Loading
Einstein Relationship Insights
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create AWS Key to Encrypt Your Data

            You are here:

            1. Salesforce Help
            2. Docs
            3. Einstein Relationship Insights

            Create AWS Key to Encrypt Your Data

            If you have enabled Salesforce Files, add another layer of data protection and encrypt your data by using Amazon Web Services (AWS). Encrypt data by using your own keys.

            Required Editions

            Available in: Unlimited Edition with Einstein Relationship Insights Basic
            Available for an additional cost in: EnterprisePerformance, and Unlimited Editions

            Before you set up data encryption:

            1. Log in to your AWS console.
            2. Select the AWS region that matches the region on the Einstein Relationship Insights component settings page.
            3. Create a key with an alias and key ID.
              1. In the search field, enter KMS, and then select Key Management Service.
              2. Click Create a key.
              3. In the Configure key step, select the Symmetric key type and the Encrypt and decrypt key usage.
                To import externally managed key material, see Importing key material in AWS KMS keys.
              4. Click Next.
              5. In the Add labels step, add a unique alias for the KMS key, and click Next.
              6. In the Define key administrative permissions step, select an admin user.
              7. Select Allow the administrators to delete this key, and click Next.
              8. In the Define Key usage permissions step, under Other AWS accounts, click Add another AWS account, and paste the AWS account ID copied from the Einstein Relationship Insights component settings page.
              9. Click Next.
              10. In the Review step, review the key configuration and other details.
              11. Click Finish.
            4. Copy the Alias ARN. Go to KMS | Customer-managed keys | Key. Click the Aliases tab, and then click Copy icon.
            5. On the Einstein Relationship Insights component settings page, under Salesforce Files content source, enter the AWS key or alias ARN.
              Note
              Note We recommend that you enter the Alias ARN to ensure that the data key is updated during automatic key rotation.
              • Example of an AWS key: 
                arn:aws:kms:us-east-2:123412341234:key/9e09e569-b0c8-4e2c-8364-35eaef36341e
              • Example of an Alias ARN: 
                arn:aws:kms:us-east-2:123412341234:alias/example-alias-valuetesting
            6. To automatically update your data keys during manual rotation, select Rotate Data Keys.
            7. Save your changes.

            The Einstein Relationship Insights component shows the AWS KMS key, which can be used to encrypt your data.

            • Copy the AWS Region and Account ID
              Before you encrypt your data by using Amazon Web Services, copy the AWS region and account ID from the Einstein Relationship Insights component.
            • Automatic Re-Encryption of Data
              If you enable automatic key rotation for your AWS Key Management Service (KMS) key, AWS rotates the root key material annually. During the root key rotation, the system rotates your data key, which is used to encrypt and re-encrypt the data.
             
            Loading
            Salesforce Help | Article