Overview
Manage AWS S3 data stores with Appian! Users can access their S3 objects directly from an Appian interface. Appian documents can be uploaded to a S3 bucket with Server-Side Encryption and be configured as Public or Private. The AWS S3 Connected System Plug-in uses the AWS Java SDK to connect to S3.
Key Features & Functionality
Requirements
Access Key Id: the access key id for connecting to S3 can be retrieved from AWS Management Console Navigate to the Users > Summary page and click the “Security credentials” tabSecret Access Key: the secret access key can only be viewed once upon the creation of an access key, see AWS Access Keys documentation for more information: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys
Notes
Users that want to upload objects as 'Public' must have the correct IAM privileges or an "Access Denied" error will return.
S3 endpoints which restrict traffic based on source will need to allow the IP and VPC endpoints outlined in KB-1582 based on site region.
If I need to use the HTTP file download smart service plugin to retrieve the file from S3, how do I perform the authentication? S3 requires requests to be authenticated using AWS signature, which the HTTP file download smart service doesn't explicitly support.
Great will do.
Hi mikec - check out Malcolm's 19.1 Product Announcement Webinar. He provides an example of how to use the Amazon S3 CSP https://youtu.be/aFWMleCLZLM?t=2648
Hello, I am interested in learning more about this app. Is there someone I could speak with; go through my use case and then possibly get some guidance on using? Thanks!
I've discovered why I was unable to connect. The Connected System needs access to the action s3:ListAllMyBuckets on buckets within the AWS account, so that the integration can pull the list of buckets to choose the bucket receiving uploads. Due to the fact that our policy only allows the action ListAllMyBuckets on the *contents* of the bucket bucketName, the bucket itself will not be allowed to be listed. (arn:aws:s3:::bucketName/* vs arn:aws:s3:::*)
I'm able to connect using my keys from CLI, however when I use the same key and secret key in the connected system, I get a 403 Access Denied status. This is when trying to connect to AWS GovCloud bucket. I am able to connect successfully to a bucket in US East Region. I believe I have the correct Region selected, as when testing the connection for other regions I receive a an InvalidAccessKey status instead of Access Denied.
Does anyone have any more information on what the proper IAM access to S3 looks like? I would imagine if I can connect via CLI, the connect system should also work. Has anyone successfully connected to a GovCloud instance?
What would be the object prefix for list object? i am able to get the bucket details but the object prefix doesn't seem to work for me
Ankur V currently we only provide the ability to list a bucket's objects, extract the url paths, and then use the url to download the file through Appian's HTTP File Download Smart Service docs.appian.com/.../HTTP_File_Download_Smart_Service.html
The Smart Service will handle the conversion to an Appian Document for you.
19.2 will support the ability to download and receive Appian Documents from the plug-in itself. I will keep you posted. Thank you!
19.1 version doesnt seem to have option to download from S3 bucket
Ankur V - the package has been updated, please try downloading and importing again!