Forem: Marcus Chan

Sending Apple Push Notifications via AWS SNS

Marcus Chan — Thu, 21 May 2026 10:46:40 +0000

How I Send iOS Push Notifications Through SNS (and Why It Needs a Custom Resource)

If you’ve tried setting up iOS push notifications through AWS SNS, you’ve probably hit the same wall I did. CloudFormation has no native resource for an SNS Platform Application, and the AWS docs quietly assume you’ll click through the console to create one. I didn’t want to. Here’s how I kept the whole thing in CDK, credential rotation included.

TL;DR

Get Apple APNs credentials from Apple Developer: .p8 key, key_id, team_id, and bundle_id. Store them in SSM Parameter Store so the backend reads them at deploy time, not from code.
Create an SNS topic and an SNS Platform Application for APNs. CloudFormation has no native resource for the platform application, so use a Lambda-backed custom resource to create and update it.
Use a Lambda to manage device tokens : clients send a device token to your API; the Lambda creates a platform endpoint in SNS and subscribes it to the topic. On deregister: disable the endpoint and unsubscribe.
Publish to the topic from any Lambda : send an APNS / APNS_SANDBOX JSON payload and SNS fans out to all subscribed endpoints.

Overview

I send iOS push notifications for case updates, status changes, and field actions. The events originate in backend Lambdas that have no direct way to reach a device, so I route them through SNS.

The backend has four parts:

CDK : SNS topic + APNs platform application (via a custom resource). Credentials in SSM.
Custom Resource Lambda : CDK/CloudFormation has no native SNS Platform Application resource, so I use a Lambda to create or update it from SSM. This also lets us rotate keys without replacing the resource.
Notification Manager Lambda : GraphQL mutations registerDeviceToken / deregisterDeviceToken create or find a platform endpoint, then subscribe or unsubscribe it to the topic.
Publisher Lambdas : Publish to the topic with a JSON message (default, APNS, APNS_SANDBOX). SNS delivers to subscribed endpoints, then to APNs, then to devices.

1. Credentials in SSM

Before anything else, store four values from your Apple Developer account in SSM Parameter Store as SecureString parameters:

.p8 key (the private key file contents)
Key ID
Team ID
Bundle ID

The custom resource Lambda reads these at deploy time. Nothing lives in code or environment variables. Make sure the Lambda’s IAM role has ssm:GetParameter on those specific parameter paths.

2. SNS Platform Application (Custom Resource)

Why a custom resource?

CDK/CloudFormation has no native resource for an SNS Platform Application. You simply cannot declare one as a plain CDK construct; it doesn’t exist in the L2 or L1 construct library.

Rather than managing the platform application outside of CDK (clicking through the console or running a one-off CLI command), I keep it in CDK with the rest of the stack using a Lambda-backed Custom Resource. The Lambda calls the SNS API directly on CloudFormation’s behalf:

CreatePlatformApplication
SetPlatformApplicationAttributes
DeletePlatformApplication

We keep the handler in a custom_resources/ folder next to our other CDK constructs (e.g. sns_platform_applications.py), and the SNS construct file wires it in as the custom resource provider.

Keeping it in CDK means credential rotation is just a code change: update the value in SSM, bump the RefreshToken property in the CDK construct, and redeploy. CloudFormation compares property values on each deploy, so changing RefreshToken is enough to trigger the Lambda to re-read SSM and update the platform application in place without replacing it.

Create/Update: Read params from SSM, call list_platform_applications() to find an existing app whose ARN ends with /APNS/{name}, then update it or create it.
Delete: Delete by stored ARN.

Read from SSM, build attributes, then update or create:

# sns_platform_applications.py
p8_key = ssm.get_parameter(Name=props['P8KeyParameter'], WithDecryption=True)['Parameter']['Value']
key_id = ssm.get_parameter(Name=props['KeyIdParameter'], WithDecryption=True)['Parameter']['Value']
team_id = ssm.get_parameter(Name=props['TeamIdParameter'], WithDecryption=True)['Parameter']['Value']
bundle_id = ssm.get_parameter(Name=props['BundleIdParameter'], WithDecryption=True)['Parameter']['Value']

attributes = {
    'PlatformPrincipal': key_id,
    'PlatformCredential': p8_key,
    'ApplePlatformTeamID': team_id,
    'ApplePlatformBundleID': bundle_id
}

if existing_arn:
    sns.set_platform_application_attributes(
        PlatformApplicationArn=existing_arn,
        Attributes=attributes
    )
else:
    response = sns.create_platform_application(
        Name=app_name,
        Platform='APNS',
        Attributes=attributes
    )

3. Topic and CDK Wiring

One SNS topic receives all notification publishes. I don’t subscribe users directly to the topic. Instead, I create platform endpoints (one per device token) under the APNs platform application, and subscribe those endpoints to the topic.

