Skip to main content

Appendix A: IAM User for AWS Resource Provisioning

IAM User Requirement for AWS Resource Provisioning

As part of SCC-AC, AWS resources are provisioned within the specified AWS account. In Guided Setup Step 5, you are required to enter AWS IAM user credentials. SCC-AC uses the AWS Signature v4 authentication protocol with IAM User Identified by Access Key, for resource provisioning.

The IAM user is utilized both during the initial setup and for updating resources as needed. AWS recommends rotating IAM credentials every 90 days to enhance security.

IAM User's Credential Rotation

Follow below steps to rotate IAM User's Credentials for new provisioning or update AWS Resources with SCC-AC.

  1. As part for SCC-AC, IAM User's Access Key and Access Secret are stored in External Credential's Principal. For rotation, you are required to rotate IAM User's credentials into principals.
  2. Login to Salesforce org with System Administrator user.
  3. In Salesforce SetUp, go to Named Credentials and then External Credentials.
  4. Repeat Steps 5 to 7 for every External Credential with AWS Signature Version 4 as Authentication Protocol.
  5. Select External Credential with AWS Signature Version 4 as Authentication Protocol and search for IAM Credential Principal under Principals.
  6. Select Edit from dropdown menu in Actions.
  7. Provide newly generated Access Key and Access Secret, and choose Save.