Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Provision and Use Inbound Connections

Learning Objectives

After completing this unit, you’ll be able to:

  • Configure your Route 53 mapping in AWS.
  • Provision your inbound connection in Salesforce.
  • Learn the different states of an inbound connection.

Route Traffic from AWS to Your Salesforce Org

Maria uses Amazon Route 53 to route traffic from Ursa Major Solar’s VPC to the Salesforce org through the newly created PrivateLink connection. This allows the Salesforce org to call any existing Salesforce APIs, as the routing of the calls happens automatically. 

But before Maria can use Route 53, she retrieves My Domain of the Salesforce org.

  1. From Setup, enter My Domain in the Quick Find box, and then select My Domain.
  2. Copy My Domain Name and domain suffix excluding the subdomain.

The My Domain Settings page in Setup with the My Domain Name field value circled.

Maria navigates to the AWS Console and configures Route 53 using My Domain.

  1. In the AWS Console, navigate to the Route 53 Dashboard Page. Create a private hosted zone associated with the VPC ID of the endpoint you created. Make sure to name the hosted zone my.salesforce.com.
  2. Create a Record Set for the hosted zone that includes the My Domain Name and the IP address of the endpoint subnet.

The Route 53 dashboard in the AWS Console showing hosted zone and record set.

 

Maria completes the last step to route traffic from AWS to their Salesforce Org.

  1. From Setup, enter Private Connect in the Quick Find box, and then select Private Connect.
  2. Find the connection in the Inbound Connections list.
  3. Click the Actions arrow for the connection and click Provision.

The connection status displays Pending Acceptance, which means Maria is waiting for the VPC to accept the connection.

The components of an inbound connection.

Sync the Inbound Connection in Salesforce

Maria waits for the connection status of the inbound connection to update from Pending Acceptance to Ready. And then she syncs the inbound connection. Salesforce can successfully receive inbound traffic only when the connection is in the Ready state.

  1. From Setup, enter Private Connect  in the Quick Find box, and then select Private Connect.
  2. Find your connection in the Inbound Connections list.
  3. Click the Actions arrow and click Sync.

The status of the inbound connection represents the last polled state of the connection in AWS. Performing the sync action on the connection gets the latest status of the AWS connection. If the connection is not in a ready state and you have provisioned it, remember to sync to get the latest status.

This table lists the different statuses for inbound connections.

Salesforce Transit VPC
Salesforce Inbound Connection Status
What It Means

unmapped

Unprovisioned

The PrivateLink is unclaimed and can be provisioned.

pendingAcceptance

PendingAcceptance

Waiting for customer VPC to approve the connection.

privateLinkAvailable

PendingActivation

Waiting for the transit VPC to finalize the connection.

ready

Ready

PrivateLink can be used.

privateLinkDelete

DeletedRemotely

AWS Admin removed the PrivateLink.

recordDeleting

TeardownInProgress

Waiting for the transit VPC to delete the PrivateLink.

recordDeleted

Unprovisioned

The record has been deleted on the AWS side.

In-Credible

Maria is all set up with her inbound connection and ready to go! She can now call any of the available Salesforce APIs from her AWS application to populate the products with the updated inventory data. But what about data flowing out of Salesforce? We cover that topic in the next module which is all about outbound connections. 

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback