Prerequisites for Creating a Connection

You must satisfy the following prerequisites to create a connection with the Amazon Simple Notification Service (SNS) Adapter:

Create an AWS Account

  1. Go to https://aws.amazon.com.
  2. Click Create an AWS Account.
  3. Enter a root user email address.
  4. Enter a name for your account in the AWS account name field.
  5. Click Verify email address.
  6. Once the email address is verified, create your root user password.
  7. In the subsequent steps, enter your contact information and billing information details.
  8. Complete the transaction to successfully create a root user account.

You can now sign in to your AWS account using the root user credentials.

Note:

The root user possesses unrestricted access to AWS resources. It is necessary to create an Identity and Access Management (IAM) user.

Create the Inline Policy

  1. Log in to the AWS Console with your root user credentials.
  2. Click IAM and select Select the Users under Users.
  3. In the Permissions tab, click Add permission and select Create Inline policy.
  4. Under Inline policy, select SNS as a Service.
  5. To grant the user permission to list topics, under the Access Level section, select List and then select the ListTopics action.

    Note:

    If you want to publish a message to a topic, the corresponding inline policy (publish) must be added to the new or existing policy. Likewise, if you want to subscribe to a topic, the corresponding inline policy (subscribe) must be added to the new or existing policy.
  6. Click Next.
  7. Enter the policy name and click Create Policy.

    The newly created policy is added to the list on the Policies page.

Create an IAM User and Obtain the Access Key and Secret Access Key

  1. Log in to an AWS account using the root user credential.
  2. In the search bar, enter IAM.
  3. Click IAM and select Users under Access management.
  4. Click Create user.
  5. Enter a name for the user and click Next.
  6. On the Set Permissions page that appears, perform the following:
    1. Select Attach policies directly as the Permissions Options.
    2. Select the permission policies that you created for this user and click Next. See Create the Inline Policy.
    3. (Optional step) Set a permissions boundary under Set permissions boundary and click Next.
  7. (Optional step) Add tags to AWS resources.
  8. Click Create User.
  9. Navigate to Dashboard, then Access management, and then Users. The newly created user appears in the list.
  10. Select the user in the Username column.
  11. On the User Info page, select Create access key in the Summary section.
  12. Under Access key best practices & alternatives, select the use case according to your requirement, and click Next.
  13. (Optional step) Provide a description tag, if required, and click Next.

    The Access key-created message appears. The access key and secret access key are displayed.

  14. Copy the access key ID and secret key.

    Note:

    You must enter the access key in the Access Key field and the secret key in the Secret Access Key field on the Connections page. See Configure Connection Security.
  15. Alternatively, you can click Download .csv file to download a file that contains the access key ID and the secret key.
  16. Click Done.

Create the Client Identifier

Access the identity domain in which to create the client application.
  1. Log in to the Oracle Cloud Infrastructure Console with your identity domain administrator credentials.
    1. In the navigation pane, click Identity & Security.
    2. Click Domains.
    3. Select your compartment.
    4. Click the identity domain.


      The Domains page shows a Create domain button. Below this is a table with columns for Name and Domain type. Below this is a link to the current domain.

    5. In the navigation pane, click Integrated applications.

      This is the location at which you create the client application for your grant type.

Configure the Client Application

  1. Click Add application.
  2. Select Confidential Application, then click Launch workflow.
  3. Enter a name. The remaining fields on this page are optional and can be ignored.
  4. Click Submit.
  5. Click the OAuth configuration tab, then the Edit OAuth configuration subtab.
  6. In the Client configuration panel, select Configure this application as a client now.
  7. Select the grant type to use:
    1. For client credentials, select Client credentials in the Allowed grant types section.


      The Edit OAuth Configuration panel is shown. The radio button Configure this application as a client now is selected. The Allowed grant types section is shown. Options are available for Resource owner, Client credentials (which is selected), JWT assertion, Refresh token, Device code, Authorization code, Implicit, SAML2 assertion, and TLS client authentication.

  8. Complete the following steps for either grant type:
    1. Leave the Redirect URL, Post-logout redirect URL, and Logout URL fields blank.
    2. For Client type, ensure that Confidential is selected.
    3. Bypass several fields and scroll down to the Token issuance policy section.
    4. Select Confidential in the Authorized resources section.
    5. Click the Add Resources toggle.
    6. Click Add scope.
    7. Find and expand the Oracle Integration application for your instance.
    8. Select the two scopes appended with the following details:
      • urn:opc:resource:consumer::all
      • ic/api/


      The Add scope section is shown. A table with columns for Name and Description are shown. The Oracle Integration application name is expanded to show the two types of scopes selected.

    9. Click Add.

      The scopes are displayed in the Resources section.

    10. Ignore the Add app roles check box. This selection is not required.
    11. Click Submit.

    The details page for the client application is displayed.

  9. From the Actions menu at the top, select Activate, and then Activate application to activate the client application for use.
  10. In the General Information section, note the client ID and client secret values.


    The General Information section shows the Client ID and Client secret values. The Client secret value is available through the Actions menu.

Add Roles to the Client Application

  1. In the menu bar, click Oracle cloud services.


    The Identity domain navigation pane shows entries. The Overview option is selected. Below this are selections for Overview, User management, Administrators. Dynamic groups, Directory integrations, Integrated applications, Oracle Cloud Services, Federation, and Domain policies.

  2. Click the specific application corresponding to the Oracle Integration instance.
  3. In the menu bar, click Application roles.
  4. If configuring the client credentials grant type, select the following:
    1. Expand ServiceInvoker, then click Actions Actions icon next to Assigned applications.


      Tabs for Details, OAuth configuration, Web tier policy, Application roles (which is selected), Access token, Users, and Groups are shown. The Application roles section shows buttons for Import and Export, and a Search section. Below is a table with a column of check boxes, and additional columns for Name, Description, Assigned users, Assigned groups, and Assigned applications. The Name column lists all Oracle Integration application roles. The ServiceInvoker role is expanded to include entries for Manage users, Manage groups, and Manage applications.

    2. Select to assign users, groups, and applications to the instance application.