Flow: Publisher → Topic → SNS fan-out to endpoints → APNs → device

Three CDK constructs wire this together:

sns.py: creates the topic and the custom resource for the platform application. Exports the topic ARN and platform application ARN as environment variables for the Lambdas.
notification_manager.py: creates the Notification Manager Lambda, passes in PLATFORM_APPLICATION_ARN and NOTIFICATION_TOPIC_ARN, and wires registerDeviceToken / deregisterDeviceToken to AppSync resolvers.
Publishers : any Lambda that needs to send a notification reads NOTIFICATION_TOPIC_ARN from its environment and calls sns.publish. No SNS-specific setup needed on the publisher side.

# sns.py (simplified)
self.notification_topic = aws_sns.Topic(self, "PushNotificationTopic", topic_name=topic_name)

# Wrap the custom resource handler Lambda in a Provider so CDK can invoke it
# during stack create/update/delete events.
provider = cr.Provider(
    self, "APNSPlatformAppProvider",
    on_event_handler=apns_platform_handler_lambda,
)

platform_app = CustomResource(
    self, "APNSPlatformApp",
    service_token=provider.service_token,
    properties={
        "ApplicationName": f"{topic_name}-apns",
        "P8KeyParameter": apns_params.p8_key_path_param,
        "KeyIdParameter": apns_params.key_id_param,
        "TeamIdParameter": apns_params.team_id_param,
        "BundleIdParameter": apns_params.bundle_id_param,
        # Bump this string (date format is arbitrary) to force a Custom Resource update,
        # e.g. after rotating credentials in SSM.
        "RefreshToken": "2025-09-22-09",
    },
    # Without this, deleting the stack leaves the SNS Platform Application orphaned.
    removal_policy=RemovalPolicy.DESTROY,
)

4. Notification Manager: Register / Deregister

registerDeviceToken(device_token)

Get the user id from AppSync context. It flows from the Cognito JWT, which is how user_id lands in CustomUserData.
Paginate through list_endpoints_by_platform_application and match by CustomUserData.device_token. SNS has no API to look up an endpoint by token directly, so pagination is the only way. At very large scale (tens of thousands of endpoints), you'd want to cache device_token → endpoint_arn in DynamoDB. For our footprint, pagination is fine.
If one exists, re-enable it (Enabled=true) and update its ownership, then ensure it is subscribed to the topic. SNS auto-disables endpoints when APNs rejects a delivery (uninstalled app, expired token, etc.), so re-enabling on re-registration is the normal recovery path.
If not, create a new endpoint and subscribe it to the topic. Subscription failures are logged but do not fail the registration. The token is still stored and the device can receive notifications once the subscription is retried.

A note on token rotation: APNs device tokens can change. When they do, the old endpoint becomes effectively dead, and this flow creates a new endpoint for the new token. Cleaning up orphaned endpoints is a separate concern (I handle it with a periodic sweep), but it’s out of scope for this article.

deregisterDeviceToken(device_token)

Find the endpoint by paginating through platform endpoints and matching CustomUserData.device_token. Return an error if not found.
Call SetEndpointAttributes with Enabled=false.
Paginate through the topic’s subscriptions, find the one matching the endpoint ARN, and unsubscribe it.

