Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Get Started with Inbound Connections

Learning Objectives

After completing this unit, you’ll be able to:

  • Explain what an Inbound Connection is.
  • Understand the use case of an Inbound Connection.
  • Describe the high-level flow of an Inbound Connection.

Cross-Cloud Integrations: Risky Business

Maria Jimenez is a Salesforce admin at Ursa Major Solar, a renewable energy company that sells solar components. To keep track of the various products the company sells, Ursa Major Solar uses an inventory management app on an enterprise resource planning (ERP) software that’s hosted on Amazon Web Services (AWS). This highly sensitive inventory data is safely tucked away in a virtual private cloud (VPC), up until the data needs to be accessed.

When there’s a product change in the ERP system, the company needs to immediately send these changes to the sales team working out of the Salesforce Sales Cloud to keep the product books up to date and ensure that the team is offering accurate quotes to customers. Similarly, when there’s a change in Salesforce, the company must update these values in AWS through the ERP System’s order management APIs. 

But the ride has been bumpy.

Recently, Ursa Major Solar’s ERP system experienced a security incident that made the public APIs that Salesforce integrates with unavailable for a period of time. This resulted in loss of productivity, a delay in customer quotes, and ultimately, a few missed end-of-quarter sales. Given that its business process spans two public clouds—Salesforce and Amazon Web Services—its backend systems are at a higher risk of a distributed-denial-of-service (DDoS) attack whenever Ursa Major Solar exposes them publicly for integration purposes.  

Note

A Neustar report—as depicted in the graph—reveals that 2020 saw a 151% increase in the number of recorded DDoS attacks compared to the same period in 2019.

DDoS attacks by industry for each month since January 2019, with the number of incidents rising.

Maria must figure out a way to easily increase security on Ursa Major’s AWS integrations so that the sales team can securely access the data in its backend systems. Fortunately, a solution exists, and with no code she can start sending traffic across the private internet! Introducing Salesforce Private Connect.

What’s an Inbound Connection?

From the perspective of Private Connect, any HTTP/s traffic that’s coming from an external provider, such as AWS, into Salesforce over the private internet is referred to as the inbound direction (inbound to Salesforce). In this context, we need to establish an inbound private connection inside Salesforce to allow for the traffic to flow from AWS to Salesforce through the private internet.

Two clouds, one labeled Salesforce and the other AWS, with a large arrow pointing from AWS to Salesforce.

What Pieces Make Up an Inbound Connection?

Let’s take a look at the parts of a secure Private Connect inbound connection.

The components of an inbound connection: VPC, AWS PrivateLink, AWS Endpoint Service Name, Amazon Route 53, and My Domain.

Salesforce-Managed Transit Virtual Private Cloud (VPC)

The heart of Private Connect. Salesforce has deployed managed transit VPCs within the same AWS regions in which Ursa Major’s app is deployed. (Check out the currently supported AWS regions). Think of this transit VPC as the secure link bridging Ursa Major’s AWS application to its Salesforce org. All Maria needs to do is provide some information about both the Salesforce org and the PrivateLink endpoint to the transit VPC, and voila! Ursa Major Solar has secure private connectivity. 

AWS PrivateLink

The AWS technology that provides private connectivity between VPCs. In our use case, it connects the Salesforce Transit VPC with Ursa Major’s VPC.

AWS Endpoint Service Name

A mechanism to expose an AWS resource for other AWS services to reference. Maria must provide the Salesforce Transit VPC service name to point to Ursa Major’s VPC to create an endpoint.

Amazon Route 53 

An Amazon service that redirects VPC traffic to infrastructure outside of AWS. Maria must also define a traffic rule in the AWS VPC to send all of Ursa Major’s data transfer requests to the Salesforce org through the newly created private connection. Maria uses an Amazon service called Route 53, which redirects the VPC traffic to any infrastructure outside of AWS, which in this case is Ursa Major Solar’s Salesforce org. 

My Domain 

A web-based identification URL for your Salesforce org. This is the destination URL Maria must provide in AWS Route 53 to route inbound traffic from the VPC to the Salesforce org.

But enough with the concepts, let’s start making some connections!

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback