Loading
Salesforce now sends email only from verified domains. Read More
Help Agent Performance DegradationRead More
Salesforce Data Pipelines
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Amazon S3 Private Connection

            You are here:

            1. Salesforce Help
            2. Docs
            3. Salesforce Data Pipelines

            Amazon S3 Private Connection

            Pull your data securely from S3 running on AWS into Data Manager using the Virtual Private Connection (VPC) for S3 input connector for CRM Analytics. To use the S3 Private connector, you configure an outbound network connection, external credential, and named credential.

            Note
            Note You can’t use a custom authorization provider.

            Prerequisites

            For help with configuring this connection so that it’s consistent with your organization’s security requirements, contact your network security or IT department.

            Allowlist the Salesforce AWS Account for S3 Private Connect

            To verify your AWS account is on the allowlist for Salesforce private connect, see Verify Salesforce AWS Account for Private Connect.

            Create an Outbound Network Connection

            To create an outbound network connection, see Create the Outbound Network Connection.

            Create an External Credential and Principal Access

            1. From Setup, in the Quick Find box, enter Named, and then select Named Credentials.
            2. On the External Credentials tab, click New.
            3. Enter a label and name.
            4. For Authentication Protocol, select No Authentication.
              New external credentials screen showing entered connection name and label, and the no authentication option selected.
            5. Save your external credential.

            Add a principal to the external credential.

            1. Open the new external credential
            2. In the Principals section, click New.
            3. Enter S3VPCPrincipalAccess for the parameter name and 1 for the sequence.
              New principal screen showing entered parameter name, sequence, and the named principal option selected.

            Now update your user profile with external credential principal access.

            1. From Setup, in the Quick Find box, enter Profiles, and then select Profiles.
            2. Select the profile for the Analytics Cloud Integration User.
            3. Click Enabled External Credential Principal Access at the top of the profile page.
            4. Click Edit and add S3PrivateEC - S3PrivatePrincipal.
            5. Click Save.

            Ensure your user has principal access.

            1. From Setup, in the Quick Find box, enter Named, and then select Named Credentials.
            2. On the External Credentials tab, select your credential, and click Edit for S3VPCPrincipalAccess. Verify you see your user in the Principal Access section.
              Edit principal screen showing user access.

            Create a Named Credential

            1. From AWS, find the endpoint URL for your S3 bucket.
            2. From Setup, in the Quick Find box, enter Named, and then select Named Credential.
            3. On the Named Credentials tab, click New.
            4. Enter a label and name.
            5. For URL, enter https://<your S3 bucket name>.<your AWS region>.amazonaws.com.
            6. Select the external credential and outbound network connection that you created.
              New Named Credentials screen showing entered connection name and label, URL, and external credentials and outbound network connection values selected.
            7. Save your named credential.

            Create a S3 VPC Connection

            1. On the Data Manager Connections tab, click New Connection.
            2. Select Private, then the Amazon S3 Private Connector, and click Next.
              The Select Connecter screen showing the Amazon S3 Private Connector.
            3. Enter the connector settings.
              The Set Up Your Connection screen showing the required details entered.
            4. To validate your settings and test the connection, click Save & Test. If the connection fails, Salesforce Data Pipelines shows possible reasons.

            All settings require a value, unless otherwise indicated.

            Setting Description
            Connection Name Use a name that lets you easily distinguish between different connections.
            Developer Name The API name is used in your recipes to reference data extracted through this connection. This name can’t include spaces. You can’t change the API name after you create the connection.
            Description Description of the connection for internal use.
            Authentication Type For standard authentication, enter Root. For AWS Identity Access Management (IAM) authentication, enter IAM. For granular access to AWS data, use IAM authentication, setting up IAM users and roles in AWS. For more information on AWS IAM, see Getting Started with IAM on AWS
            Named Credential The Name field from the named credential stored in your Salesforce org.
            Access Key Your Amazon S3 bucket access key ID.
            Secret Key Your Amazon secret access key.
            Master Symmetric Key Optional setting for managing client-side encryption. You can connect to objects encrypted with customer master keys stored in the AWS Key Management Service or a customer-generated key in the 256-bit AES format. See Amazon’s documentation for details.
            Region Name Region of your S3 service, for example EU (Ireland). For the list of region names, see the S3 Region Names below.
            Amazon Region Names
            Region Name Amazon Code
            US East (Ohio) us-east-2
            US East (N. Virginia) us-east-1
            US West (N. California) us-west-1
            US West (Oregon) us-west-2
            Africa (Cape Town) af-south-1
            Asia Pacific (Hong Kong) ap-east-1
            Asia Pacific (Mumbai) ap-south-1
            Asia Pacific (Osaka) ap-northeast-3
            Asia Pacific (Seoul) ap-northeast-2
            Asia Pacific (Singapore) ap-southeast-1
            Asia Pacific (Sydney) ap-southeast-2
            Asia Pacific (Tokyo) ap-northeast-1
            Canada (Central) ca-central-1
            China (Beijing) cn-north-1
            China (Ningxia) cn-northwest-1
            EU (Frankfurt) eu-central-1
            EU (Ireland) eu-west-1
            EU (London) eu-west-2
            Europe (Milan) eu-south-1
            EU (Paris) eu-west-3
            EU (Stockholm) eu-north-1
            Middle East (Bahrain) me-south-1
            South America (Sao Paulo) sa-east-1
            AWS GovCloud (US-East) us-gov-east-1
            AWS GovCloud (US-West) us-gov-west-1

            For more information on S3 connector considerations and the S3 bucket hierarchy, see Amazon S3

             
            Loading
            Salesforce Help | Article