Skip to content

Resource: awsConnectUser

Provides an Amazon Connect User resource. For more information see Amazon Connect: Getting Started

Example Usage

Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.connectUser.ConnectUser(this, "example", {
  identityInfo: {
    firstName: "example",
    lastName: "example2",
  },
  instanceId: "${aws_connect_instance.example.id}",
  name: "example",
  password: "Password123",
  phoneConfig: {
    afterContactWorkTimeLimit: 0,
    phoneType: "SOFT_PHONE",
  },
  routingProfileId: "${aws_connect_routing_profile.example.routing_profile_id}",
  securityProfileIds: [
    "${aws_connect_security_profile.example.security_profile_id}",
  ],
});

With hierarchy_group_id

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.connectUser.ConnectUser(this, "example", {
  hierarchyGroupId:
    "${aws_connect_user_hierarchy_group.example.hierarchy_group_id}",
  identityInfo: {
    firstName: "example",
    lastName: "example2",
  },
  instanceId: "${aws_connect_instance.example.id}",
  name: "example",
  password: "Password123",
  phoneConfig: {
    afterContactWorkTimeLimit: 0,
    phoneType: "SOFT_PHONE",
  },
  routingProfileId: "${aws_connect_routing_profile.example.routing_profile_id}",
  securityProfileIds: [
    "${aws_connect_security_profile.example.security_profile_id}",
  ],
});

With identity_info filled

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.connectUser.ConnectUser(this, "example", {
  identityInfo: {
    email: "example@example.com",
    firstName: "example",
    lastName: "example2",
  },
  instanceId: "${aws_connect_instance.example.id}",
  name: "example",
  password: "Password123",
  phoneConfig: {
    afterContactWorkTimeLimit: 0,
    phoneType: "SOFT_PHONE",
  },
  routingProfileId: "${aws_connect_routing_profile.example.routing_profile_id}",
  securityProfileIds: [
    "${aws_connect_security_profile.example.security_profile_id}",
  ],
});

With phone_config phone type as desk phone

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.connectUser.ConnectUser(this, "example", {
  instanceId: "${aws_connect_instance.example.id}",
  name: "example",
  password: "Password123",
  phoneConfig: {
    afterContactWorkTimeLimit: 0,
    phoneType: "SOFT_PHONE",
  },
  routingProfileId: "${aws_connect_routing_profile.example.routing_profile_id}",
  securityProfileIds: [
    "${aws_connect_security_profile.example.security_profile_id}",
  ],
});

With multiple Security profile ids specified in security_profile_ids

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.connectUser.ConnectUser(this, "example", {
  instanceId: "${aws_connect_instance.example.id}",
  name: "example",
  password: "Password123",
  phoneConfig: {
    afterContactWorkTimeLimit: 0,
    autoAccept: false,
    deskPhoneNumber: "+112345678912",
    phoneType: "DESK_PHONE",
  },
  routingProfileId: "${aws_connect_routing_profile.example.routing_profile_id}",
  securityProfileIds: [
    "${aws_connect_security_profile.example.security_profile_id}",
    "${aws_connect_security_profile.example2.security_profile_id}",
  ],
});

Argument Reference

The following arguments are supported:

  • directoryUserId - (Optional) The identifier of the user account in the directory used for identity management. If Amazon Connect cannot access the directory, you can specify this identifier to authenticate users. If you include the identifier, we assume that Amazon Connect cannot access the directory. Otherwise, the identity information is used to authenticate users from your directory. This parameter is required if you are using an existing directory for identity management in Amazon Connect when Amazon Connect cannot access your directory to authenticate users. If you are using SAML for identity management and include this parameter, an error is returned.
  • hierarchyGroupId - (Optional) The identifier of the hierarchy group for the user.
  • identityInfo - (Optional) A block that contains information about the identity of the user. Documented below.
  • instanceId - (Required) Specifies the identifier of the hosting Amazon Connect Instance.
  • name - (Required) The user name for the account. For instances not using SAML for identity management, the user name can include up to 20 characters. If you are using SAML for identity management, the user name can include up to 64 characters from [aZAZ09_-.\@]+.
  • password - (Optional) The password for the user account. A password is required if you are using Amazon Connect for identity management. Otherwise, it is an error to include a password.
  • phoneConfig - (Required) A block that contains information about the phone settings for the user. Documented below.
  • routingProfileId - (Required) The identifier of the routing profile for the user.
  • securityProfileIds - (Required) A list of identifiers for the security profiles for the user. Specify a minimum of 1 and maximum of 10 security profile ids. For more information, see Best Practices for Security Profiles in the Amazon Connect Administrator Guide.
  • tags - (Optional) Tags to apply to the user. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

A identityInfo block supports the following arguments:

  • email - (Optional) The email address. If you are using SAML for identity management and include this parameter, an error is returned. Note that updates to the email is supported. From the UpdateUserIdentityInfo API documentation it is strongly recommended to limit who has the ability to invoke updateUserIdentityInfo. Someone with that ability can change the login credentials of other users by changing their email address. This poses a security risk to your organization. They can change the email address of a user to the attacker's email address, and then reset the password through email. For more information, see Best Practices for Security Profiles in the Amazon Connect Administrator Guide.
  • firstName - (Optional) The first name. This is required if you are using Amazon Connect or SAML for identity management. Minimum length of 1. Maximum length of 100.
  • lastName - (Optional) The last name. This is required if you are using Amazon Connect or SAML for identity management. Minimum length of 1. Maximum length of 100.

A phoneConfig block supports the following arguments:

  • afterContactWorkTimeLimit - (Optional) The After Call Work (ACW) timeout setting, in seconds. Minimum value of 0.
  • autoAccept - (Optional) When Auto-Accept Call is enabled for an available agent, the agent connects to contacts automatically.
  • deskPhoneNumber - (Optional) The phone number for the user's desk phone. Required if phoneType is set as DESK_PHONE.
  • phoneType - (Required) The phone type. Valid values are DESK_PHONE and SOFT_PHONE.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) of the user.
  • id - The identifier of the hosting Amazon Connect Instance and identifier of the user separated by a colon (:).
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
  • userId - The identifier for the user.

Import

Amazon Connect Users can be imported using the instanceId and userId separated by a colon (:), e.g.,

$ terraform import aws_connect_user.example f1288a1f-6193-445a-b47e-af739b2:c1d4e5f6-1b3c-1b3c-1b3c-c1d4e5f6c1d4e5