose Users, Create new User with required data and then choose Save. The following is the list required users with required data:

    SCCAC Administrator is the admin user, responsible for SCC-AC setup:

    • First Name: SCCAC
    • Last Name: Administrator
    • Email: SCCAC Administrator email
    • Username: Unique username
    • Profile: System Administrator
    • Permission Set: Contact Center Admin (Partner Telephony)

    SCCAC Agent is the agent user, responsible for entertaining contacts:

    • First Name: SCCAC
    • Last Name: Agent
    • Email: SCCAC Agent email
    • Username: Unique username
    • Profile: Standard User or any other required profile
    • Permission Set: Contact Center Agent (Partner Telephony)
  3. To assign SCV related Permission Set to a user:

    • Choose Users, choose the user’s name, hover over Permission Set Assignments and then choose Edit Assignments. Select required permission set in the Available Permission Sets column and choose the right arrow Add to move it to the Enabled Permission Sets column. Choose Save. The following list contains the required permissions:

      SCCAC Administrator needs the following permission set: Contact Center Admin (Partner Telephony).
      SCCAC Agent needs the following permission set: Contact Center Agent (Partner Telephony).

  4. To enable Omni-Channel:

    1. In Salesforce Setup, go to Feature Settings, Service, Omni-Channel, and then Omni-Channel Settings.
      1. Check the Enable Omni-Channel box and choose Save.
    2. Go to Feature Settings, Service, Voice, and then Partner Telephony Setup.
      1. Confirm that you see a green checkmark in section 1 for Enable Omni-Channel to verify you completed the previous step correctly.
      2. If it’s not already enabled, turn on the switch for Enable Service Cloud Voice in section 2.

