Get Started with Amazon AppFlow
Learning Objective
After completing this unit, you will be able to:
- Describe the features and benefits of Amazon AppFlow.
- Explain the use cases for AppFlow.
- Explain how AppFlow works with Salesforce Private Connect to secure your data transfer.
- List the system requirements for AppFlow.
Say Hello to AppFlow
Amazon AppFlow is an integration service from AWS that enables you to transfer data between cloud apps such as Salesforce and AWS services like Amazon Simple Storage Service (Amazon S3), Amazon EventBridge, and Amazon Redshift with a few clicks. You can also use AppFlow to create new records in Salesforce using data stored in an Amazon S3 bucket. Data flows both ways.
Configure Amazon AppFlow via the AppFlow console, API, CLI, or via AWS CloudFormation templates. Initiate the data transfer on-demand, run it on schedule, or trigger when a change or platform event occurs.
Learn the AppFlow Use Cases
Joe is a Salesforce admin. He uses AppFlow’s straightforward interface to back up millions of contacts and support cases from Salesforce in Amazon S3 every night. Jill, an analyst, set up a flow to get sales opportunity records from Salesforce as soon as the opportunity status changes from Open to Closed Won. At the same time, she masks Account ID and sends it all to the Amazon Redshift data warehouse.
Janus, a business intelligence specialist, combines the service and sales data for the company to calculate the sentiment and growth potential for each account, using analytics tools available in AWS. They update dashboards in near real-time for their executive stakeholders. Jill also set up another flow to insert the updated opportunity potential back in Salesforce.
With the data easily flowing between AWS services, Sales Cloud, and Service Cloud, transformed and presented in aggregate, it’s easy for their business leaders to invest the right resources in the right places at the right time. Business runs like clockwork.
Keep Data Secure
Amazon AppFlow automatically encrypts data in motion and at rest, ensuring your data is secure during transfer. By default, AppFlow uses AWS managed encryption keys to encrypt your data. Alternatively, you can choose your own keys to encrypt the data to give you control over the key policies and even revoke them, if needed.
Amazon AppFlow also works together with Salesforce Private Connect. This gives you a fully managed private network connection between your Salesforce org and AWS.
When you’re transferring data between Salesforce and AWS, there’s typically some network setup involved to ensure your data is private and secure in transit. AppFlow automates this with AWS PrivateLink. This enables you to also use Salesforce Private Connect to establish an end-to-end secure data transfer.
Think of it like this: AppFlow sits in between your AWS environment and Salesforce Private Connect (1). AppFlow automatically creates PrivateLink Endpoints (2) and transfers data over those endpoints to ensure your data never gets exposed to the public internet. Your data transfer is private and secure.
This happens only when the data transfer is executed. AppFlow automatically sets up these endpoints in its own virtual private cloud (VPC) to execute the secure data transfer, and it deletes them when the data transfer is complete. There are no additional AWS charges to connect to Salesforce Private Connect through Amazon AppFlow.
Know the AWS Requirements
First, you must have an AWS account. You can sign up for a free account if you haven’t already. You need to fill out the form with your name, email, address, and other information, including a credit card number. You are not charged unless you use an AWS paid service. While your AWS account comes with a number of free services, Amazon AppFlow itself is a paid service. For example, you are charged for every flow execution and for 1 GB of data transfer from Salesforce to AWS.
To find AppFlow once you’re signed into the AWS Management Console, enter appflow
in the Find Services field then click Amazon AppFlow.
If you’re not the AWS admin for your account, you need permissions to create and run flows, which you can get if the AmazonAppFlowFullAccess policy is attached to your role in AWS.
Know the Salesforce Requirements
There are a few things you need from your Salesforce org before you can use AppFlow.
- Your Salesforce account should be enabled for API access. API access is enabled by default for Enterprise, Unlimited, Developer, and Performance editions.
- Your org should allow connected apps to be installed. This is also the default setting in Salesforce.
- If your org enforces IP address restrictions, make sure it allows the AWS IP address ranges shown in the Amazon Web Services General Reference Guide.
- The refresh token policy for the Amazon AppFlow Embedded Login App must be set to Refresh token is valid until revoked. Otherwise, your flow will fail when you refresh token expires.
- You must enable change data capture in Salesforce to use event-driven flow triggers.
- To create private connections using AWS PrivateLink, you must enable both Manager Metadata and Manage External Connections user permissions.
Get Your Data Flowing
In the next unit, you learn how to connect AWS and Salesforce using AppFlow.
Resources
- Trailhead: AWS Cloud Basics
- Trailhead: Salesforce Private Connect for AWS
- Salesforce Help: Manage OAuth Access Policies for a Connected App
- Salesforce Developers: Change Data Capture Developer Guide: Select Objects for Change Notifications in the User Interface
- External Site: AWS: Amazon AppFlow
- External Site: AWS: Identity and access management for Amazon AppFlow