Reduce S3 allowlist to simplify customer firewall requirements - Genesys Cloud for Salesforce customers need to update their package (UPDATED 19 April 2024)

Becky_Powell · March 28, 2024, 4:07pm

Description

The text and speech analytics endpoint for voice transcript service has been updated aligning with the change to reduce S3 allow list and simplify customer firewall requirements. Genesys Cloud for Salesforce customers will be affected where they retrieve voice transcripts using the Apex SDK in Salesforce. In the update version 4.19 managed package the remote site settings have now been included by default. Alternatively customers can update the remote site settings manually in their salesforce organization.

Change Category

Informational
API

Change Context

Currently, Genesys requires customers to open their firewalls to *.s3.amazonaws.com - see [Domains for the firewall allowlist - Genesys Cloud Resource Center] .

This is far too broad for organizations for several reasons.

Organizations are concerned about employees exfiltrating data to clandestine s3 buckets. Because their firewalls must be open to *.s3 this risk extends beyond agents to all network users in their network.
Organizations want to prevent their own employees from accessing malicious or illicit software:
Organizations may use web content filtering to prevent malicious software from being downloaded from outside sources. Amazon S3 is considered a place where executable files could be stored that pose a risk to an organization. Genesys documentation advises to allow the entire Amazon S3; this access is too broad.

Change Impact

If you retrieve your voice transcripts using the Apex SDK, update the Genesys Cloud for Salesforce managed package to the latest version 4.19. The package update includes the new remote site settings and automatically enables or creates the new remote site settings in your organization. If you do not update the managed package, then your current code for retrieving the voice transcript eventually will not work when this feature is released.

Upgrade to the latest version of the managed package or manually configure the new remote site settings in your organization.

[Remote site settings for Genesys Cloud for Salesforce - Genesys Cloud Resource Center]
Coming soon page released: [Release notes for Genesys Cloud for Salesforce - Genesys Cloud Resource Center]

Date of Change

No sooner than May 27th, 2024. Please note that notice window is shortened from the standard 90 day breaking change notice policy due to security impact.

Impacted APIs

GET /api/v2/speechandtextanalytics/conversations/{conversationId}/communications/{communicationId}/transcripturl

References

[PURE-4609], [CWC-5867]

system · April 28, 2024, 4:07pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.