Amazon S3 Utils stopped working after upgrade to 22.2

Hi,

On 7/20 we upgraded from 22.1 to 22.2.  We are using the Amazon S3 Utils version 1.1 and we can no longer upload to S3 after the upgrade. 

This plug-in [com.appiancorp.ps.plugins.amazonS3Utils] is not registered to access secured values for the given external system key [s3prod]. Check the external systems plug-ins list in the Administration Console.

Error Occured: Error while uploading the file to Amazon S3. Error is: The security token included in the request is invalid. (Service: AWSKMS; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: c1e7278c-ca73-46bd-bcf9-c510a620018a)

Thanks,

Scott

  Discussion posts and replies are publicly visible

Parents
  • Have you had the chance to look at the std out log? Are there any more details in there? Also, was this tested and working in a lower environment after upgrade? 

  • Here is another log entry we have noticed.

    2022-07-25 16:07:43,697 [Appian Work Item - 8327 - WorkID 811 - execution01 - process 270508345 - model 155 : UnattendedJavaActivityRequest] ERROR com.appiancorp.ps.plugins.amazonS3Utils.UploadObjectsToAmazonS3 - Error while uploading the file to Amazon S3.
    com.amazonaws.AmazonServiceException: User: arn:aws:iam::124294179439:user/SCP is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-east-1:124294179439:key/0484e365-406c-4413-a453-781f530957f8 with an explicit deny in an identity-based policy (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 62e8514c-07a3-4602-b69d-af6243236224)
    at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1275)
    at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:873)

  • 0
    Appian Employee
    in reply to Sai Manam

    Looking at these errors, I do not think this is a plugin issue due to an upgrade. The second error easily points to a permissions set up on S3 - you need to check the authorization for account SCP. The first one is a bit more tricky but also likely due to an account issue, it could be that the key expired, or maybe even the account itself. That's where I would check first.

  • Thanks Mike.  We are starting to look at other places that might be causing the issue.   

Reply Children
No Data