# Notification Manager lambda_function.py
existing_endpoint = find_existing_endpoint(device_token) # paginates list_endpoints_by_platform_application

if existing_endpoint:
    # Re-enable and re-subscribe. SNS may have disabled it after a delivery failure.
    sns_client.set_endpoint_attributes(
        EndpointArn=existing_endpoint,
        Attributes={"Enabled": "true", "CustomUserData": json.dumps({"user_id": user_id, "device_token": device_token})}
    )
    endpoint_arn = existing_endpoint
else:
    # Store device_token in CustomUserData so we can find this endpoint later.
    # SNS doesn't expose the raw Token in list responses, only CustomUserData.
    response = sns_client.create_platform_endpoint(
        PlatformApplicationArn=PLATFORM_APPLICATION_ARN,
        Token=device_token,
        CustomUserData=json.dumps({"user_id": user_id, "device_token": device_token})
    )
    endpoint_arn = response.get('EndpointArn')

sns_client.subscribe(
    TopicArn=NOTIFICATION_TOPIC_ARN,
    Protocol='application',
    Endpoint=endpoint_arn
)

5. Publisher: Sending a Notification

The publisher reads NOTIFICATION_TOPIC_ARN from the environment and calls sns.publish with MessageStructure='json'.

One thing worth clarifying: APNS vs APNS_SANDBOX is a property of the platform application , not the message. An endpoint inherits its mode from the platform application it was created under. Including both keys in the message body only matters if you have separate sandbox and production platform applications and want one publisher to feed both. If you only have a production platform application, the APNS_SANDBOX key is ignored. I keep both in the payload so the same publisher code works across environments.

# Your publisher Lambda, for example publish_notification()
apns_payload = {
    "aps": {
        "alert": {"title": "Your App", "body": message_text},
        "sound": "default",
        "badge": 1
    },
    "data": {"entity_id": entity_id, "type": notification_type} # custom data for your app
}

message = {
    "default": message_text,
    "APNS": json.dumps(apns_payload),
    "APNS_SANDBOX": json.dumps(apns_payload)
}

sns_client.publish(
    TopicArn=NOTIFICATION_TOPIC_ARN,
    Message=json.dumps(message),
    MessageStructure='json',
    MessageAttributes={
        "notification_type": {"DataType": "String", "StringValue": notification_type},
        "entity_id": {"DataType": "String", "StringValue": entity_id},
    },
)

Wrap up

Four moving parts: one SNS topic, one APNs platform application (managed by a custom resource), one Notification Manager Lambda, and any number of publishers.

The biggest time sink wasn’t the SNS or APNs side. It was realizing the custom resource was the only viable path to keep the platform application in CDK at all. Once that clicked, the rest was wiring.

If you have a better way to do it, I’d be curious to hear about it.

How I Rebuilt My Portfolio with a Little Help from AI

Marcus Chan — Fri, 23 Jan 2026 13:00:52 +0000

What started as a messy side project is now a smarter, easier to maintain site, thanks to a configuration-driven approach and modern dev tools.

The Messy Start

Like many developers, my portfolio started as a quick weekend project. It was built with plain HTML, CSS, and JavaScript, functional but outdated, hard to maintain, and definitely not something I was proud of.

Every small update meant digging through multiple files, tweaking styles, and hoping nothing broke. So the project sat untouched for months… until I decided to finish it properly.

Before

Cleaning It Up with AI

The first step was cleaning up the mess. This time, I used AI as a coding partner to help with repetitive work like:

Refactoring messy code
Organizing files properly
Making CSS more consistent
Adding basic JavaScript structure

Tasks I had procrastinated for weeks were done in days. AI didn’t build the project for me, it simply accelerated the boring parts so I could focus on structure and decisions.

After

Making It Configuration-Driven

Next, I tackled the real problem: content was scattered everywhere. Adding a new project or skill meant editing multiple HTML files manually.

My solution was simple: create a single data.json file to store all the content. This one file now controls:

Bio and personal info
Project showcases
Timeline (work, education, certifications)
Skills and social links

