AWS Partner Network
Sync leads & opportunities with AWS Partner Network (APN) for co-sell.
Overview
By integrating with programs such as APN Customer Engagement (ACE) and ISV Accelerate, ISV/Sellers can scale their co-sell programs more effectively. The integration streamlines the process of managing information about leads and opportunities, reducing manual efforts and eliminating the need to maintain data in two separate systems, such as the Salesforce CRM and AWS Partner Central.
Through the integration, ISV/Sellers can easily manage new opportunities and leads. They can accept new opportunities and leads, receive updates on them from AWS, and send new opportunities and updates on their leads and opportunities to AWS. All of these actions are supported by an AWS-managed S3 bucket, which acts as an intermediary in the bi-directional exchange of files.
Request CRM Integration on AWS Partner Central
Before integrating your ACE pipeline with Suger, you first need to initiate an onboarding request on CRM Integration self-service portal.
- This can only be done by Alliance Lead
- This process involves creating AWS IAM Users/Roles so you may need to involve your Cloud Ops if you do not have the permissions on your AWS Console.
AWS Console - Create AWS IAM Roles
1. Log in to the AWS Console:
- Navigate to the AWS Management Console, select "Services" and then choose "IAM" under the "Security, Identity, & Compliance" section.
- Click on "Roles" in the left navigation pane.
2. Create the Sandbox/Test Environment Role:
- Click the "Create role" button.
- For "Trusted entity type," select "AWS account."
- Choose "Another AWS account" as the trusted account.
- Enter the Sugar AWS Account ID into the appropriate field (ask the Suger Account Manager collaborating with you on the integration to provide the Suger Account ID.).
- Click "Next: Permissions."
- Skip the "Add permissions" section for now.
- Set the role name to ‘apn-ace-{company}-AccessUser-beta’. This will be the sandbox role. Make sure to remove the { } from the role name.
- Click "Create role."
3. Repeat Steps above for the Production Role:
- Create a new role following the same steps.
- Set the role name to apn-ace-{company}-AccessUser-prod. This will be the production role. Make sure to remove the { } from the role name.
4. Provide the ARNs to the Alliance Lead
- The Alliance Lead will need to use both ARNs to generate the S3 Policies within the APN Portal. Please, make sure he or she has both ARNs (from the sandbox and production IAM Roles).
Partner Central Portal - Create the necessary Policies
- The Alliance Lead will need to navigate to CRM Integration self-service portal and click
Initiate Onboarding Request
button on the bottom.
1. Enter basic information
- Partner CRM system - Choose Salesforce or HubSpot.
- What solution would you be using to integrate your CRM with APN? - Choose "Third Party Solution".
- Name of the third party solution provider - Suger
- Estimated integration start date - choose the next Monday or the date you prefer.
2. Enter partner contacts
Third party contact:
- Email:
support@suger.io
- Partner Role: Third Party Staff
3. Enter the ARN for the user/role you created
4. Set up Sandbox
APN will set up a sandbox bucket, and generate a policy JSON doc to access it. Copy the JSON content and attach it to the sandbox user/role you created in AWS console. Then you can mark it as completed.
5. Set up Production
After you mark implementation completed and UAT passed, proceed to the next step and APN will provision the production bucket, with another JSON policy doc. Similar to the sandbox, copy & attach it to the production user/role in AWS console.
6. Launch
Click the "Submit" button. APN will show that the CRM integration has been "Launched".
After all the steps, you will now have:
- A production S3 bucket provisioned and owned by APN.
- An IAM user/role that have access to the bucket.
The sandbox user/role is created only because APN requested for it. It will not be used by Suger.
- The bucket name contains your "Partner ID" and region as well. The format is
ace-apn-{PartnerID}-prod-{Region}
. E.g., if your bucket name isace-apn-12345678-prod-us-west-2
, then:- Your "Partner ID" is
12345678
- Your Bucket region is
us-west-2
- Your "Partner ID" is
Now you need to create the ACE integration on Suger Console to delegate the user/role to Suger, so our automated pipelines can manage it for you.
Create Integration on Suger
IAM User with Credentials
- Create the Access Key (including Access Key ID and Secret Access Key) for the IAM user you created in the AWS IAM console.
- Visit the integration page of Suger console, click the button 'Connect' in the
AWS ACE
integration card. There are five fields to input. SelectIAM User with Credentials
.- AWS Partner ID: The number in your bucket name.
- AWS S3 Bucket Region: The AWS region of the S3 bucket provisioned by AWS ACE team - also in the bucket name.
- AWS S3 Bucket Name: The Name of the S3 bucket provisioned by AWS ACE team.
- AWS IAM User ARN: ARN for the user you created in AWS Console.
- AWS IAM User Access Key Id
- AWS IAM User Secret Access Key
- After the connection is created, click the button
Verify
to finish the verification of the AWS ACE integration. Then all set.
IAM Role with AssumeRole
- Attach the trust policy below to the IAM role in the AWS IAM console. Ask support@suger.io to get the
suger-aws-account-id
.
{
"Version"
:
"2012-10-17"
,
"Statement"
:
[
{
"Effect"
:
"Allow"
,
"Principal"
:
{
"AWS"
:
"arn:aws:iam::{suger-aws-account-id}:root"
},
"Action"
:
"sts:AssumeRole"
}
]
}
- Visit the integration page of Suger console, click the button 'Connect' in the
AWS ACE
integration card. There are five fields to input. SelectIAM Role with AssumeRole
.- AWS Partner ID: The number in your bucket name.
- AWS S3 Bucket Region: The AWS region of the S3 bucket provisioned by AWS ACE team - also in the bucket name.
- AWS S3 Bucket Name: The Name of the S3 bucket provisioned by AWS ACE team.
- AWS IAM Role ARN: It is
apn-ace-{partnerName}-AccessUser-prod
created before.
- After the connection is created, click the button
Verify
to finish the verification of the AWS ACE integration. Then all set.
Provide More Details
After the integration is created and verified, we need to collect a little more information:
- ACE Program
- Solution Offering
You need to click the 🖊️Edit
button on ACE integration and input the information there:
Solution Offering
Since November 2023, ACE requires all partners to specify "Solution Offerings" when sharing opportunities with AWS. You can register or check your offerings at Partner Central.
Make sure the "Offering status" is shown as ✅Active.
Open the offering, copy the "Offering ID" located at the top left:
Then, input the offering ID and hit Enter
, and click Save
.
Delete Integration
If you need to delete the AWS Partner Network integration, you can do so like any other integration. Once the deletion is triggered, all integration information, including the access token, will be immediately and permanently deleted from Suger. Please note that there is no time window or any means of recovering the deleted data.