Amazon S3


Manage AWS S3 data stores with Appian! Users can access their S3 objects directly from an Appian interface. Appian documents can be uploaded to a S3 bucket with Server-Side Encryption and be configured as Public or Private.
The AWS S3 Connected System Plug-in uses the AWS Java SDK to connect to S3.

Key Features & Functionality

The following operations are included:

  • Create Bucket -- Adds a new bucket to the S3 instance. A bucket is needed in order to store objects(files)
  • Upload File -- Uploads a file to any specified bucket on the S3 instance
  • Upload Multiple Files -- Uploads multiple files to any specified bucket on the S3 instance
  • List Buckets -- Returns all available buckets on the S3 instance
  • List Objects -- Returns all available objects from a specified bucket
  • Delete Bucket -- Permanently removes a bucket from the S3 instance
  • Delete Object -- Permanently removes an object from a specified bucket


  • Access Key Id: the access key id for connecting to S3 can be retrieved from AWS Management Console Navigate to the Users > Summary page and click the “Security credentials” tab

  • Secret Access Key: the secret access key can only be viewed once upon the creation of an access key, see AWS Access Keys documentation for more information.

  • Note: Users that want to upload objects as 'Public' must have the correct IAM privileges or an "Access Denied" error will return. The s3:ListAllMyBuckets Action is needed to establish a Test Connection. Additionally, your IAM User will need the respective Action for each operation (i.e Upload File -> PutObject, Download Object -> GetObject) in their IAM Policy.

  • Role ARN (Optional): The Role ARN is the Amazon Resource Name for connection's role. The Role session name identifies the session to S3 administrators. For example, your IAM username. e.g. <role ARN>:role/<assumed rule>. See the AWS documentation for more details.

  • Assumed Role (Optional): An identifier for the assumed role session. Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. E.g. arn:aws:iam::12345678990:role/<assumed role>. For more details, please go to AWS documentation.