{
  "_comment": "This file controls all content and navigation for the portfolio website.",
  "config": {
    "name": "...",
    "real_name": "...",
    "title": "...",
    "subtitle": "...",
    "summary": "...",
    "email": "...",
    "website": "...",
    "typedMessages": [...],
    "cvDriveId": "..."
  },
  "social": [
    {
      "platform": "...",
      "icon": "...",
      "url": "..."
    }
  ],
  "showcase": [
    {
      "id": "...",
      "title": "...",
      "backgroundImage": "...",
      "technologies": [...],
      "modalContent": {
        "title": "...",
        "description": "...",
        "links": [...]
      }
    }
  ],
  "skills": {
    "languages": [...],
    "cloud": [...],
    "web": [...],
    "devops": [...],
    "databases": [...],
    "ai": [...]
  },
  "timeline": [
    {
      "category": "...",
      "order": 0,
      "startDate": "...",
      "endDate": "...",
      "company": "...",
      "title": "...",
      "modalContent": {...}
    }
  ],
  "navigation": [
    {
      "id": "...",
      "enabled": true,
      "title": "...",
      "icon": "..."
    }
  ]
}

Now, updating the site means editing one file. Add a new project or certification to data.json, and the site updates automatically, no HTML editing required.

Upgrading the Tooling

With the structure in place, I modernized the build process using Vite.

The migration was smooth and made development much more enjoyable.

Automating the Workflow

To finish things off, I added CI/CD with GitHub Actions. Now every change follows this flow:

Update data.json
Commit and push
Tests run automatically, the site builds, and it deploys

No more manual steps, and no more deployment headaches.

Github Actions

What I Learned

✅ Centralize your content. A single JSON source of truth makes updates simple and scalable.

✅ AI is a helper, not a replacement. It speeds up development and removes friction.

✅ Modern tools matter. Vite, TypeScript, and CI/CD make even small projects more maintainable.

✅ Automation saves time. Build, test, and deploy steps should run without effort.

Connect with me on LinkedIn| GitHub| Portfolio

Built a Game in 2 Hours with Amazon Q

Marcus Chan — Thu, 19 Jun 2025 15:35:21 +0000

🧠 The Idea

So I was walking around AWS Summit Singapore and saw this poster:

“Build Games with Amazon Q CLI”

Score a T-shirt.

I didn’t go there planning to build a game. But I was curious what Amazon Q CLI could do. And yeah, the swag sounded fun.

So I gave myself a quick challenge:

⏱ Max 2 hours
🧠 Let Q CLI do most of the work
🎮 End up with something that runs

🧪 My Iteration Journey (with Prompts I gave Q)

🎮 Getting the First Build Running

“Build an endless jumper game in Python using pygame.”

Q spun up a basic prototype:

Player block
Green platforms
Gravity
Score counter

It worked! But sometimes… you just drop off the screen instantly. RIP.

⛔ Bug #1 — Sudden Death

“Fix a bug where the player sometimes falls immediately when the game starts.”

This worked.

But there was another issue: once you lost, the game window just closed. No warning, no time to react.

💀 Game Over Screen + Reset

“When the player loses, show a ‘Game Over’ screen and wait for a key press before closing. Also, add a reset feature, pressing ‘R’ should restart the game.”

Q delivered:

Game Over screen
Press ‘R’ to restart

Super helpful for testing. No more relaunching the app every time I mess up.

But there was something weird, the platforms were too wide. You literally couldn’t lose. You just bounced forever.

📏 Fixing the “Can’t Lose” Bug + Adding Difficulty

“Fix the bug where when you jump further up, the platform becomes too big — like make some difficulty in the game.”

With this prompt, Q made the game more challenging:

Narrower platforms : You could finally miss a jump and fall
Scaling difficulty : Platforms spread apart

Now we’re talking. It finally felt like a game — one you could actually lose.

⚡ Adding Power-Ups

“Add a random power-up — you decide what it is — and spawn it on some platforms. Enhance the game.”

Q gave me power-ups like:

Double jump
Bigger platforms
Slow motion

Cool stuff — but a new bug appeared: timer kept ticking even after you lost.

🛥️ Fixing the Timer Bug

“Fix the timer — once the game ends or is frozen, the timer should stop.”

Clean fix. Timer now pauses properly during freezes and stops on game over. That wrapped it up nicely.

🧹 Final Touches

“Create a README.md for the project.”

Q generated a clean, well-written README file with usage instructions.

💡 Final Thoughts

This was a fun, focused experiment. In under 2 hours, I went from nothing to:

A playable endless jumper game
Scaling difficulty and proper fail conditions
A working power-up system
Reset and game-over mechanics
A complete README

No, I haven’t claimed the T-shirt yet.

But maybe this post will help.

