AWS S3 Bucket Management

Overview

Manage AWS S3 data stores with Appian! Users can access their S3 objects directly from an Appian interface. Appian documents can be uploaded to a S3 bucket with Server-Side Encryption and be configured as Public or Private.
 
The AWS S3 Connected System Plug-in uses the AWS Java SDK to connect to S3.

Key Features & Functionality

  • Create Bucket -- Adds a new bucket to the S3 instance. A bucket is needed in order to store objects (files).
  • Upload File -- Uploads a file to any specified bucket on the S3 instance.
  • Upload Multiple Files -- Uploads multiple files to any specified bucket on the S3 instance.
  • List Buckets -- Returns all available buckets on the S3 instance.
  • List Objects -- Returns all available objects from a specified bucket.
  • Delete Bucket -- Permanently removes a bucket from the S3 instance.
  • Delete Object -- Permanently removes an object from a specified bucket.
  • Cognito Authentication -- Pulls credentials from AWS Cognito Identity Pool.

Requirements

Access Key Id: the access key id for connecting to S3 can be retrieved from AWS Management Console Navigate to the Users > Summary page and click the “Security credentials” tab
Secret Access Key: the secret access key can only be viewed once upon the creation of an access key, see AWS Access Keys documentation for more information: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys

Notes

Users that want to upload objects as 'Public' must have the correct IAM privileges or an "Access Denied" error will return.

S3 endpoints which restrict traffic based on source will need to allow the IP and VPC endpoints outlined in KB-1582 based on site region.

Anonymous
  • Hello. I'm having the same issue now with this connected system. Were you able to solve this?

  • v1.0.7 Release Notes
    • Updates connected system. STS support is now optional.

  • We just update to to 1.0.6  and are now we getting an error when trying to test connection on a previously create CS

  • v1.0.6 Release Notes
    • Introduces STS support to the Amazon S3 plugin - Provides users with an additional layer of security and flexibility when accessing S3 resources. With STS, users can grant temporary, limited access to AWS resources, reducing the risk of unauthorized access. Users can assume cross-account IAM roles to access S3 resources in different AWS accounts, providing flexibility for organizations with multiple accounts. Overall, this update enhances the security and flexibility of the Amazon S3 plugin for managing and transferring files to and from S3 buckets.
    • [MIGRATED] Manage S3 buckets and objects. Create Bucket. Upload Files. List Buckets. List Objects. Delete Bucket. Delete Object.

  • v1.0.5 Release Notes
    • Security Updates

  • v1.0.4 Release Notes
    • Security updates
  • v1.0.3 Release Notes
    • Security updates
  • Unable to test connection and then tried with Integration object. Both are throwing the following error:

    The System Has Encountered an Error

    HTTP Code: 500
    APNX-1-4198-000

    Error Evaluating UI
    Expression Expression evaluation error [evaluation ID = 4a05f:46941] : [valid:false,syntaxError:false,value:Expression evaluation error:
    An error occurred while executing a save: Expression evaluation error at function fn!objectReadAction_appian_internal [line 4]: com.appiancorp.connectedsystems.templateframework.functions.pipeline.proxyDecoratorPipeline.TemplateInvocationException:

    Contact the developer of this template to resolve the following issue. com.amazonaws.services.s3.model.AmazonS3Exception:

    Access Denied (Service: Amazon S3; Status Code: 403;
    Error Code: AccessDenied;
    Request ID: 50NTVA6JXRHTGXYC; S3 Extended Request ID: dQvOVjGQneKxh8nJs/cwI/y5ZUWayvQGpUDGtAzz/FPDEJjzv5xTQxUXvkzc46E+L2FGZQQOjM4=; Proxy: null)]

  • Hi- I am getting Access Denied error when trying the Test connection, triaging this on AWS cloud watch, we could see that Test Connection is still using ListBucket method. from the comments below is it not supposed to ListBucket? I infact tried creating the connected service without testing, but in the integration for Download object i am again getting the same Access denied error. i have verified the IAM policy for the secretkey, they seems to be have allow access to putobject and getobject and listbucket only to the specific bucket. Can anyone suggest what should be the ideal security settings needed for this to work?

  • Release Notes - v1.0.2
    • Security Updates