Amazon S3 Utilities

Overview

The Amazon S3 Utilities Plug-in leverages the Amazon AWS Java API to connect with Amazon S3 to store and retrieve files.  

Key Features & Functionality

The following smart services are included:

• Upload documents to AWS S3
• Download documents from AWS S3
• Create Folders in AWS S3
• Delete documents from AWS S3
  

The plug-in also includes a function:

• getPreSignedURLForS3 that generates a V4 pre signed url that expires after 5s. This allows for a short term access grant to a secured resource. It can be used in a WebAPI object to redirect a user from Appian to a resource on S3.

Amazon S3 Utilities supports the following Amazon S3 features:

• Client side encryption with AWS KMS–Managed Customer Master Key (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html)
• Server side encryption with Amazon S3-Managed Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)

Note:  The plug-in requires Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files when using client side encryption.

(https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)

The Appian Secure Credential Store is leveraged for the credentials to integrate with Amazon S3. Before executing the plug-in, create an new secure credential store with the following 3 attributes.  These values are obtained from Amazon AWS IAM console.

• accesskeyid: this is the access key id for connecting to AWS S3
• accesskeysecret: this is the access key secret for connecting to AWS S3
• kmscmkid: this attribute is only required if using AWS Client Side Encryption