You can find my repository here:

https://github.com/MarcusCJH/amazon-q-pygame

My AWS Cloud Certification Was Expiring — Here’s How I Recertified It Through Gamification

Marcus Chan — Tue, 11 Mar 2025 08:05:53 +0000

My AWS Cloud Certification Was Expiring — Here’s How I Recertified It Through Gamification

📩 “Important: Your AWS Certification expires on Mar 23, 2025”

Wait, what? My AWS Certified Cloud Practitioner credential was about to expire! And, of course, like any responsible tech professional, I had totally not forgotten about it (okay, maybe just a little).

The Usual Recertification Route vs. A Gamified Approach

Initially, I was considering the traditional route: just take an Associate-level exam and be done with it.

But then, two things happened at the same time:

1️⃣ I saw AWS now offered a gamified recertification process.

2️⃣ There was a “Cloud Tournament” happening within my organization.

So I thought… why not align everything and go all in? It was the perfect opportunity to recertify and compete at the same time!

How AWS Cloud Quest for Recertification Works

✔️ Stages 1–12: These were interactive and scenario-based , covering real AWS concepts with plenty of hands-on learning. Sure, there was a lot of reading , but it was a great way to refresh my cloud knowledge.

✔️ Stage 13 (Final Boss Battle): A Troubleshooting Challenge where you analyze and fix an AWS Cloud Architecture. This one definitely required some AWS experience , but it was a solid practical application of everything learned.

How Long Did It Take?

I’m suggesting completing one stage per day, meaning you could finish in 13 days.

Me? I did it in 4 hours. (Would have been faster if I didn’t stop for snacks.)

Plus, since I was already in “locked in” , I had the extra motivation to speedrun through it!

Final Thoughts 💭

✅ Was it fun? Yes!

✅ Did it refresh my AWS knowledge? Absolutely.

✅ Would I recommend it? If your AWS Cloud Practitioner cert is expiring and you want a different experience from the usual exam, this is a solid option.

💡 Bonus: It’s free until the end of July 2025 , so why not?

Try it out here: AWS Cloud Quest: Recertify Cloud Practitioner

You can connect with me on linkedin: https://www.linkedin.com/in/marcuschanjh/

Leveraging Amazon Connect for Real-Time Incident Response Calls

Marcus Chan — Fri, 27 Sep 2024 18:54:13 +0000

Amazon Connect is a cloud-based contact center.

This use case was to automate incident response calls: when an alert is triggered, it sends the alert to SNS, which triggers a Lambda function. This Lambda function calls the first escalation point. If no one answers, it escalates to the second contact.

Here’s how I built it:

Ensure that you are in the Correct Region — I’m using ap-southeast-1 as I am located in Singapore.

1. Setting up AWS Identity and Access Management (IAM)

Step 1: In the AWS Console, search for IAM.

Step 2: Under Access management , click on Roles , then select Create role.

Step 3: For the trusted entity type, choose AWS Service , and under Use Case , select Lambda.

Step 4: Use the following AWS Managed Policies :

AmazonConnect_FullAccess
AmazonDynamoDBFullAccess
AmazonSNSFullAccess
AWSLambdaBasicExecutionRole

Step 5: Finally, create a role name, then click Create role. Make sure to take note of your Role Name for future use.

2. Setting Up Amazon Simple Notification Service (SNS) (Optional)

Step 1: In the AWS Console, search for SNS.

Step 2: Navigate to Topics and click on Create topic.

Step 3: Choose Standard for the topic type and give it a name (e.g., “AmazonConnectSNS”). After the topic is created, make sure to note down the ARN for later use.

3. Setting Up Amazon Lambda

Step 1: In the AWS Console, search for Lambda.

Step 2: Click on Create Function.

Step 3: On the Create Function page, provide a Function Name (e.g., “AmazonConnectLambda”), select Runtime as Python 3.xx, and choose the existing role you created in the IAM setup section.

Step 4: Add an SNS Trigger to the Lambda function.

Step 5: Go to Configuration , then navigate to Generation Configuration , and set the Timeout to 1 minute.

