Amazon S3

Overview

Manage AWS S3 data stores with Appian! Users can access their S3 objects directly from an Appian interface. Appian documents can be uploaded to a S3 bucket with Server-Side Encryption and be configured as Public or Private.
 
The AWS S3 Connected System Plug-in uses the AWS Java SDK to connect to S3.

Key Features & Functionality

  • Create Bucket -- Adds a new bucket to the S3 instance. A bucket is needed in order to store objects (files).
  • Upload File -- Uploads a file to any specified bucket on the S3 instance.
  • Upload Multiple Files -- Uploads multiple files to any specified bucket on the S3 instance.
  • List Buckets -- Returns all available buckets on the S3 instance.
  • List Objects -- Returns all available objects from a specified bucket.
  • Delete Bucket -- Permanently removes a bucket from the S3 instance.
  • Delete Object -- Permanently removes an object from a specified bucket.
  • Cognito Authentication -- Pulls credentials from AWS Cognito Identity Pool.

Requirements

Access Key Id: the access key id for connecting to S3 can be retrieved from AWS Management Console Navigate to the Users > Summary page and click the “Security credentials” tab
Secret Access Key: the secret access key can only be viewed once upon the creation of an access key, see AWS Access Keys documentation for more information: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys

Notes

Users that want to upload objects as 'Public' must have the correct IAM privileges or an "Access Denied" error will return.

S3 endpoints which restrict traffic based on source will need to allow the IP and VPC endpoints outlined in KB-1582 based on site region.

Anonymous
  • Did you find a solution for this?

  • ListAllBuckets related error:

    I am using the AWS Assume Role Plug-in with the Amazon S3 plug-in. After providing an Access Key ID, Region, Secret Access Key, Role ARN, and Role, I am getting Access Denied Error (403) when using the following role policy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "s3:Put*",
                    "s3:Get*",
                    "s3:Delete*",
                    "s3:List*"
                ],
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:s3:::specificBucket",
                    "arn:aws:s3:::specificBucket/*"
                ]
            }
        ]
    }


    After reading through the past comments I've identified that this error is a ListAllBuckets permissions error, as I've found that the following role policy works (successful connection):
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "s3:Put*",
                    "s3:Get*",
                    "s3:Delete*",
                    "s3:List*"
                ],
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:s3:::specificBucket",
                    "arn:aws:s3:::specificBucket/*"
                ]
            },
            {
                "Action": [
                    "s3:ListAllMyBuckets"
                ],
                "Effect": "Allow",
                "Resource": [
                    "*"
                ]
            }
        ]
    }

    However, I cannot give full access to AWS S3 and I need to use the first policy.

  • Hi Team,
    i have a problem with bucket's list in the integration, no bucket are show to be selected. Connection is ok as you can see on the screenshot. Someone can help me please?

  • v1.12.3 Release Notes
    • Upgraded ion-java library
    • Fixing the flagged issues of printstacktrace and system.out
    • Fixing the versions
    • Added new info logs to output user id, cognito identity id and s3 path into tomcat-std.logs

  • V1.12.2 Release Notes
    • Upgraded Jackson Databind, aws-java-sdk-s3 libraries and added License File

  • v1.12.1 Release Notes
    • Bug Fixes for Cognito credential template
    • Identity Pool ID and region are now sourced from the connected system. Previous version expected these to be passed in by the S3 Upload UI Component plugin

  • Hi Team,

    Is there a way to put custom tags/metadata to uploaded files?

  • v1.12.0 Release Notes
    • Pulls S3 Cognito Credentials for a given Identity Pool ID and returns them for use in the S3 File Upload Connected System plugin.
  • v1.11.0 Release Notes
    • Added new region us-gov-east-1

  • There appears to be a bug in IntegrationExecution such that PutObjectRequests are being created without the contentLength being set to the size of the document to be uploaded. Which results in the library buffering the content of the input stream to calculate it. This causes files larger than 2147483647 (~2GB) to get an outOfMemory exception for exceeding the maximum size of a byte[].

    For files less than 2147483647 (~2GB) the plugin will work as expected, but with as AWS's documentation puts it, 'this can be very expensive'.

    https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/model/PutObjectRequest.html

    A second option would be to use the File based method instead, which will set the content length automatically based on the file's length().