Prerequisites
Before beginning, ensure you have:
An active AWS account with administrator access
An existing Amazon Connect instance
Reality Defender credentials and your assigned IAM role details
Familiarity with the AWS Management Console
Step 1: Enable Live Media Streaming in Amazon Connect
This step configures Amazon Connect to stream live call audio to Kinesis Video Streams, which Reality Defender will consume for analysis.
Log in to the AWS Management Console.
Navigate to Amazon Connect and select your instance.
In the left-hand menu, click Data storage.
Under Live media streaming, click Enable live media streaming.
Enter a Prefix for the Kinesis Video Streams that will store the media (e.g.,
voiceguard-connect-realitydefender-contact-).Set your preferred Data retention period to control how long streams are retained.
Save your changes.
Note: The prefix you choose here must match the ARN pattern configured in the IAM policy in Step 5.
Step 2: Configure the Amazon Connect Contact Flow
This step sets up a contact flow that initiates media streaming and captures the metadata Reality Defender needs to locate and process each call's audio stream.
Log in to your Amazon Connect instance via the AWS Management Console.
In the left-hand menu, navigate to Routing → Flows.
Select an existing contact flow or click Create flow.
In the flow designer, drag and drop a Start media streaming block to the point in the flow where streaming should begin.
Add a Set contact attributes block immediately after.
In the Set contact attributes block, configure the following dynamic attributes:
Media Stream attributes:
Namespace | Key |
Media streams | Customer audio start fragment number |
Media streams | Customer audio stream ARN |
Media streams | Customer audio start timestamp |
System attributes:
Namespace | Key |
System | Customer endpoint address |
System | Dialed number |
Continue building out the remainder of the flow with any transfer or routing logic required for your business needs.
Save and publish the flow.
Step 3: Create an Amazon SQS Queue
Reality Defender uses an SQS queue to receive notifications about new and updated calls from Amazon Connect. This step creates that queue.
In the AWS Management Console, navigate to Amazon Simple Queue Service (SQS).
Click Create queue.
Configure the queue:
Name: Enter a name for the queue (e.g.,
connect).Type: Select Standard for high throughput, or FIFO if strict message ordering is required.
Optionally configure additional attributes such as Message Retention Period, Visibility Timeout, Delivery Delay, and Access Policies.
Click Create queue.
Keep note of the queue's ARN — you will need it in Steps 4 and 5.
Step 4: Configure Amazon EventBridge to Route Connect Events to SQS
This step creates an EventBridge rule that listens for specific Amazon Connect call events and forwards them to the SQS queue created in Step 3.
In the AWS Management Console, navigate to Amazon EventBridge.
Click Create rule.
Provide a Name (e.g.,
ConnectCallNotifications) and optional description.Under Event bus, leave the selection as Default.
Select Event Pattern as the rule type.
Under Service provider, select AWS. Set Event source to Amazon Connect and Event type to Amazon Connect Contact Event.
Switch to Custom pattern (JSON editor) and paste the following:
{
"source":["aws.connect"],
"detail-type":["Amazon Connect Contact Event"],
"detail":{"eventType":["INITIATED", "CONTACT_DATA_UPDATED"]
}
}Under Target, click Add target.
Set Target type to SQS Queue and select the queue created in Step 3.
If prompted, allow EventBridge to create or assign a role with permission to write to the SQS queue.
Review the configuration and click Create.
Step 5: Configure IAM Permissions for Reality Defender
This step grants Reality Defender the minimum necessary permissions to access Kinesis Video Streams, consume messages from SQS, and retrieve contact attributes from Amazon Connect.
Required Permissions by Service
Kinesis Video Streams
KVS permissions allow Reality Defender to access and manage audio streams captured during calls in Amazon Connect. Because all streams share a similar naming pattern, a catch-all prefix is used to scope access appropriately.
Permission | Purpose |
| Retrieve audio stream data for analysis |
| Identify active streams |
| Access stream metadata and state |
Resource specification: Permissions are scoped to streams matching the prefix set in Step 1. Example ARN: arn:aws:kinesisvideo:*:*:stream/voiceguard-connect-realitydefender-contact-*
Amazon SQS
SQS permissions allow Reality Defender to consume and manage messages from the queue created in Step 3. These messages notify Reality Defender of new incoming calls or updates to a call's state.
Permission | Purpose |
| Consume call notifications from the queue |
| Remove processed messages from the queue |
| Send messages to the queue |
| Manage message visibility for delayed processing |
Resource specification: Permissions are restricted to the specific SQS queue created for this integration. Example ARN: arn:aws:sqs:<region>:<account-id>:connect
Amazon Connect
The GetContactAttributes API allows Reality Defender to retrieve metadata about each call — such as the stream ARN, fragment number, and timestamps — which are required to locate and process the correct audio stream.
Permission | Purpose |
| Retrieve call metadata such as stream ARN and timestamps |
Resource specification: This permission is limited to your specific Amazon Connect instance. Example ARN: arn:aws:connect:<region>:<account-id>:instance/<instance-id>
IAM Policy
Once the required permissions are defined, create an IAM policy and attach it to a role that Reality Defender can assume. This keeps access secure and limited to only the actions and resources required for the integration to function.
Create a new IAM policy using the JSON below. Replace all placeholder values (<region>, <account-id>, <instance-id>) with your actual values before applying.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:SendMessage",
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:ChangeMessageVisibility"
],
"Resource": "arn:aws:sqs:<region>:<account-id>:connect"
},
{
"Effect": "Allow",
"Action": [
"kinesisvideo:GetMedia",
"kinesisvideo:ListStreams",
"kinesisvideo:DescribeStream"
],
"Resource": "arn:aws:kinesisvideo:*:*:stream/voiceguard-connect-realitydefender-contact-*"
},
{
"Effect": "Allow",
"Action": "connect:GetContactAttributes",
"Resource": "arn:aws:connect:<region>:<account-id>:instance/<instance-id>"
}
]
}
Attach the Policy to a Role
In the AWS Management Console, navigate to IAM → Roles.
Create a new role or select an existing one designated for Reality Defender.
Attach the policy created above to the role.
Provide Reality Defender with the Role ARN so it can assume the role and access the required resources.
Summary
Once all steps are complete, the following will be in place:
Component | Purpose |
Amazon Connect — Live Media Streaming | Streams call audio to Kinesis Video Streams |
Contact Flow | Captures stream ARN, fragment number, and timestamps as contact attributes |
Amazon SQS Queue | Receives call event notifications from EventBridge |
Amazon EventBridge Rule | Forwards |
IAM Policy & Role | Grants Reality Defender scoped access to KVS, SQS, and Connect |
If you encounter any issues during setup, please contact Reality Defender Support.