Rotation of S3 Credentials with Metadata API

Use the Metadata API to rotate the S3 credentials and enable access to AWS. To update the S3 credentials you must retrieve the metadata of S3 connectors, modify the S3 credentials, and deploy the metadata.

You can retrieve or deploy S3 connector metadata by using Salesforce CLI. We recommend that you get familiar with using either of the options to ensure a smooth update of S3 credentials.

You can use an unpackage.xml file to define the metadata to retrieve. In this case, include the DataConnectorS3 metadata type. Include all the S3 connectors that you want to update the credentials for. This sample unpackage.xml file illustrates how to work with S3 connector metadata. A best practice is to name the unpackage.xml file with a low-level qualifier of .xml such as DataConnectorS3.xml.

Save the file to a directory that Salesforce CLI can access.

Refer to Retrieve S3 Connector Metadata with Salesforce CLI and retrieve the metadata for the S3 data connector.

  1. Extract the contents of the metadata file.

    Here’s how the extracted folder structure looks like.

    S3 data connectore metadata folder structure

  2. Edit the files referenced in the s3DataConnectors directory. Update the attributes s3AccessKey and s3SecretKey. Here's a sample of the contents of the files for S3 connectors metadata.

After changes are made to all S3 Connectors files, create a zipped package. Make sure that the package.xml file is at the top-most level of the package. Navigate down to the unpackaged directory and run this command.

Here’s the output of the command.

Refer to Deploy S3 Connector Metadata with Salesforce CLI to deploy the metadata for the S3 data connector.

To verify if the metadata is deployed, refresh an impacted data stream where the S3 access key and secret key are modified. Click Refresh Now on at least one of the data streams to validate the change. A successful refresh indicates a successful update of S3 credentials.

Refresh a CDP data stream to check S3 credential update