AWS Account

  1. To create an AWS account If you don’t have one:
    1. Follow these instructions to create an AWS account: https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html
  2. To create the ProvisioningRole in your AWS account:
    1. Go to the IAM console, select Roles on the left nav, and then choose Create role on the upper right.
    2. Select AWS account as the trusted entity type. Select Another AWS account below and enter 793525387755 for the Account ID. Choose Next. Scroll to the bottom of the page and choose Next again.
    3. IMPORTANT: The role name must be entered as ProvisioningRole exactly. Choose Create role.
    4. After the role is created, select it from the list.
    5. Choose Add permissions and then Create inline policy. Select the JSON editor.
    6. For the policy document, copy the SCV provisioning policy from here: https://github.com/service-cloud-voice/examples-from-doc/blob/main/iam_policies/SCVProvisioningPolicy.json
    7. Search and replace the string <AWS_ACCOUNT_ID> in the policy document with the account ID for your newly-created AWS account; it’s the easiest to use the search-and-replace feature of a text editor like TextEdit/Sublime to do this in one step.
    8. Paste the policy document into the JSON editor, then choose Next.
    9. Optionally enter a name for the policy. The name of the policy doesn’t matter (only the name of the role does) but you can use ProvisioningPolicy if you like. Finish creating the policy. Copy the ARN of the ProvisioningRole for the next steps.
  3. To create an IAM User and review AWS credentials:
    1. To create an IAM User, sign in to your AWS account, go to the IAM Console, Users, and then choose Create user.
      1. For User name, enter SCCAC-Setup-User and then choose Next.
      2. Choose Attach Policy Directly, Create Policy. In the Policy Editor, select JSON. In the following code, replace <AWS_ACCOUNT_ID> with your AWS account ID, and then paste the code into your JSON editor.
        {
        "Version": "2012-10-17",
        "Statement": [
        {
        "Sid": "WildcardAccess",
        "Effect": "Allow",
        "Action": [
        "lambda:GetEventSourceMapping",
        "kms:CreateKey",
        "kms:ListAliases",
        "logs:DescribeLogGroups",
        "secretsmanager:GetRandomPassword"
        ],
        "Resource": [
        "*"
        ]
        },
        {
        "Sid": "StateMachineAccess",
        "Effect": "Allow",
        "Action": [
        "states:CreateStateMachine",
        "states:CreateStateMachineAlias",
        "states:DeleteStateMachine",
        "states:DeleteStateMachineAlias",
        "states:DeleteStateMachineVersion",
        "states:DescribeStateMachine",
        "states:DescribeStateMachineAlias",
        "states:TagResource",
        "states:UntagResource",
        "states:UpdateStateMachine",
        "states:UpdateStateMachineAlias"
        ],
        "Resource": [
        "arn:aws:states:*:<AWS_ACCOUNT_ID>:stateMachine:*"
        ]
        },
        {
        "Sid": "LogsAccess",
        "Effect": "Allow",
        "Action": "logs:*",
        "Resource": "arn:aws:logs:*:<AWS_ACCOUNT_ID>:log-group:SCC*"
        },
        {
        "Sid": "EventsAccess",
        "Effect": "Allow",
        "Action": [
        "events:DeleteRule",
        "events:DescribeRule",
        "events:PutRule",
        "events:PutTargets",
        "events:RemoveTargets"
        ],
        "Resource": [
        "arn:aws:events:*:<AWS_ACCOUNT_ID>:rule/*"
        ]
        },
        {
        "Sid": "LambdaAccess",
        "Effect": "Allow",
        "Action": [
        "lambda:AddLayerVersionPermission",
        "lambda:AddPermission",
        "lambda:CreateAlias",
        "lambda:CreateEventSourceMapping",
        "lambda:CreateFunction",
        "lambda:Delete*",
        "lambda:Get*",
        "lambda:InvokeFunction",
        "lambda:List*",
        "lambda:PublishLayerVersion",
        "lambda:PublishVersion",
        "lambda:PutFunctionConcurrency",
        "lambda:PutFunctionEventInvokeConfig",
        "lambda:PutProvisionedConcurrencyConfig",
        "lambda:RemoveLayerVersionPermission",
        "lambda:RemovePermission",
        "lambda:TagResource",
        "lambda:UntagResource",
        "lambda:Update*"
        ],
        "Resource": [
        "arn:aws:lambda:*:<AWS_ACCOUNT_ID>:*:SCC*",
        "arn:aws:lambda:*:<AWS_ACCOUNT_ID>:*:SCC*:*",
        "arn:aws:lambda:*:<AWS_ACCOUNT_ID>:event-source-mapping:*"
        ]
        },
        {
        "Sid": "S3",
        "Effect": "Allow",
        "Action": [
        "s3:Create*",
        "s3:Delete*",
        "s3:Get*",
        "s3:List*",
        "s3:Put*"
        ],
        "Resource": [
        "arn:aws:s3:::amazonconnect-scc*",
        "arn:aws:s3:::amazonconnect-scc*/*",
        "arn:aws:s3:::scc*",
        "arn:aws:s3:::scc*/*",
        "arn:aws:s3:::<AWS_ACCOUNT_ID>-assets-bucket*",
        "arn:aws:s3:::<AWS_ACCOUNT_ID>-assets-bucket*/*"
        ]
        },
        {
        "Sid": "KMSResourceBasedAccess",
        "Effect": "Allow",
        "Action": [
        "kms:CreateAlias",
        "kms:Decrypt",
        "kms:DeleteAlias",
        "kms:DescribeKey",
        "kms:GetKeyRotationStatus",
        "kms:GenerateDataKey",
        "kms:GetKeyPolicy",
        "kms:ListResourceTags",
        "kms:PutKeyPolicy",
        "kms:ReplicateKey",
        "kms:TagResource",
        "kms:UntagResource",
        "kms:UpdateAlias",
        "kms:UpdateKeyDescription",
        "kms:UpdatePrimaryRegion"
        ],
        "Resource": [
        "arn:aws:kms:*:<AWS_ACCOUNT_ID>:key/*",
        "arn:aws:kms:*:<AWS_ACCOUNT_ID>:alias/SCC*"
        ]
        },
        {
        "Sid": "SecretsManagerResourceBasedAccess",
        "Effect": "Allow",
        "Action": [
        "secretsmanager:*"
        ],
        "Resource": [
        "arn:aws:secretsmanager:*:<AWS_ACCOUNT_ID>:secret:SCC*"
        ]
        },
        {
        "Sid": "IAMAccess",
        "Effect": "Allow",
        "Action": [
        "iam:*Role*",
        "iam:*Roles*",
        "iam:*Policy*"
        ],
        "Resource": [
        "arn:aws:iam::<AWS_ACCOUNT_ID>:role/SCC*",
        "arn:aws:iam::<AWS_ACCOUNT_ID>:policy/scc*/SCC*"
        ]
        },
        {
        "Sid": "CloudformationAccess",
        "Effect": "Allow",
        "Action": "cloudformation:*",
        "Resource": [
        "arn:aws:cloudformation:*:<AWS_ACCOUNT_ID>:stack/SCC*"
        ]
        },
        {
        "Sid": "ConnectAccess",
        "Effect": "Allow",
        "Action": [
        "connect:Get*",
        "connect:List*",
        "connect:Search*",
        "connect:Describe*",
        "connect:Create*",
        "connect:Delete*",
        "connect:TagResource",
        "connect:Associate*",
        "connect:Disassociate*",
        "connect:StartTaskContact",
        "connect:StopContact"
        ],
        "Resource": [
        "arn:aws:connect:*:<AWS_ACCOUNT_ID>:/instance",
        "arn:aws:connect:*:<AWS_ACCOUNT_ID>:instance/*"
        ]
        },
        {
        "Sid": "SQSAccess",
        "Effect": "Allow",
        "Action": [
        "sqs:CreateQueue",
        "sqs:DeleteQueue",
        "sqs:GetQueueAttributes",
        "sqs:SetQueueAttributes",
        "sqs:TagQueue"
        ],
        "Resource": [
        "arn:aws:sqs:*:<AWS_ACCOUNT_ID>:SCC*"
        ]
        },
        {
        "Sid": "CloudwatchAccess",
        "Effect": "Allow",
        "Action": [
        "cloudwatch:DeleteAlarms",
        "cloudwatch:DeleteDashboards",
        "cloudwatch:PutDashboard",
        "cloudwatch:PutMetricAlarm"
        ],
        "Resource": [
        "arn:aws:cloudwatch:*:<AWS_ACCOUNT_ID>:*:SCC*",
        "arn:aws:cloudwatch:*:<AWS_ACCOUNT_ID>:dashboard/SCC*"
        ]
        }
        ]
        }
      3. For Policy name enter SCCAC-Setup-Policy and choose Create Policy.
      4. Refresh Permissions policies in User creation window, select SCCAC-Setup-Policy and choose Next, and then Create user.
    2. Create an access key for user and store it:
      1. Choose SCCAC-Setup-User, go to the Security credentials tab, Create Access Key, select Other, choose Next, and then Create Access Key.
      2. Store both the access key and the secret access key in Notepad. These will be used for SCC-AC Guided setup.