Hi All,
I am trying to establish a connection from Appian to AWS S3 bucket. I have created a connected system with and without DNS endpoint, please refer to the attached screenshots. It throws an error with endpoint URL.
With the endpoint URL error is: "Failed to parse XML document with handler class com.amazonaws.services.s3.model.transform.XmlResponsesSaxParser$ListAllMyBucketsHandler".
When I am using these connected systems in an integration object then it behaves as following:
The AWS user used for connected system has the following policies:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::bucketARN", "arn:aws:s3:::bucketARN/*" ], "Condition": { "StringEquals": { "aws:sourceVpce": "vpce-01cxxxxxxx" } } } ] }
Bucket permissions are as follows:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::xxxxxx:user/arn" }, "Action": [ "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::bucketARN", "arn:aws:s3:::bucketARN/*" ], "Condition": { "StringEquals": { "aws:SourceVpce": "vpce-01cxxxxxxx" } } } ] }
Can anyone help me with the points I am missing here or if anyone has ever faced similar kind of issues?
Discussion posts and replies are publicly visible
Hi Harsh Kumar Agarwal I am also connecting to S3 via Privatelink to upload and download files.Can you share which Connected System Object you are using and the connection process?I can't find the same Connected System Object in the Designer tab.Thanks
You should connect with Appian Support with details mentioned in the below links depending on
https://docs.appian.com/suite/help/25.2/Access_Appian_Cloud_instance_using_AWS_PrivateLink.html#prerequisites (Inbound Access)
https://docs.appian.com/suite/help/25.2/Access_Customer_VPC_using_AWS_PrivateLink.html#prerequisites (Outbound Access)
Hi Meme02 ,I am using 'AWS S3 Bucket Management' plugin.
Harsha Sharma
Thanks.
I have successfully connected via PrivateLink but my problem now is uploading a file to S3 through it. I am not able to find a solution for the case of large files.
Are you getting any errors? What size files are you facing the problem in?
Generally for objects larger than 5 GB (the limit for a single PUT operation), you must use multipart upload. This process divides the large object into smaller parts, which are then uploaded concurrently. S3 then reassembles these parts into the complete object.
Hi Harsh Kumar Agarwal
I tried to connect and got the problem as shown in the image below. Please check for me what problem i am having.(Integration object outcome without Endpoint URL in connected system: SUCCESS)
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "My IAMuser arn " }, "Action": [ "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Resource": [ "S3 arn", "s3 arn/*" ], "Condition": { "StringEquals": { "aws:SourceVpce": "vpce ID" } } } ] }
sorry i misunderstood your reply. i am trying to connect and got the problem as shown in answer for Harsh Kumar Agarwal below. Please check for me what problem i am having. Thanks
This is a timeout error which can occur majorly due to permission or connectivity issues. Few things you can try-
Check the bucket policy and the lambda role that you have the correct access configuration
If the application has a configurable timeout for S3 operations, consider increasing it to allow for potential network latency.
Review the S3 bucket policy to ensure it doesn't implicitly or explicitly deny access from your VPC endpoint attempting the connection.
Analyze VPC Flow Logs to monitor traffic to the S3 endpoint IPs and identify any blocked or dropped connections.
Harsha Sharma thanks. Let me check again. However I have a question (sorry I am inexperienced). To be able to connect successfully, is it necessary to contact Appian Support to install anything on their aws environment side or just create endpoint on my own aws environment side.
As per documentation it is mentioned to connect to Appian Support for setup. But that doesn't involve the plugin mentioned earlier. So if you are using plugin and issues comes then better to check in plugin's App Market page or community else connect with Appian Support to discuss and enable the setup from server end. Hope it clarifies
Hi Meme02 ,
I will suggest to create bucket policy with wildcard (*), given all actions and resource permission. Also, I can see userARN is missing in your bucket policy.Try with wildcard first to setup connectivity and then work in reverse order to limit the permissions step by step.