Genesys Cloud - Main

 View Only

Sign Up

  Thread closed by the administrator, not accepting new replies.

  • 1.  AWS Cloundfront & S3

    Posted 11-14-2021 07:23
    Edited by Rajeev Srikant 11-14-2021 07:24
    No replies, thread closed.

    I found the below requirement for the Genesys BYOC cloud with respect to AWS Cloud front & S3

    Domains for the firewall allowlist - Genesys Cloud Resource Center (mypurecloud.com)


    Would like to understand what is the purpose of the AWS Cloudfront & S3 ?
    Are these mandatory.

    If mandatory is this access required how will be the access ?

    Will the access be from the end users PC or Desktop ?

    - User PC/Desktop -> Internet -> AWS Cloud front & AWS S3

    Or the access will be from the Genesys Cloud ?

    - User PC/Desktop -> Internet -> Genesys Cloud -> AWS Cloud front & AWS S3


    #ArchitectureandDesign

    ------------------------------
    Rajeev Srikant
    ------------------------------



  • 2.  RE: AWS Cloundfront & S3

    Posted 11-14-2021 16:31
    No replies, thread closed.
    Hi Rajeev

    I don't remember the exact specifics but if I recall, cloudfront is used as a CDN for hosting some content displayed within the browser UI (and potentially other places), including js, css, html etc.  Of note is that while the above mentions *.cloudfront.net there is actually a specific subdomain/cdn under that which is what Genesys have been using for a number of years now.  So if your security people are concerned about opening that entire cloudfront domain up, you *might* get away with just specifying that specific cdn subdomain.

    The 3s stuff is very likely similar and may be where other content or possibly some API components are hosted.  Someone else will need to respond to that bit though.

    ------------------------------
    Vaun McCarthy
    ------------------------------

    Original Message


  • 3.  RE: AWS Cloundfront & S3

    Posted 11-15-2021 05:24
    No replies, thread closed.

    Hi Rajeev,

    Cloudfront and S3 are not requirements for Genesys BYOC Cloud.

    Bring Your Own Carrier Cloud is a SIP Trunk between your telephony carrier and Genesys Cloud in AWS. As such BYOC Cloud does not interact with Cloudfront or AWS S3.

    The Genesys web client, like Vaun mentioned, does require access to Cloudfront for static content like graphics and icons. This global CDN allows for them to be downloaded with very low latency. The content on Cloudfont is read-only and never holds customer data.

    The Genesys web client also requires access to AWS S3 e.g. to retrieve and playback recordings.



    ------------------------------
    Peter Grothauzen
    Genesys - Employees
    ------------------------------

    Original Message


  • 4.  RE: AWS Cloundfront & S3

    Posted 11-15-2021 07:10
    No replies, thread closed.

    @Peter Grothauzen

    ​Thanks.
    So my understanding that the access will be from the users end i.e from the WebRTC client browser directly to AWS S3 & Cloud front.
    User PC -> Internet -> Amazon S3 & Cloud front

    It will not be like below
    User PC -> Internet -> Genesys Cloud -> Amazon S3 & Cloud front



    ------------------------------
    Rajeev Srikant
    ------------------------------

    Original Message


  • 5.  RE: AWS Cloundfront & S3

    Posted 11-15-2021 07:46
    No replies, thread closed.

    "So my understanding that the access will be from the users end i.e from the WebRTC client browser directly to AWS S3 & Cloud front.
    User PC -> Internet -> Amazon S3 & Cloud front"

    Peter: This communication is for the reasons I mentioned earlier. Because they take place directly between the client and Amazon S3 and  Cloudfront, you will need to allow the communication through your firewall.

    "It will not be like below
    User PC -> Internet -> Genesys Cloud -> Amazon S3 & Cloud front"

    Peter: Genesys Cloud internally uses Amazon S3 for several storage purposes, (not Cloudfront, that is static content). Because this communication is internal to Genesys Cloud there is no need for customers to configure anything in their firewall.

    Your local Genesys sales and solution consultants team can help you to clarify the architecture.



    ------------------------------
    Peter Grothauzen
    Genesys - Employees
    ------------------------------

    Original Message


  • 6.  RE: AWS Cloundfront & S3

    Posted 12-12-2022 03:06
    No replies, thread closed.

    Hi Peter,

    One of our customer is asking why we need to open with "*" for CloudFront and S3. They're keen on this setting because it's not only risky for data leakage but also could be regarded as a violation of the regulation when S3 can contain recordings with personal data and the data travel/stored outside of the country.
    As for now, The answer that I could get was the memo by the CPO for explaining current limitation and future plan to remediate this issue. 

    Here goes my questions.
    Unlike CloudFront, S3 can specify specific region from the guide
    1) Could we know what's the purpose of "*.s3.amazonaws.com" and what happens if we do not open from the firewall?
    2) If S3 can work only with region-specific URLs, can CloudFront limit access by doing the same?

    Appreciate your advices in advance.
    Minho



    ------------------------------
    Minho Cha
    Genesys - Employees
    ------------------------------

    Original Message


  • 7.  RE: AWS Cloundfront & S3

    Posted 08-09-2023 13:21
    No replies, thread closed.

    Can you share the "memo by the CPO"?  I'm unable to access your link.



    ------------------------------
    Russell Clark
    Kohl's Inc.
    ------------------------------

    Original Message


Related Content