Step 6: Paste the following code into the lambda_function.py file. I will explain the code in the last section, where we’ll also revisit it to modify variables:

import boto3
import time
from datetime import datetime

# Initialize the DynamoDB resource
dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('CallLogs')

# Create a Connect client
connect_client = boto3.client('connect')

#Amazon Connect Instance ID, Contact Flow ID and Claim number
CONNECT_INSTANCE_ID = 'xxxxxxxxx'
CONTACT_FLOW_ID = 'xxxxxxxxx'
SOURCE_PHONE_NUMBER = 'xxxxxxxxx' 

# Phone numbers for the contacts
FIRST_CONTACT_PHONE = "+65xxxxxx"
SECOND_CONTACT_PHONE = "+65xxxxxx"

def log_event_to_dynamodb(contact_id, event, phone_number, escalation_stage):
    """
    Log the event (CONNECTED, DISCONNECTED) into DynamoDB with relevant details.
    """
    try:
        table.put_item(
            Item={
                'ContactId': contact_id,
                'Event': event,
                'Timestamp': datetime.utcnow().isoformat(),
                'PhoneNumber': phone_number,
                'EscalationStage': escalation_stage
            }
        )
        print(f"Logged {event} event for ContactId {contact_id} in DynamoDB")
    except Exception as e:
        print(f"Error logging event to DynamoDB: {e}")

def start_outbound_call(phone_number, escalation_stage):
    """
    Start an outbound call using Amazon Connect and return the ContactId.
    """
    try:
        response = connect_client.start_outbound_voice_contact(
            DestinationPhoneNumber=phone_number,
            ContactFlowId=CONTACT_FLOW_ID,
            InstanceId=CONNECT_INSTANCE_ID,
            SourcePhoneNumber=SOURCE_PHONE_NUMBER,
            Attributes={
                'Escalation': escalation_stage
            }
        )
        contact_id = response['ContactId']
        print(f"Started outbound call to {phone_number} with ContactId: {contact_id}")
        return contact_id
    except Exception as e:
        print(f"Failed to start outbound call: {e}")
        raise e

def check_call_status(contact_id):
    """
    Check the status of the outbound call using the ContactId.
    """
    try:
        response = connect_client.describe_contact(
            InstanceId=CONNECT_INSTANCE_ID,
            ContactId=contact_id
        )

        if 'Contact' in response and 'DisconnectTimestamp' in response['Contact']:
            print(f"Call with ContactId {contact_id} was disconnected at {response['Contact']['DisconnectTimestamp']}")
            return 'DISCONNECTED'

        elif 'Contact' in response and 'ConnectedToSystemTimestamp' in response['Contact']:
            print(f"Call with ContactId {contact_id} was connected at {response['Contact']['ConnectedToSystemTimestamp']}")
            return 'CONNECTED'

    except Exception as e:
        print(f"Failed to check call status: {e}")
        raise e

def lambda_handler(event, context):
    try:
        acknowledgment = event.get('Details', {}).get('Parameters', {}).get('acknowledgment', 'False')
        escalation_stage = event.get('Details', {}).get('Parameters', {}).get('EscalationStage', 'FirstAttempt')
        print(f"Acknowledgment: {acknowledgment}, Escalation Stage: {escalation_stage}")
    except KeyError:
        print("Expected keys not found in event")
        acknowledgment = 'False'

    if acknowledgment == 'False' and escalation_stage == 'FirstAttempt':
        print("Calling the first contact...")
        contact_id = start_outbound_call(FIRST_CONTACT_PHONE, 'FirstAttempt')

        for attempt in range(10):
            time.sleep(5) 
            status = check_call_status(contact_id)

            if status == 'CONNECTED':
                log_event_to_dynamodb(contact_id, 'CONNECTED', FIRST_CONTACT_PHONE, 'FirstAttempt')
                print("First contact answered the call. No need to escalate.")
                return {
                    'statusCode': 200,
                    'body': 'First contact answered the call.'
                }

            elif status == 'DISCONNECTED':
                print(f"First contact did not pick up or disconnected. Escalating to second contact.")
                break

        print("Escalating to second contact...")
        contact_id = start_outbound_call(SECOND_CONTACT_PHONE, 'SecondAttempt')
        log_event_to_dynamodb(contact_id, 'ESCALATION', SECOND_CONTACT_PHONE, 'SecondAttempt')
        return {
            'statusCode': 200,
            'body': 'Second contact attempt made.'
        }

