Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cannot create appflow connector profile from AWS CLI

0

I am trying to create a connector profile to create a connection with Salesforce for Appflow flows using this doc: https://docs.aws.amazon.com/appflow/latest/userguide/salesforce.html#salesforce-global-connected-app

Using the above aws doc, I tried to create a connector profile using the AWS CLI.

I am using the below input:

{
  "connectorProfileName": "<connector name>",
  "connectorType": "Salesforce",
  "connectionMode": "Public",
  "connectorProfileConfig": {
      "connectorProfileProperties": { 
          "Salesforce": { 
              "instanceUrl": "https://<instance>.salesforce.com",
              "isSandboxEnvironment": true
          }
      },
      "connectorProfileCredentials": { 
          "Salesforce": { 
              "accessToken": "<access token>",
              "refreshToken": "<refresh token>",
              "clientCredentialsArn": "arn:aws:secretsmanager:us-west-2:<aws account>:secret:<secret name>",
              "oAuthRequest": {
                "authCode": "<code>",
                "redirectUri": "https://test.salesforce.com/"
              }
          }
      }
  }
}

The response body I get is: {"message":"Client Error in the service"}

As you can see, the response is not very helpful so I do not know where am I going wrong.

Did I forget a field in the request payload. Did I input incorrect values? I simply do not know and hope someone can lead me to the right direction.

I am aware of the ability to create this kind of profile through the console but it does not satisfy our use case.

Topics
Application IntegrationManagement & Governance
Tags
AWS Command Line InterfaceAmazon AppFlow
Language
English
asked 3 years ago490 views
2 Answers
0

Make sure you are using the latest version of AWS CLI.

AWS
EXPERT
answered 3 years ago
0

Hi there,

From the documentation follow the steps to create Secrets Manager with clientId and clientSecret and encrypt it using KMS Key, which has permission attached to be accessed by AppFlow. (You can skip this step, if it is already configured)

There are two methods to create connector profile in Salesforce.

Method 1: With authCode

{
  "connectorProfileName": "<connector name>",
  "connectorType": "Salesforce",
  "connectionMode": "Public",
  "connectorProfileConfig": {
      "connectorProfileProperties": { 
          "Salesforce": { 
              "instanceUrl": "InstanceURL",
              "isSandboxEnvironment": true
          }
      },
      "connectorProfileCredentials": { 
          "Salesforce": {
              "clientCredentialsArn": "arn:aws:secretsmanager:{Region}:{Account-Id}:secret:{SecretKey}",
              "oAuthRequest": {
                "authCode": "<AuthCode>",
                "redirectUri": "<RedirectUri>"
              }
          }
      }
  }
}

Method 2: Without AuthCode

{
  "connectorProfileName": "<connector name>",
  "connectorType": "Salesforce",
  "connectionMode": "Public",
  "connectorProfileConfig": {
      "connectorProfileProperties": { 
          "Salesforce": { 
              "instanceUrl": "InstanceURL",
              "isSandboxEnvironment": true
          }
      },
      "connectorProfileCredentials": { 
          "Salesforce": { 
              "accessToken": "<AccessToken>",
              "refreshToken": "<RefreshToken>"
          }
      }
  }
}

How to generate authCode ?

Auth code can be generated using URL: https://<DOMAIN>/services/oauth2/authorize?response_type=code&client_id=<CONSUMER_KEY>&redirect_uri=<Redirect_Url>

NOTE:

  1. <DOMAIN_URL> and <CONSUMER_KEY> can be viewed in Salesforce "My Domain" and "Manage Connected Apps" respectively.
  2. redirect_uri = Callback URL configured in your Salesforce Connected App

Generated authCode can be used in creating connector profile using Method 1

How to generate AccessToken and RefreshToken ?

Once you get AuthCode from previous step, accessToken and refreshToken can be generated using below method:

$ curl --location --request POST 'https://login.salesforce.com/services/oauth2/token?code=<authcode>&grant_type=authorization_code&client_id=<CONSUMER_KEY>&client_secret=<CONSUMER_SECRET>&redirect_uri=<redirectURI>'

Sample Output:

{ "access_token": "XXXXX", "refresh_token": "XXXXX", "signature": "XXXXX", "scope": "refresh_token SOMETHING", "id_token": "XXXXX", "instance_url": "InstanceURL", "id": "https://login.salesforce.com/id/XXXXX/XXXXX ", "token_type": "Bearer", "issued_at": "XXXXX" }

access_token and refresh_token can be used in creating connector profile using Method 2

AWS
SUPPORT ENGINEER
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content