Information
  • Author: Appian Corporation
  • Type: Plug-in (Function & Smart Service)
  • Support: This plug-in or utility is not supported by the author. The content is free to use with a licensed product, but it is made available as-is and Community supported.
  • Industry: All Industries
  • Compatible Version(s): 23.2
  • First Released:
  • Last Updated:
  • Cost: Free
Share
Home » AppMarket » Amazon S3 Utilities

Amazon S3 Utilities

Overview

The Amazon S3 Utilities Plug-in leverages the Amazon AWS Java API to connect with Amazon S3 to store and retrieve files.  

Key Features & Functionality

The following smart services are included:

  • Upload documents to AWS S3
  • Download documents from AWS S3
  • Create Folders in AWS S3
  • Delete documents from AWS S3

The plug-in also includes a function:

  • getPreSignedURLForS3 that generates a V4 pre signed url that expires after 5s. This allows for a short term access grant to a secured resource. It can be used in a WebAPI object to redirect a user from Appian to a resource on S3.

Amazon S3 Utilities supports the following Amazon S3 features:

 

Note:  The plug-in requires Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files when using client side encryption.

(https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)

 

The Appian Secure Credential Store is leveraged for the credentials to integrate with Amazon S3. Before executing the plug-in, create an new secure credential store with the following 3 attributes.  These values are obtained from Amazon AWS IAM console.

  • accesskeyid: this is the access key id for connecting to AWS S3
  • accesskeysecret: this is the access key secret for connecting to AWS S3
  • kmscmkid: this attribute is only required if using AWS Client Side Encryption
Anonymous
  • in reply to Mike Cichy

    In our case, there will be more files per request and all should be evaluated for approval. User needs to generate the link repeatedly as he feels more difficult to act immediately to download as the the links are getting expired soon.

  • in reply to Shakilah

    What would be a need for more than 5s? The limit only applies b/w calculating the url and issuing a redirect inside the web api so it should be done very quickly unless you have extreme network lags b/w browser and server.

    • getPreSignedURLForS3 that generates a V4 pre signed url that expires after 5s. This allows for a short term access grant to a secured resource. It can be used in a WebAPI object to redirect a user from Appian to a resource on S3.

    Can we get the increased amount of time for the URL to be active at least for a min instead of 5s?

  • v1.3.6 Release Notes
    • Updates to Jackson databind, core, and annotations libraries

  • Seems like the latest update yields this error when installing or upgrading from Admin Console -> Plugins -> Add Plug-Ins

    HTTP Code: 500
APNX-1-4198-019

An Error Has Occurred
Expression evaluation error [evaluation ID = b6607:8126d] : An error occurred while executing a save: java.util.UnknownFormatConversionException: Conversion = 'D'

    Any ideas on how to resolve?

  • in reply to Mike Cichy

    Yeah it is causing an issue. The document cannot be downloaded since the site cannot be reached. This is what I see on the browser:

    __________________

    This site can’t be reached

    Check if there is a typo in s3.{bucket-name}.amazonaws.com.

    DNS_PROBE_FINISHED_NXDOMAIN
    _____________________
    I tried substituting  the domain name format to the format that  is there in console. But it returns another error, complaining about  a parameter in the URL generated by the plugin is not in the proper format. Below is what I see. It seems like the service is expecting X-Amz-Credential parameter  to contain  the region name, but the plugin is attaching the bucket-name to  the parameter.
    _______________________
    <Error>
    <Code>AuthorizationQueryParametersError</Code>
    <Message>Error parsing the X-Amz-Credential parameter; the region {bucket-name} is wrong; expecting 'us-east-1'</Message>
    <Region>us-east-1</Region>
    <RequestId>PGFXG4JR599R0HHP</RequestId>
    <HostId>OBy+93cPl8DsTSD1zKFZq2d1SoPaSewobbDKJDH82K7xy4Zpw+WhLta3W1MvbguaLslf14XPq0BNVB2j9ApICA==</HostId>
    </Error>
    _____________________
  • in reply to Puspendu Pal

    Is this causing an issue? Can you not access the doc?

  • When using the function  getPreSignedURLForS3, it is returning a singed URL starting with the domain name as below. 

    https://s3.{bucket-name}.amazonaws.com/

    While my domain name for the S3 bucket in console is as below

    https://{bucket-name}.s3.us-east-1.amazonaws.com/

    Does anybody know, why the function returns the URL an incorrect format. I am passing the region parameter as "us-east-1". Or how can I fix/correct this?

  • v1.3.5 Release Notes
    • Security Updates

  • in reply to VKS

    Not sure if that is possible, you may got some help on S3 forums. Since the web api response is a redirect, the extra headers don't do anything. 

© 2024 Appian. All rights reserved.