Prerequisites - AWS security configuration
Learn about the AWS security configuration prerequisites for Reltio Integration for Salesforce (with RIH)
When configuring AWS security, you can use either choose IAM roles or Access keys to authenticate and publish events from the event streaming topic or queue. Choose the method that suits your business needs.
Both these options use an IAM policy to define permissions for the topic or queue.
If you choose IAM roles for authentication, you must create an IAM role and then retrieve it. If you choose Access keys for authentication, you must first create an AWS user and then retrieve user access key ID and secret access keys. These processes are explained in detail in the following sections.
Create an IAM Policy
Since both the methods need an IAM policy, let's create one now.
-
Navigate to the AWS IAM Console.
-
Select Policies > Create Policy.
-
In the editor, enter the below JSON data.
Policy JSON for SNS
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:GetUser", "Resource": "*" }, { "Effect": "Allow", "Action": "sns:ListTopics", "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:Subscribe", "sns:Unsubscribe", "sns:SetSubscriptionAttributes", "sns:Publish" "sns:GetSubscriptionAttributes", sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic" ], "Resource": "arn:aws:sns:us-east-1:111117222221:reltio_workato_sns_topic" } ] }
Policy JSON for SQS
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sqs:ListQueues", "Resource": "*" }, { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:SendMessage" ], "Resource": "arn:aws:sqs:us-east-1:11111156789:reltio_workato_sqs_queue" } ] }
-
Enter the policy name and description.
-
Click Create policy.
Note: In the Resource parameter, use your own resources for both the SNS and SQS policies.
IAM roles to authenticate
If you choose IAM roles for authentication, you must create an IAM role and then retrieve it.
To create an IAM role:
-
Navigate to the AWS IAM Console.
-
Select
. -
In the Trusted entity type field, select AWS account.
-
Select Another AWS account, and enter the Workato AWS account ID.
-
Select the Require external ID checkbox.
-
Enter the Workato generated external ID. For more information, see the How to retrieve your Workato ID section below.
-
Click Next.
-
Select the policy you created, and click Next.
-
In the Role name field, enter the role name.
In the Description field, enter the role description.
-
Click Create role.
To retrieve the IAM role ARN:
-
Navigate to the AWS IAM Console.
Select Roles.
-
In the Search bar, search the IAM role with ARN that you plan to use for the connection.
-
Select the role from the list displayed.
-
Copy the IAM Role ARN. Use this role in the connection setup when you are creating an Amazon connection in Workat.
How to retrieve your Workato ID:
- Log into your Workato account.
Open an existing project or create a new one.
In the project, create a connection.
Search for SNS, and from the list of results, select Amazon SNS.
In the Authentication type, select IAM Role auth.
In the Using IAM Role authorization section, you will see the workato ID.
Access keys to authenticate
If you choose Access keys for authentication, you must first create an AWS user and then retrieve user access key ID and secret access keys.
To create an AWS user:
-
Navigate to the AWS IAM Console.
-
Select
. -
Enter a user name and click Next.
-
Select the Attach policies directly option.
-
Search and select the policy you created earlier.
-
Click Next.
-
Click Create User.
To retrieve user access key and secret access key:
-
Navigate to the AWS IAM Console.
-
Select User.
-
Search and select the user you created.
-
On the Summary page, select the Security Credentials tab.
-
Select Create Access Key to generate the Access key ID and Secret Access Key.
Select the application running outside AWS, and select Next.
In the Description tag value field, enter the reason for creating this access key, and where you plan to use it.
Click Create access key.
Note: Encode special characters in the AWS Secret Access Key to use in the Reltio Console. For example, if your secret access key isIPMK2jmtIvfR+mc#QgEq/47Ig/OCN8BTo4rkVPva
, the secreate access key with the encoded special characters will beIPMK2jmtIvfR%2Bmc%23QgEq%2F47Ig%2FOCN8BTo4rkVPva,. For more information, see the Encodings table with list of special characters in topic Message Streaming Provider
.