Amazon S3 Utilities

Overview

The Amazon S3 Utilities Plug-in leverages the Amazon AWS Java API to connect with Amazon S3 to store and retrieve files.  

Key Features & Functionality

The following smart services are included:

  • Upload documents to AWS S3
  • Download documents from AWS S3
  • Create Folders in AWS S3
  • Delete documents from AWS S3

The plug-in also includes a function:

  • getPreSignedURLForS3 that generates a V4 pre signed url that expires after 5s. This allows for a short term access grant to a secured resource. It can be used in a WebAPI object to redirect a user from Appian to a resource on S3.

Amazon S3 Utilities supports the following Amazon S3 features:

 

Note:  The plug-in requires Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files when using client side encryption.

(https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)

 

The Appian Secure Credential Store is leveraged for the credentials to integrate with Amazon S3. Before executing the plug-in, create an new secure credential store with the following 3 attributes.  These values are obtained from Amazon AWS IAM console.

  • accesskeyid: this is the access key id for connecting to AWS S3
  • accesskeysecret: this is the access key secret for connecting to AWS S3
  • kmscmkid: this attribute is only required if using AWS Client Side Encryption
Anonymous
  • Hi Barat, how you had called the WEPAPI from interface which will download the document in single click?

  • Currently using the below code which requires user to click to two times, one to generate the link and other to download to their local. Can we achieve in single click?

    a!linkField(
    links: {
    a!dynamicLink(
    label: "Click here",
    saveInto: {
    a!save(
    local!newURI,
    getPreSignedURLForS3(
    secureCredentialsStoreKey: "key**",
    region: "reg***",
    bucketName: "buck**",
    file: "filePath"
    )
    )
    }
    ),
    a!safeLink(label: local!docName, uri: local!newURI)
    }
    )

  • I am not sure I understand your use case but the use case for this function is to allow direct document download links - user clicks on a link, the web api validates security, generates the redirect link and the browser provides them with a pop up to download the doc. You can use other s3 plugins to satisfy your use case, either here or through the S3 connected system.

  • In our case, there will be more files per request and all should be evaluated for approval. User needs to generate the link repeatedly as he feels more difficult to act immediately to download as the the links are getting expired soon.

  • What would be a need for more than 5s? The limit only applies b/w calculating the url and issuing a redirect inside the web api so it should be done very quickly unless you have extreme network lags b/w browser and server.

    • getPreSignedURLForS3 that generates a V4 pre signed url that expires after 5s. This allows for a short term access grant to a secured resource. It can be used in a WebAPI object to redirect a user from Appian to a resource on S3.

    Can we get the increased amount of time for the URL to be active at least for a min instead of 5s?

  • v1.3.6 Release Notes
    • Updates to Jackson databind, core, and annotations libraries

  • Seems like the latest update yields this error when installing or upgrading from Admin Console -> Plugins -> Add Plug-Ins

    HTTP Code: 500
    APNX-1-4198-019
    
    An Error Has Occurred
    Expression evaluation error [evaluation ID = b6607:8126d] : An error occurred while executing a save: java.util.UnknownFormatConversionException: Conversion = 'D'

    Any ideas on how to resolve?

  • Yeah it is causing an issue. The document cannot be downloaded since the site cannot be reached. This is what I see on the browser:

    __________________

    This site can’t be reached

    Check if there is a typo in s3.{bucket-name}.amazonaws.com.

    DNS_PROBE_FINISHED_NXDOMAIN
    _____________________
    I tried substituting  the domain name format to the format that  is there in console. But it returns another error, complaining about  a parameter in the URL generated by the plugin is not in the proper format. Below is what I see. It seems like the service is expecting X-Amz-Credential parameter  to contain  the region name, but the plugin is attaching the bucket-name to  the parameter.
    _______________________
    <Error>
    <Code>AuthorizationQueryParametersError</Code>
    <Message>Error parsing the X-Amz-Credential parameter; the region {bucket-name} is wrong; expecting 'us-east-1'</Message>
    <Region>us-east-1</Region>
    <RequestId>PGFXG4JR599R0HHP</RequestId>
    <HostId>OBy+93cPl8DsTSD1zKFZq2d1SoPaSewobbDKJDH82K7xy4Zpw+WhLta3W1MvbguaLslf14XPq0BNVB2j9ApICA==</HostId>
    </Error>
    _____________________
  • Is this causing an issue? Can you not access the doc?