amazon-appflow create new connector profile returns service error

Question

I'm trying to leverage aws-appflow to retrieve data from salesforce, but can't create a connector profile using boto3. I keep getting Service Error

my attempt:

    appflow.create_connector_profile(
      connectorProfileName='appflow-sfdc-test',
      kmsArn='{{ encryption-key-arn }}',
      connectorType='Salesforce',
      connectionMode='Public',
      connectorProfileConfig={
        'connectorProfileProperties': {
            'Salesforce': {
                'instanceUrl': 'https://{{ our-domain }}.my.salesforce.com',
                'isSandboxEnvironment': False
            }
        },
        'connectorProfileCredentials': {
            'Salesforce': {  
                'accessToken': '{{ access-token }}',
                'refreshToken': '{{ refresh-token }}',
                'clientCredentialsArn': '{{ secretsmanager arn with the client id & secret }}'
            }
        }
      }
    )

# returns this error
botocore.errorfactory.InternalServerException: An error occurred (InternalServerException) when calling the CreateConnectorProfile operation (reached max retries: 4): Service Error

I'm unsure what I'm doing wrong. I thought I was following their instructions properly, and I can't figure out where to get more information about this error.

Answer 1

AWS documentation for AppFlow Salesforce integration is a bit confusing.

Below is a working AWS CLI snippet:

aws appflow create-connector-profile \
--connector-profile-name salesforce-connector \
--connector-type Salesforce \
--kms-arn arn:aws:kms:$region:$account_id:key/$key_id \
--connection-mode Public \
--connector-profile-config '{
    "connectorProfileProperties": {
        "Salesforce": {
            "instanceUrl": "https://your-domain.my.salesforce.com",
            "isSandboxEnvironment": false
        }
    },
    "connectorProfileCredentials": {
        "Salesforce": {
            "oAuthRequest": {
                "authCode": $oauth_authorization_code,
                "redirectUri": $redirect_uri
            },
            "clientCredentialsArn": "arn:aws:secretsmanager:$region:$account:secret:$secret"
        }
    }
}'

Note that we don't need accessToken and refreshToken as they will be fetched on creation using authCode and credentials from clientCredentialsArn .

Another bit is that Secret Manager secret should be encrypted using the same KMS key as in --kms-arn parameter.

The clientCredentialsArn secret content should look similar to:

{
  "clientId": "XXX",
  "clientSecret": "YYY"
}

Answer 2

Does anyone used new client credential flow from the sales force to create an Appflow connection profile? . I don't see any documentation from AWppflow for the client cred, though it mentioned client cred arn, but when u skip auth code block, it never worked for us!

Answer 3

I am trying to implement this in cloudformation.

But end up, getting Validation exception: AuthCode cannot be blank for connector: SALESFORCE error.

Can anyone know the potential issue?

Checkout my setup in this question .