Create an Inbound Connection
Learning Objectives
After completing this unit, you’ll be able to:
- Create a PrivateLink connection in AWS between your customer VPC and the Salesforce transit VPC.
- Create the inbound connection in Salesforce.
Create an Endpoint in AWS
Maria first creates a PrivateLink connection from the customer VPC to the Salesforce-managed transit VPC through a new AWS endpoint.
An AWS endpoint requires an endpoint service name to connect to, in this case the Salesforce-managed transit VPC name. Fortunately, that’s really easy to find in the Private Connect Setup page in Salesforce!
- From Setup, enter
Private Connect
in the Quick Find box, and then select Private Connect. - Click AWS Regions to view the available regions, IAM Roles, and Service Names.
NOTE: IAM refers to AWS Identity and Access Management. An IAM role is an IAM identity that you can create in your account that has specific permissions. - Find the region in which your VPC is hosted and copy the corresponding Service Name. Maria copies the service name from the AWS region
us-west-2
; the service name is a string likecom.amazonaws.vpce.us-west-2.vpce-svc-0517044fc3
.
Maria now uses the AWS console to create an endpoint using the service name she retrieved for Ursa Major Solar’s VPC. She then makes a note (somewhere safe!) of the following information about the endpoint that she’ll use later.
- VPC Endpoint ID: Used when creating the Salesforce inbound connection.
- VPC ID: Used when configuring Amazon Route 53.
- IP address/addresses from the subnet of the created endpoint: Used when configuring Amazon Route 53.
Voila! Maria successfully created a PrivateLink connecting the customer VPC to the Salesforce managed transit VPC.
Create an Inbound Connection in Salesforce
Maria is now all set to create an inbound connection using the VPC Endpoint ID of her newly created endpoint in AWS.
- From Setup, enter
Private Connect
in the Quick Find box, and then select Private Connect. - Click Create Inbound Connection.
- Select the AWS PrivateLink Connection Type.
- Enter the Connection Name, the VPC Endpoint ID, and specify the region you are connecting to.
- Select No, I would like to provision my connection later.
NOTE: An unprovisioned inbound connection means the private connection between your Salesforce org and VPC environment is not yet established. You can have as many unprovisioned connections as needed. A connection counts toward your license only when it’s provisioned. Unprovisioned connections are also packageable. - Click Save.
OK, so you’ve created a connection, now what? Read on to learn how to use it.