AWS S3 Bucket Management

Overview

Manage AWS S3 data stores with Appian! Users can access their S3 objects directly from an Appian interface. Appian documents can be uploaded to a S3 bucket with Server-Side Encryption and be configured as Public or Private.
 
The AWS S3 Connected System Plug-in uses the AWS Java SDK to connect to S3.

Key Features & Functionality

  • Create Bucket -- Adds a new bucket to the S3 instance. A bucket is needed in order to store objects (files).
  • Upload File -- Uploads a file to any specified bucket on the S3 instance.
  • Upload Multiple Files -- Uploads multiple files to any specified bucket on the S3 instance.
  • List Buckets -- Returns all available buckets on the S3 instance.
  • List Objects -- Returns all available objects from a specified bucket.
  • Delete Bucket -- Permanently removes a bucket from the S3 instance.
  • Delete Object -- Permanently removes an object from a specified bucket.
  • Cognito Authentication -- Pulls credentials from AWS Cognito Identity Pool.

Requirements

Access Key Id: the access key id for connecting to S3 can be retrieved from AWS Management Console Navigate to the Users > Summary page and click the “Security credentials” tab
Secret Access Key: the secret access key can only be viewed once upon the creation of an access key, see AWS Access Keys documentation for more information: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys

Notes

Users that want to upload objects as 'Public' must have the correct IAM privileges or an "Access Denied" error will return.

S3 endpoints which restrict traffic based on source will need to allow the IP and VPC endpoints outlined in KB-1582 based on site region.

Anonymous
Parents
  • I'm able to connect using my keys from CLI, however when I use the same key and secret key in the connected system, I get a 403 Access Denied status.  This is when trying to connect to AWS GovCloud bucket.  I am able to connect successfully to a bucket in US East Region.  I believe I have the correct Region selected, as when testing the connection for other regions I receive a an InvalidAccessKey status instead of Access Denied.

    Does anyone have any more information on what the proper IAM access to S3 looks like?  I would imagine if I can connect via CLI, the connect system should also work.  Has anyone successfully connected to a GovCloud instance?  

Comment
  • I'm able to connect using my keys from CLI, however when I use the same key and secret key in the connected system, I get a 403 Access Denied status.  This is when trying to connect to AWS GovCloud bucket.  I am able to connect successfully to a bucket in US East Region.  I believe I have the correct Region selected, as when testing the connection for other regions I receive a an InvalidAccessKey status instead of Access Denied.

    Does anyone have any more information on what the proper IAM access to S3 looks like?  I would imagine if I can connect via CLI, the connect system should also work.  Has anyone successfully connected to a GovCloud instance?  

Children
  • I've discovered why I was unable to connect.  The Connected System needs access to the action s3:ListAllMyBuckets on buckets within the AWS account, so that the integration can pull the list of buckets to choose the bucket receiving uploads.  Due to the fact that our policy only allows the action ListAllMyBuckets on the *contents* of the bucket bucketName, the bucket itself will not be allowed to be listed. (arn:aws:s3:::bucketName/* vs arn:aws:s3:::*)