AWS Certified Solutions Architect – Associate (SAA-C03) — Question 476

A company wants to securely exchange data between its software as a service (SaaS) application Salesforce account and Amazon S3. The company must encrypt the data at rest by using AWS Key Management Service (AWS KMS) customer managed keys (CMKs). The company must also encrypt the data in transit. The company has enabled API access for the Salesforce account.

Answer options

• A. Create AWS Lambda functions to transfer the data securely from Salesforce to Amazon S3.
• B. Create an AWS Step Functions workflow. Define the task to transfer the data securely from Salesforce to Amazon S3.
• C. Create Amazon AppFlow flows to transfer the data securely from Salesforce to Amazon S3.
• D. Create a custom connector for Salesforce to transfer the data securely from Salesforce to Amazon S3.

Correct answer: C

Explanation

Amazon AppFlow is a fully managed integration service designed specifically to securely transfer data between SaaS applications like Salesforce and AWS services like Amazon S3. It natively supports encryption in transit as well as encryption at rest using AWS KMS customer managed keys (CMKs) without requiring custom code. Other options like AWS Lambda, Step Functions, or custom connectors would require significant custom development and maintenance overhead.