Loading
Feature degradation | Gmail Email delivery failureRead More
Industries Order Management
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Perform Data-in-Transit (DIT) Key Change using AWS Lambda

            You are here:

            1. Salesforce Help
            2. Docs
            3. Industries Order Management

            Perform Data-in-Transit (DIT) Key Change using AWS Lambda

            Instead of giving broad permissions to EC2 hosts in the cluster, you can use AWS Lambda for performing that particular operation and granting the required permissions. You can then call AWS Lambda from SFDC directly, or from the Kubernetes cluster if necessary.

            The implemented solution is based on the following assumptions:

            • AWS IAM user name is sfdc_<env_name>, for example, sfdc_dev2, sfdc_testbackup, etc.

            • API gateway endpoint is /rotate-keys.

            • API gateway HTTP method to call is PUT.

            • AWS Lambda function must have the following roles to rotate keys: iam:DeleteAccessKey, iam:CreateAccessKey.

            You can apply the following Lamda code to create the Lamda function:

            ---
swagger: "2.0"
info:
  version: "2019-01-14T03:05:51Z"
  title: "sandbox-vlocity-rotate-user-secret"
host: "6nznpsmjjg.execute-api.ap-southeast-2.amazonaws.com"
basePath: "/dev"
schemes:
- "https"
paths:
  /rotate-keys:
   put:
    produces:
    - "application/json"
    responses:
     200:
      description: "200 response"
      schema:
       $ref: "#/definitions/Empty"
    security:
    - sigv4: []
    x-amazon-apigateway-integration:
     uri:
"arn:aws:apigateway:ap-southeast-2:lambda:path/2015-03-31/functions/
arn:aws:lambda:ap-southeast-2:181293899507:function:sandbox-vlocity-rotate-keys/
invocations"
  responses:
   default:
    statusCode: "200"
  passthroughBehavior: "when_no_match"
  httpMethod: "POST"
  contentHandling: "CONVERT_TO_TEXT"
  type: "aws"
 options:
  consumes:
  - "application/json"
  produces:
  - "application/json"
  responses:
   200:
   description: "200 response"
   schema:
    $ref: "#/definitions/Empty"
   headers:
    Access-Control-Allow-Origin:
     type: "string"
    Access-Control-Allow-Methods:
     type: "string"
    Access-Control-Allow-Headers:
     type: "string"
  x-amazon-apigateway-integration:
   responses:
    default:
     statusCode: "200"
     responseParameters:
      method.response.header.Access-Control-Allow-Methods:
"'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
 method.response.header.Access-Control-Allow-Headers: "'Content-
Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
 method.response.header.Access-Control-Allow-Origin: "'*'"
 requestTemplates:
  application/json: "{\"statusCode\": 200}"
   passthroughBehavior: "when_no_match"
   type: "mock"
securityDefinitions:
 sigv4:
  type: "apiKey"
  name: "Authorization"
  in: "header"
  x-amazon-apigateway-authtype: "awsSigv4"
definitions:
 Empty:
  type: "object"
  title: "Empty Schema"
             
            Loading
            Salesforce Help | Article