Set Up a Connected App and Secure Your Credentials

In this step, you toggle between Salesforce and AWS. First, create a connected app in your Trailheads playground.

  1. Click Setup and select the Setup.
  2. Enter app manager in the Quick Find and select App Manager.
  3. Click New Connected App.
  4. In the New Connected App form, fill in:
    1. Basic Information:
      1. Connected App Name: Data Dip
      2. API Name: Data_Dip
      3. Contact Email: enter your email address
  5. API (Enable OAuth Settings):
    1. Check Enable OAuth Settings.
    2. Callback URL:
    3. In Available OAuth Scopes, add Access and manage your data (api).
    4. In Available OAuth Scopes, add Access your basic information (id, profile, email, address, phone).
  6. Click Save, then Continue.
  7. Copy and save the Consumer Key and Consumer Secretvalues.
    1. Copy the Consumer Key and save it for later.
    2. Get the Consumer Secret by clicking Click to reveal and copying the displayed value. Save it for later as well.

Keep the connected app open for a little bit longer.

Ensure Access to Your Connected App

While you’re still in the connected app, make sure that your user can access it. This is critical when you connect it with AWS.

  1. Click Manage.
  2. Then, click Edit Policies.
  3. Under OAuth Policies, Permitted Users, select Admin approved users are pre-authorized. If you get a pop up, click OK.
  4. Set IP Relaxation to Relax IP restrictions.
  5. Click Save.
  6. In Profiles, click Manage Profiles.
  7. Select System Administrator.
  8. Then, click Save.

Get Your API Version

One last point of data to collect in this step.

  1. Click Setup and select the Setup.
  2. Enter apex in Quick Find, then select Apex Classes.
  3. Click New.
  4. Then click the Version Settings tab.
  5. Save the version for the API line item. In this example, the version is 50.0.
    Apex Class setup page, Version Settings with red box highlighting the API versio
  6. Make sure you click Cancel to close out Apex Class setup.

Secure Your Data on AWS with Secrets Manager and Key Management Service

Over the course of this project, you collected multiple points of data, from your playground credentials to your API version. To ensure this data remains safe as you transfer data between Salesforce and AWS, you use AWS Secrets Manager and Key Management Service (KMS).

Secrets Manager and KMS replaces your credentials with API calls, while connecting with your playground and enabling the data dip with AWS Lambda. This way, your credentials are never transferred over the internet whenever AWS and Salesforce talk to one another.

Similar to Amazon Connect, Secrets Manager and KMS are free for a given period of time after you store your first secret. At the end of this project, we walk you through the steps of disabling these services so you won’t be charged after earning this badge.

Head over to AWS.

  1. Log in to the AWS console at using the email and password you used to set up your AWS account.
  2. Enter secrets in the Find Services field and select Secrets Manager.
  3. Ensure you’re in the same region as your Amazon Connect instance. In this example, US East (N. Virginia) is selected.AWS Secrets Manager page in the AWS console, US East (N. Virginia) us-east-1 is selected
  4. Click Store a new secret.
  5. Select Other type of secrets.
  6. Select Secret key/value.
  7. Enter the following key/value pairs. Click Add row as needed.
    1. Password: Your Trailhead Playground password (in this scenario, you’re using your admin password; in a business scenario, you’d have created an API user and use their credential here)
    2. ConsumerKey: Your connected app’s consumer key
    3. ConsumerSecret: Your connected app’s consumer secret
    4. AccessToken: Your user security tokenSpecify the key/value pairs section with the key/value pairs entered as described above
  8. In Select the encryption key, click Add new key. This opens a new tab that takes you to Key Management Service (KMS). Don’t close the Secrets Manager tab. You go back to it soon.
  9. Select Create key.
  10. Ensure Symmetric is selected.
  11. Click Next.
  12. Give your key an alias and make sure you save it for later.
  13. Click Next.
  14. Choose the IAM users and roles who have admin access to the key. Following the best practices of least privileges, you should be as restrictive as possible. In this scenario, no roles have access.
  15. Click Next.
  16. Choose the IAM users and roles who may use the key. In this scenario, all AWS service roles may use the key.In Define key usage permissions, AWSServiceRole users are selected
  17. Click Next then click Finish.
  18. Click the key alias you just created.
  19. Copy and save the ARN for later.
  20. Go back to the Secrets Manager tab.
  21. In the Select the encryption key section, select the key you just created. If you don’t see it, click the refresh button to refresh your list.
  22. Click Next.
  23. Give your Secret a name. Make sure you save it for later.
  24. Click Next.
  25. Ensure Disable automatic rotation is selected.
  26. Then, click Next.
  27. Click Store.
  28. Select the secret you just created.
  29. Copy and save the Secret ARN for later.

Now, let’s set up AWS Lambda, AWS’s serverless compute service, to build the data dip.

Keep learning for
Sign up for an account to continue.
What’s in it for you?
  • Get personalized recommendations for your career goals
  • Practice your skills with hands-on challenges and quizzes
  • Track and share your progress with employers
  • Connect to mentorship and career opportunities