1. Reltio Support
  2. Knowledge Base
  3. Pipeline

RIH Salesforce Integration: How to Troubleshoot AWS SQS 403 Forbidden Errors

Gloria

Summary

If an AWS SQS connection in RIH suddenly starts failing with a 403 Forbidden error, the issue is usually related to AWS authentication or authorization, not the RIH recipe itself. Reltio’s Salesforce-with-RIH setup uses AWS SNS or SQS for event-driven synchronization, and the SQS connection can be configured with either an IAM role or access keys.

Symptoms

You may see one or more of these symptoms:

  • The SFDC | CON | Connection to AWS SQS connection fails to connect or test.
  • Recipes that depend on SQS stop running.
  • The error message shows 403 Forbidden.
  • The integration was working previously and stopped without any RIH changes. Reltio documents that the 

SQS connection is configured separately in the SFDC_Connections folder with fields such as IAM Role ARN, Region, Version, and Service.

Most likely cause

A 403 error usually means AWS is rejecting access. Common causes include:

  • Incorrect IAM role or access key settings
  • missing SQS permissions
  • The queue policy is blocking the principal
  • permissions boundary or org-level deny
  • region or service mismatch in the RIH connection setup. Reltio’s AWS security prerequisites confirm that IAM roles or access keys are required for this integration.

What to check

  1. Open SFDC | CON | Connection to AWS SQS in the SFDC_Connections folder and verify:
    • Authorization type
    • IAM Role ARN or access key
    • Region
    • Version
    • Service
       

Reltio notes that the Service value should match the queue ARN service, for example sqs-fips if the ARN uses that service name.

  1. Ask your AWS team to confirm:
    • The role or user still has access to the exact queue
    • The queue policy still allows that principal
    • No permissions boundary or AWS org policy is blocking access
    • The queue is still in the expected region. Reltio’s event streaming IAM role documentation also states that customers may need Reltio account details from Support when configuring IAM role-based access.
  2. Have the AWS team validate queue access directly using the AWS CLI or SDK. Reltio recommends validating that the queue is accessible before saving and testing the RIH connection.

If the SQS connection now shows Connected and recipes are still failing, the issue is probably not an active SQS connection problem. In that case, review the recipe activity and troubleshoot data or Salesforce processing errors instead. Reltio’s Salesforce-with-RIH documentation highlights monitoring and troubleshooting through RIH dashboards, and the real-time recipes use Amazon SQS triggers.

Resolution

Resolve the AWS-side access issue, then retest the SQS connection in RIH. Once the connection shows Connected, check recipe activity separately to confirm whether any remaining failures are caused by data mapping, validation, or synchronization logic.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more