AWS Private Link -AWS to SalesForce — Part 2

Welcome to my blog! In this instalment, we will delve into the second part of AWS Private Link for integrating with the SalesForce application. If you haven’t checked out the first part, it’s essential to do so here to grasp the complete context of this blog series.

In the first part we looked into some scenarios of connecting SalesForce application to AWS (Inbound to AWS). Now, in this follow-up, we shift our focus to scenario pertaining to connecting the SalesForce application from AWS (Outbound to AWS).

In outbound scenario application in your VPC is consumer and Salesforce application is service provider.

High Level Architecture

Below architecture depicts how an application hosted in AWS can connect to SalesForce application (outbound to AWS application) using centralised networking approach.

AWS →SalesForce

Let’s dissect this architecture to understand its end-to-end functionality.

1. On the right-hand side of the diagram, we observe consumer applications that require connectivity to the SalesForce application, initiating the network traffic.
2. The traffic originates from the source VPC, traverses through the Transit Gateway situated in the centralised Network account. To ensure a controlled flow, all traffic is directed towards the Network Firewall hosted in the inspection VPC, managed through Transit Gateway route tables.
3. Upon reaching the Network Firewall, the traffic undergoes thorough inspection.
4. After succesful inspection traffic is routed back to the Transit Gateway.
5. From there, the Transit Gateway directs the traffic to the Egress VPC, where Virtual Private Cloud (VPC) endpoints are established using SalesForce service ARNs, as provided by the SalesForce team.
6. Finally, the traffic reaches the SalesForce application seamlessly through the utilisation of AWS PrivateLink.

DNS resolution

A critical component of the aforementioned architecture involves ensuring that the source application effectively resolves the SalesForce application, allowing it to traverse the necessary hops. This crucial connectivity is established through the implementation of Route 53 private hosted zones.

For a deeper understanding of AWS Route 53 private hosted zones and their practical implementation in this context, you can explore comprehensive details in the corresponding AWS blog post.

Conclusion

To wrap things up, this blog series covered how to link SalesForce applications with AWS using PrivateLink. We discussed how the connection works from start to finish, both from SalesForce to AWS and vice versa.

We highlighted the significance of Route 53 private hosted zones in making sure everything connects smoothly. For step-by-step instructions and more help, check out the AWS blog post related to this topic. You can reach me out in LinkedIn.