    elif acknowledgment == 'False' and escalation_stage == 'SecondAttempt':
        print("Calling the second contact...")
        contact_id = start_outbound_call(SECOND_CONTACT_PHONE, 'SecondAttempt')
        log_event_to_dynamodb(contact_id, 'ESCALATION', SECOND_CONTACT_PHONE, 'SecondAttempt')
        return {
            'statusCode': 200,
            'body': 'Second contact attempt made.'
        }

    elif acknowledgment == 'True':
        print("First contact acknowledged the call.")
        return {
            'statusCode': 200,
            'body': 'Call acknowledged by the first contact.'
        }

    else:
        print("Unexpected scenario encountered.")
        return {
            'statusCode': 500,
            'body': 'Unexpected scenario.'
        }

Step 6 : Click on Deploy

4. Setting up DynamoDB

Step 1: In the AWS Console, search for DynamoDB.

Step 2: In the navigation pane, click on Tables , then select Create Table.

Step 3: In the Create Table form, follow these steps:

Set the Table name to CallLogs.
For the Partition key , use ContactId.
For the Sort key , use Timestamp.

Finally, click Create table at the bottom.

5. Setting Up Amazon Connect

Step 1 : In the AWS Console, search for Amazon Connect.

Step 2: Create a new instance by following the on-screen instructions. Make sure to enable both Inbound and Outbound calls during setup.

Step 3: After the instance is created, navigate to Flows in the side menu. In the flow editor, under AWS Lambda , add the Lambda function that was created earlier.

Step 4: Log in to your Amazon Connect instance with admin privileges. Once logged in, navigate to the sidebar and select Phone numbers.

Step 5: Click on Claim a number and follow the recommended steps to complete the process.

Step 6: Test both incoming and outgoing calls:

To test incoming calls, use a mobile phone to dial the number you claimed.
For outgoing calls, use the Contact Control Panel in Amazon Connect.

Step 7: In the Amazon Connect navigation bar, click on Flows and create a new flow.

Step 8: Add a title to your flow, design the flow, and once done, click Publish. You can follow this basic structure for your flow:

Entry -> Set Logging Behavior block -> Play Prompt -> Get Customer Input

If the user presses 1, proceed to the Play Prompt block-> Disconnect block
If not, invoke the Lambda function block -> Disconnect block

In the Invoke AWS Lambda block, you’ll need to set up the function input parameters. Follow this structure for the input parameters:

6. Source Code Explanation

Calling the First Contact : Once the Lambda function is triggered, it initiates an outbound call to the FIRST_CONTACT_PHONE. The function then monitors the call status (whether it’s connected or disconnected) and logs the event accordingly.
Escalating to the Second Contact : If the first contact doesn’t respond, the function escalates the process by making an outbound call to the SECOND_CONTACT_PHONE.
Handling Call Acknowledgment : If an acknowledgment is received (set to ‘True’), the function stops any further escalation.

7. Wrapping Things Up

When revisiting the Lambda function, remember to update the following variables:

CONNECT_INSTANCE_ID: This is the unique Amazon Connect instance ARN (UUID) associated with your instance.
CONTACT_FLOW_ID: This is the UUID of your contact flow. You can find it in the URL of your flow in Amazon Connect, located immediately after /contact-flow/.
SOURCE_PHONE_NUMBER: This is the phone number you claimed in Amazon Connect.
FIRST_CONTACT_PHONE: The phone number of the first person to receive the call.
SECOND_CONTACT_PHONE: The phone number of the second person to receive the call if the first contact doesn’t answer.

In this setup, SNS is used to receive alerts from an AWS CloudWatch alarm, which triggers the SNS topic. You can simulate an alert by going to SNS and publishing a message manually.

However, for simplicity, we can skip that and go straight to Lambda and trigger the function directly to test the flow.

If everything works as expected, you should receive a call, and you’ll be able to view the call logs in DynamoDB under the CallLogs table.

While in DynamoDB, you will be able to see the CallLogs.

I hope you found this use case helpful.

Overall, I found it enjoyable to experiment with Aamzon Connect.

You can connect with me on linkedin: https://www.linkedin.com/in/marcuschanjh/