Understood.
Therefore, from the server side, I definitely need to allow HTTPS traffic for the same IP ranges in both directions, since both AWS Translate and Genesys Cloud belong to AWS. Additionally, communication with DNS servers must be allowed in order to resolve the different service names used by the translation application.
As there does not appear to be any secret storage in place, nor is New Relic being used, it would not be necessary to enable traffic to these services, although I will keep them in mind should I be informed otherwise.
Thank you very much and kind regards.
PD: By "client" I meant "customer." I was actually assuming from the outset that the agent itself needed to be able to communicate with the server, since it is the agent's own browser that is responsible for connecting to the server in order to obtain the translated text.
------------------------------
Francisco Manuel Mouro Santos
------------------------------
Original Message:
Sent: 02-11-2026 09:12
From: Lucas Woodward
Subject: Communications diagram - Genesys Cloud Email Translator Blueprint
You're welcome. I only wish I could be more help.
Assuming you're using the Build an email translation assistant with the AWS Translate service blueprint, then I think your setup looks like the diagram I drew on the right, next to yours on the left:
If so, and my understanding of the blueprint is correct then you have these main egress/ingress routes to consider:
- Egress from your service (likely the same IP range due to all being within AWS)
- AWS Transcribe
- AWS IAM
- Genesys Cloud's Platform API
- Ingress to your service (IP range of your company's VPN):
- Client's PC (loads content from the IFrame) - your diagram has the Client connecting to Genesys Cloud, but they will also connect to your service directly via the Iframe.
I don't think you need to consider the others, unless your service will use Google's Secret Manager, New Relic for observability etc.
------------------------------
Lucas Woodward
Winner of Orchestrator of the Year, Developer (2025)
LinkedIn - https://www.linkedin.com/in/lucas-woodward-the-dev
Newsletter - https://makingchatbots.com
Original Message:
Sent: 02-11-2026 03:53
From: Francisco Manuel Mouro Santos
Subject: Communications diagram - Genesys Cloud Email Translator Blueprint
Thank you very much for your reply.
These are the different IP ranges for each service:
| Genesys Cloud Media | | | |
| Genesys AudioHook Monitor | |
| Genesys Audio Connector | |
| Genesys Bot Connector | |
| BYOT Speech-to-text (STT) | |
| Recording Encryption | |
| Google | |
| New Relic | |
| Polycom | |
| ContentSquare | |
Which of these would apply to this case?
Apart from the AWS Translate IP range, which I guess I have to consult the AWS documentation, is there another network element or protocol you notice we need to allow in our machine firewall?
------------------------------
Francisco Manuel Mouro Santos
Original Message:
Sent: 02-09-2026 08:31
From: Lucas Woodward
Subject: Communications diagram - Genesys Cloud Email Translator Blueprint
Regarding the IP ranges, Genesys has a page about them which lists the endpoint they're accessible from (and JSON file): https://help.genesys.cloud/231699/
Coincidentally since Genesys Cloud instances are hosted in AWS I presume there is crossover between IP ranges for Genesys Cloud (hosted in AWS) and AWS Transcript.
------------------------------
Lucas Woodward
Winner of Orchestrator of the Year, Developer (2025)
LinkedIn - https://www.linkedin.com/in/lucas-woodward-the-dev
Newsletter - https://makingchatbots.com
Original Message:
Sent: 02-09-2026 03:57
From: Francisco Manuel Mouro Santos
Subject: Communications diagram - Genesys Cloud Email Translator Blueprint
We are going to implement the Genesys Cloud Email Translator Blueprint integration, deploying the application on a server external to Genesys. I need to create a communications diagram; however, I have not found any official documentation regarding this. Based on the code analysis, I have drafted the attached diagram.
In this context, I require the following:
- Validation of the diagram to ensure that all blocks and network elements are correctly represented, and to identify any missing or redundant components.
- For security compliance, the IP ranges for both server-to-Genesys and server-to-AWS Translate communications, as well as the required ports that must be open.
If anyone has any information about it, I would greatly appreciate it if you could let me know.
#Integrations
------------------------------
Francisco Manuel Mouro Santos
------------------------------