Amazon AppFlow now stores credentials in customers’ AWS Secrets Manager account

Posted on: Dec 18, 2020

Amazon AppFlow, a fully managed integration service that enables customers to securely transfer data between AWS services and cloud applications, now stores encrypted credentials used to connect to flow sources and destination applications including OAuth tokens, Application and API keys, and passwords in customers’ own AWS Secrets Manager account. Previously, AppFlow was storing these encrypted credentials in the AWS Secrets Manager account owned by the Amazon AppFlow service.

This change will apply only for any new connections created in AppFlow on or after December 18, 2020. This change will require customers to grant IAM permissions for AWS Secrets Manager to any user who will create new connections. For more details, see our documentation. Storing credentials in AWS Secrets Manager in your own AWS account gives you better control over sensitive data. There will be no extra charge due to this change.