Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

SalesForce + AppFlow issue creating connector profile

0

This is the request I am sending:

response = appflow_client.create_connector_profile(
    connectorProfileName='test-connector',
    connectorType='Salesforce',
    connectionMode='Public',
    connectorProfileConfig={
        'connectorProfileProperties': {
            'Salesforce': {
                'instanceUrl': 'my_instance_url',
                'isSandboxEnvironment': False,
            },
        },
        'connectorProfileCredentials': {
            'Salesforce': {
                'clientCredentialsArn': "my_secret_arn",
                'oAuth2GrantType': 'CLIENT_CREDENTIALS',
            }
        }
    }
)

This is the shape of my secret:

{"clientId":"my_client_id","clientSecret":"my_client_secret"}

And this is the error I am getting:

ClientError: An error occurred (ClientException) when calling the CreateConnectorProfile operation: Unable to fetch the client credentials. Secrets Manager returned the following error:Inconsistent secret state. Try again later.

Any guidance on what I am missing? Is my secret formatted wrong?

Argomenti
Integrazione delle applicazioni
Tag
Amazon AppFlow
Lingua
English
tjtoll
posta 3 mesi fa199 visualizzazioni
1 Risposta
0

Hello,

Thanks for reaching out to AWS re:Post with your AWS AppFlow query.

The error message is a client error that shows that the secret is in an inconsistent state. This response is returned directly from SecretsManager.

You can simply try to access the secret from your account using the AWS CLI, as it will return an error explaining the root cause. When trying to create the connector, you should see a GetSecretValue API call recorded in CloudTrail which would contain the error for why AppFlow was unable to retrieve the Secret.

The problem commonly occurs if you use the default KMS key to encrypt the Secret, and then create the flow without setting a customer CMK. So Appflow is trying to use the AWS managed KMS key to decrypt the secrets. Essentially, Secret Manager and AppFlow are using different KMS keys (i.e., "aws/secretsmanager" and "Amazon AppFlow-managed KMS key" respectively) to encrypt and decrypt the data. If this is the case, you will need to use a CMK to encrypt the Secret and give AppFlow permissions to use that key. When creating the profile, you will then use that key.

You can specify a KMS key for AppFlow to use by setting the 'kmsArn': [+] https://docs.aws.amazon.com/appflow/1.0/APIReference/API_CreateConnectorProfile.html#API_CreateConnectorProfile_RequestSyntax

Thank you.

Theolin_G
con risposta 3 mesi fa
profile picture
ESPERTO
Giovanni Lauria
verificato un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente