Cannot create appflow connector profile from AWS CLI

0

I am trying to create a connector profile to create a connection with Salesforce for Appflow flows using this doc: https://docs.aws.amazon.com/appflow/latest/userguide/salesforce.html#salesforce-global-connected-app

Using the above aws doc, I tried to create a connector profile using the AWS CLI.

I am using the below input:

{
  "connectorProfileName": "<connector name>",
  "connectorType": "Salesforce",
  "connectionMode": "Public",
  "connectorProfileConfig": {
      "connectorProfileProperties": { 
          "Salesforce": { 
              "instanceUrl": "https://<instance>.salesforce.com",
              "isSandboxEnvironment": true
          }
      },
      "connectorProfileCredentials": { 
          "Salesforce": { 
              "accessToken": "<access token>",
              "refreshToken": "<refresh token>",
              "clientCredentialsArn": "arn:aws:secretsmanager:us-west-2:<aws account>:secret:<secret name>",
              "oAuthRequest": {
                "authCode": "<code>",
                "redirectUri": "https://test.salesforce.com/"
              }
          }
      }
  }
}

The response body I get is: {"message":"Client Error in the service"}

As you can see, the response is not very helpful so I do not know where am I going wrong.

Did I forget a field in the request payload. Did I input incorrect values? I simply do not know and hope someone can lead me to the right direction.

I am aware of the ability to create this kind of profile through the console but it does not satisfy our use case.

2 Answers
0

Make sure you are using the latest version of AWS CLI.

profile pictureAWS
EXPERT
kentrad
answered a year ago
0

Hi there,

From the documentation follow the steps to create Secrets Manager with clientId and clientSecret and encrypt it using KMS Key, which has permission attached to be accessed by AppFlow. (You can skip this step, if it is already configured)

There are two methods to create connector profile in Salesforce.

Method 1: With authCode

{
  "connectorProfileName": "<connector name>",
  "connectorType": "Salesforce",
  "connectionMode": "Public",
  "connectorProfileConfig": {
      "connectorProfileProperties": { 
          "Salesforce": { 
              "instanceUrl": "InstanceURL",
              "isSandboxEnvironment": true
          }
      },
      "connectorProfileCredentials": { 
          "Salesforce": {
              "clientCredentialsArn": "arn:aws:secretsmanager:{Region}:{Account-Id}:secret:{SecretKey}",
              "oAuthRequest": {
                "authCode": "<AuthCode>",
                "redirectUri": "<RedirectUri>"
              }
          }
      }
  }
}

Method 2: Without AuthCode

{
  "connectorProfileName": "<connector name>",
  "connectorType": "Salesforce",
  "connectionMode": "Public",
  "connectorProfileConfig": {
      "connectorProfileProperties": { 
          "Salesforce": { 
              "instanceUrl": "InstanceURL",
              "isSandboxEnvironment": true
          }
      },
      "connectorProfileCredentials": { 
          "Salesforce": { 
              "accessToken": "<AccessToken>",
              "refreshToken": "<RefreshToken>"
          }
      }
  }
}

How to generate authCode ?

Auth code can be generated using URL: https://<DOMAIN>/services/oauth2/authorize?response_type=code&client_id=<CONSUMER_KEY>&redirect_uri=<Redirect_Url>

NOTE:

  1. <DOMAIN_URL> and <CONSUMER_KEY> can be viewed in Salesforce "My Domain" and "Manage Connected Apps" respectively.
  2. redirect_uri = Callback URL configured in your Salesforce Connected App

Generated authCode can be used in creating connector profile using Method 1

How to generate AccessToken and RefreshToken ?

Once you get AuthCode from previous step, accessToken and refreshToken can be generated using below method:

$ curl --location --request POST 'https://login.salesforce.com/services/oauth2/token?code=<authcode>&grant_type=authorization_code&client_id=<CONSUMER_KEY>&client_secret=<CONSUMER_SECRET>&redirect_uri=<redirectURI>' 

Sample Output:

{ "access_token": "XXXXX", "refresh_token": "XXXXX", "signature": "XXXXX", "scope": "refresh_token SOMETHING", "id_token": "XXXXX", "instance_url": "InstanceURL", "id": "https://login.salesforce.com/id/XXXXX/XXXXX ", "token_type": "Bearer", "issued_at": "XXXXX" }

access_token and refresh_token can be used in creating connector profile using Method 2

profile pictureAWS
SUPPORT ENGINEER
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions