How to use Amazon AppFlow to transfer data between Salesforce and AWS

Managing flow of data between AWS and Software-as-a-Service SaaS applications like Salesforce can be difficult, time-consuming and expensive. Developers can often spend months writing custom integrations that allow them to move data between AWS and Salesforce. These integrations can be expensive, and every time the data requirements change, developers need to make complicated modifications than can increase costs even more.

Some companies lacking the engineering resources might find themselves manually importing and exporting data, which is even more time-consuming, with high potential of human error, and even risks of data leakage.

Amazon AppFlow comes to solve all of those problems while offering lots of cool features. AppFlow is a managed integration service that lets developers transfer data between SaaS solutions like Salesforce and AWS services securely. The data transfer is bi-directional, and includes a number of tools for transforming the data as it moves through the service with filters and validations that are fairly simple to use.

All data transfers are encrypted and users can restrict data from flowing over the public Internet since Salesforce supports AWS PrivateLink as long as Salesforce Private Connect enabled their org. Simply choose the Create new connection with AWS PrivateLink option when creating the connection in Amazon AppFlow.

In addition to that, there is are no upfront charges to use AppFlow. Customers only pay based on the number of flows they run and the volume of data they process. It starts at $0.001 per flow run and you can check out the pricing table for more details, including examples.

As of right now, AppFlow data transfers to 3 AWS services: EventBridge, Redshift, and S3. Click here to see the full list of integrations with other SaaS services.

When Salesforce is connected to AppFlow, users can run flows on demand, scheduled, or they can be triggered when launching a campaign, converting a lead, closing an opportunity, or opening a case. You can apply filters to which records you want to transfer, use formulas to transform fields, mask sensitive values in fields, and validate records before the data transfer.

One example use case would be using flows to automatically update the contacts table in Amazon Redshift whenever a new contact is created or an existing contact is updated in Salesforce. You can then use Redshift’s data warehouse to extract and analyze data from all your sources as a unified experience and provide complete view of your customer data.

This procedure uses the Redshift COPY command to move data into Redshift through an Amazon S3 bucket. So, the data gets stored in S3 first, then it is ingested into Redshift.

Another example use case for AppFlow, would be creating a new Salesforce lead record using campaign data stored in a csv. file in Amazon S3.

Check out this AWS blog post where they explain how to setup AppFlow for both the Amazon Redshift and Amazon S3 use cases for flows described above.

As for an Amazon EventBridge use case, event-driven applications can be set to react to events that track campaigns, opportunities, contracts and order changes in Salesforce. Follow the instructions in this AWS blog post for connecting Salesforce with EventBridge and AppFlow.

If you want to use those features, you’ll first need to connect your Salesforce Org with AppFlow. But first, your Org needs to meet a couple of prerequisites:


To connect your Salesforce org to Amazon AppFlow, you need a Salesforce edition that provides API access. Here’s a list of Salesforce editions that include API access:

  • Enterprise Edition
  • Unlimited Edition
  • Developer Edition
  • Performance Edition

Editions with no API access:

  • Essentials Edition
  • Professional Edition*

*Professional Edition organizations can purchase API access (for data migration only).

Salesforce Connected Apps needs to be installed in your Salesforce org. This is the framework that enables external applications to integrate with Salesforce.

With these 2 prerequisites met, you can follow these instructions to connect AppFlow with Salesforce:

Connect AppFlow with your Salesforce Org

First you need to sign up to Amazon AppFLow. You can access Amazon AppFlow from the AWS Console, or contact your AWS administrator if you don’t see the option.

Then you need to create a Salesforce Login Connection in Amazon AppFlow. To do so, go to the Amazon AppFlow service page and select Create Flow.

Salesforce Integration with Amazon AppFlow - Launch Amazon AppFlow

In the next screen, you’ll find the steps for the configuration process on the left navigation bar.

Specify Flow Details in Amazon AppFlow Integration with Salesforce

In the Specify flow details screen, type the name of your flow in the Flow Name field.

On the next screen, Configure flow, select Salesforce from the pull-down menu bellow Source details. And in the Choose Salesforce Connection field, select Create new connection.

Configure Flow in Amazon AppFlow Integration with Salesforce

A new window will pop up. You’ll need to select the Salesforce environment, Production or Sandbox, and name the new connection.

Connect to Salesforce in Amazon AppFlow Integration with Salesforce

Then click Continue and you’ll have to login to Salesforce to allow access. After you select Allow, your Salesforce objects and events will appear in your AppFlow account.

If you cannot see objects in your account or don’t get connected, you’ll have to enable AppFlow from Salesforce itself. To do this, go to your Salesforce account and navigate to Setup > Apps > Connected Apps > Connected Apps OAuth Usage, then select Amazon AppFlow Embedded Login App, and click Install.

Make sure you have the right App policies. Select Manage App Policies for the Amazon AppFlow Embedded Login App.

Manage Connected Apps in Amazon AppFlow Integration with Salesforce

Make sure Refresh token is valid until revoked is selected under Oauth Policies. If this is not the case, use Edit Policies and correct it.

Sandstone Embedded Login App in Amazon AppFlow Integration with Salesforce

If your Salesforce application enforces IP restrictions, check that all Amazon AppFlow IP CIDR blocks are in the allowed list of your AWS Region. Click here to see more information about AWS IP address ranges.

Enable Change Data Capture (CDC) in Salesforce to enable event-driven flow triggers. In the Quick Find box in Setup, enter “Change Data Capture” and select that option from the results.

Change Data Capture in Amazon AppFlow Integration with Salesforce

Then click the objects that will change event notifications and click the right arrow to select them, then click Save. You are now ready to move data between Salesforce and AWS!


That’s all you need to know to get started with Amazon AppFlow integration with Salesforce. If you’re interested in doing this process yourself but still don’t know where to start, book a time with one of our specialists! We’ll be happy to help!

Want a PDF version of this blog post? Click here to download it! 


AWS Blog – Shramko, S. and Krishnan, V. (August 12, 2020). Building Secure and Private Data Flows Between AWS and Salesforce Using Amazon AppFlow. Retrieved from:,APN+Data,APN+DB,APN+Enterprise,APN+ISV,APN+Partner+Success,APN+SaaS,APN+Service+Delivery,APN+Services,APN_Blog&sc_publisher=LINKEDIN&sc_country=Global&sc_geo=GLOBAL&sc_outcome=awareness&trk=apn_LINKEDIN&linkId=97063922

AWS Compute Blog – Breswick, J. (August 26, 2020). Building Salesforce integrations with Amazon EventBridge and Amazon AppFlow. Retrieved from:

AWS Website (Amazon AppFlow). Amazon AppFlow integrations: